suse-su-2023:3722-1
Vulnerability from csaf_suse
Published
2023-09-21 08:53
Modified
2023-09-21 08:53
Summary
Security update for rust, rust1.72
Notes
Title of the patch
Security update for rust, rust1.72
Description of the patch
This update for rust, rust1.72 fixes the following issues:
Changes in rust:
- Update to version 1.72.0 - for details see the rust1.72 package
Changes in rust1.72:
- CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)
Version 1.72.0 (2023-08-24)
==========================
Language
--------
- Replace const eval limit by a lint and add an exponential backoff warning
- expand: Change how `#![cfg(FALSE)]` behaves on crate root
- Stabilize inline asm for LoongArch64
- Uplift `clippy::undropped_manually_drops` lint
- Uplift `clippy::invalid_utf8_in_unchecked` lint
- Uplift `clippy::cast_ref_to_mut` lint
- Uplift `clippy::cmp_nan` lint
- resolve: Remove artificial import ambiguity errors
- Don't require associated types with Self: Sized bounds in `dyn Trait` objects
Compiler
--------
- Remember names of `cfg`-ed out items to mention them in diagnostics
- Support for native WASM exceptions
- Add support for NetBSD/aarch64-be (big-endian arm64).
- Write to stdout if `-` is given as output file
- Force all native libraries to be statically linked when linking a static binary
- Add Tier 3 support for `loongarch64-unknown-none*`
- Prevent `.eh_frame` from being emitted for `-C panic=abort`
- Support 128-bit enum variant in debuginfo codegen
- compiler: update solaris/illumos to enable tsan support.
Refer to Rust's platform support page for more information on Rust's tiered platform support.
Libraries
---------
- Document memory orderings of `thread::{park, unpark}`
- io: soften ‘at most one write attempt’ requirement in io::Write::write
- Specify behavior of HashSet::insert
- Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>`
- Update runtime guarantee for `select_nth_unstable`
- Return `Ok` on kill if process has already exited
- Implement PartialOrd for `Vec`s over different allocators
- Use 128 bits for TypeId hash
- Don't drain-on-drop in DrainFilter impls of various collections.
- Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata
Rustdoc
-------
- Allow whitespace as path separator like double colon
- Add search result item types after their name
- Search for slices and arrays by type with `[]`
- Clean up type unification and 'unboxing'
Stabilized APIs
---------------
- `impl<T: Send> Sync for mpsc::Sender<T>`
- `impl TryFrom<&OsStr> for &str`
- `String::leak`
These APIs are now stable in const contexts:
- `CStr::from_bytes_with_nul`
- `CStr::to_bytes`
- `CStr::to_bytes_with_nul`
- `CStr::to_str`
Cargo
-----
- Enable `-Zdoctest-in-workspace` by default. When running each documentation
test, the working directory is set to the root directory of the package the
test belongs to.
- Add support of the 'default' keyword to reset previously set `build.jobs`
parallelism back to the default.
Compatibility Notes
-------------------
- Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses
- Cargo changed feature name validation check to a hard error. The warning was
added in Rust 1.49. These extended characters aren't allowed on crates.io, so
this should only impact users of other registries, or people who don't publish
to a registry.
Patchnames
SUSE-2023-3722,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3722,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3722,openSUSE-SLE-15.4-2023-3722,openSUSE-SLE-15.5-2023-3722
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust, rust1.72",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust, rust1.72 fixes the following issues:\n\nChanges in rust:\n\n- Update to version 1.72.0 - for details see the rust1.72 package\n\nChanges in rust1.72:\n\n- CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)\n\n\nVersion 1.72.0 (2023-08-24)\n==========================\n\nLanguage\n--------\n\n- Replace const eval limit by a lint and add an exponential backoff warning\n- expand: Change how `#![cfg(FALSE)]` behaves on crate root\n- Stabilize inline asm for LoongArch64\n- Uplift `clippy::undropped_manually_drops` lint\n- Uplift `clippy::invalid_utf8_in_unchecked` lint\n- Uplift `clippy::cast_ref_to_mut` lint\n- Uplift `clippy::cmp_nan` lint\n- resolve: Remove artificial import ambiguity errors\n- Don\u0027t require associated types with Self: Sized bounds in `dyn Trait` objects\n\nCompiler\n--------\n\n- Remember names of `cfg`-ed out items to mention them in diagnostics\n- Support for native WASM exceptions\n- Add support for NetBSD/aarch64-be (big-endian arm64).\n- Write to stdout if `-` is given as output file\n- Force all native libraries to be statically linked when linking a static binary\n- Add Tier 3 support for `loongarch64-unknown-none*`\n- Prevent `.eh_frame` from being emitted for `-C panic=abort`\n- Support 128-bit enum variant in debuginfo codegen\n- compiler: update solaris/illumos to enable tsan support.\n\nRefer to Rust\u0027s platform support page for more information on Rust\u0027s tiered platform support.\n\nLibraries\n---------\n\n- Document memory orderings of `thread::{park, unpark}`\n- io: soften \u2018at most one write attempt\u2019 requirement in io::Write::write\n- Specify behavior of HashSet::insert\n- Relax implicit `T: Sized` bounds on `BufReader\u003cT\u003e`, `BufWriter\u003cT\u003e` and `LineWriter\u003cT\u003e`\n- Update runtime guarantee for `select_nth_unstable`\n- Return `Ok` on kill if process has already exited\n- Implement PartialOrd for `Vec`s over different allocators\n- Use 128 bits for TypeId hash\n- Don\u0027t drain-on-drop in DrainFilter impls of various collections.