Back to bug 2228038
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2023-08-01 07:58:46 UTC | CC | security-response-team | |
| Marian Rehak | 2023-08-01 13:37:14 UTC | Depends On | 2228140, 2228139, 2228134, 2228135, 2228137, 2228136, 2228138, 2228133, 2228132, 2228141 | |
| Tom Stellard | 2023-08-01 14:16:07 UTC | Flags | needinfo?(mrehak) | |
| Tom Stellard | 2023-08-01 14:16:22 UTC | Assignee | nobody | tstellar |
| Marian Rehak | 2023-08-02 13:56:02 UTC | Flags | needinfo?(mrehak) | |
| Marian Rehak | 2023-08-04 11:00:05 UTC | Doc Text | A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the extracted source code, potentially executing arbitrary code with the privileges of the user running Cargo during the next build. | |
| Marian Rehak | 2023-08-04 11:00:47 UTC | Deadline | 2023-08-03 | |
| Group | security, qe_staff | |||
| Summary | EMBARGOED CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies | CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies | ||
| Marian Rehak | 2023-08-04 11:01:25 UTC | Depends On | 2229141, 2229138, 2229139, 2229140 | |
| errata-xmlrpc | 2023-08-14 14:17:35 UTC | Link ID | Red Hat Product Errata RHSA-2023:4634 | |
| errata-xmlrpc | 2023-08-14 14:29:40 UTC | Link ID | Red Hat Product Errata RHSA-2023:4635 | |
| errata-xmlrpc | 2023-08-15 00:10:33 UTC | Link ID | Red Hat Product Errata RHSA-2023:4651 | |
| Product Security DevOps Team | 2023-08-15 04:20:08 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-15 04:20:08 UTC |
Back to bug 2228038