\n- Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata\n\nRustdoc\n-------\n\n- Allow whitespace as path separator like double colon\n- Add search result item types after their name\n- Search for slices and arrays by type with `[]`\n- Clean up type unification and \u0027unboxing\u0027\n\nStabilized APIs\n---------------\n\n- `impl\u003cT: Send\u003e Sync for mpsc::Sender\u003cT\u003e`\n- `impl TryFrom\u003c\u0026OsStr\u003e for \u0026str`\n- `String::leak`\n\nThese APIs are now stable in const contexts:\n\n- `CStr::from_bytes_with_nul`\n- `CStr::to_bytes`\n- `CStr::to_bytes_with_nul`\n- `CStr::to_str`\n\nCargo\n-----\n\n- Enable `-Zdoctest-in-workspace` by default. When running each documentation\n test, the working directory is set to the root directory of the package the\n test belongs to.\n- Add support of the \u0027default\u0027 keyword to reset previously set `build.jobs`\n parallelism back to the default.\n\nCompatibility Notes\n-------------------\n\n- Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses\n- Cargo changed feature name validation check to a hard error. The warning was\n added in Rust 1.49. These extended characters aren\u0027t allowed on crates.io, so\n this should only impact users of other registries, or people who don\u0027t publish\n to a registry.\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3722,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3722,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3722,openSUSE-SLE-15.4-2023-3722,openSUSE-SLE-15.5-2023-3722",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3722-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3722-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233722-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3722-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031626.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214689",
"url": "https://bugzilla.suse.com/1214689"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40030 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40030/"
}
],
"title": "Security update for rust, rust1.72",
"tracking": {
"current_release_date": "2023-09-21T08:53:26Z",
"generator": {
"date": "2023-09-21T08:53:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3722-1",
"initial_release_date": "2023-09-21T08:53:26Z",
"revision_history": [
{
"date": "2023-09-21T08:53:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-1.72.0-150400.24.24.1.aarch64",
"product": {
"name": "cargo-1.72.0-150400.24.24.1.aarch64",
"product_id": "cargo-1.72.0-150400.24.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"product": {
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"product_id": "cargo1.72-1.72.0-150400.9.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-1.72.0-150400.24.24.1.aarch64",
"product": {
"name": "rust-1.72.0-150400.24.24.1.aarch64",
"product_id": "rust-1.72.0-150400.24.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"product": {
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"product_id": "rust1.72-1.72.0-150400.9.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-1.72.0-150400.24.24.1.i586",
"product": {
"name": "cargo-1.72.0-150400.24.24.1.i586",
"product_id": "cargo-1.72.0-150400.24.24.1.i586"
}
},
{
"category": "product_version",
"name": "cargo1.72-1.72.0-150400.9.3.1.i586",
"product": {
"name": "cargo1.72-1.72.0-150400.9.3.1.i586",
"product_id": "cargo1.72-1.72.0-150400.9.3.1.i586"
}
},
{
"category": "product_version",
"name": "rust-1.72.0-150400.24.24.1.i586",
"product": {
"name": "rust-1.72.0-150400.24.24.1.i586",
"product_id": "rust-1.72.0-150400.24.24.1.i586"
}
},
{
"category": "product_version",
"name": "rust1.72-1.72.0-150400.9.3.1.i586",
"product": {
"name": "rust1.72-1.72.0-150400.9.3.1.i586",
"product_id": "rust1.72-1.72.0-150400.9.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-1.72.0-150400.24.24.1.ppc64le",
"product": {
"name": "cargo-1.72.0-150400.24.24.1.ppc64le",
"product_id": "cargo-1.72.0-150400.24.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"product": {
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"product_id": "cargo1.72-1.72.0-150400.9.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-1.72.0-150400.24.24.1.ppc64le",
"product": {
"name": "rust-1.72.0-150400.24.24.1.ppc64le",
"product_id": "rust-1.72.0-150400.24.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"product": {
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"product_id": "rust1.72-1.72.0-150400.9.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-1.72.0-150400.24.24.1.s390x",
"product": {
"name": "cargo-1.72.0-150400.24.24.1.s390x",
"product_id": "cargo-1.72.0-150400.24.24.1.s390x"
}
},
{
"category": "product_version",
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"product": {
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"product_id": "cargo1.72-1.72.0-150400.9.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-1.72.0-150400.24.24.1.s390x",
"product": {
"name": "rust-1.72.0-150400.24.24.1.s390x",
"product_id": "rust-1.72.0-150400.24.24.1.s390x"
}
},
{
"category": "product_version",
"name": "rust1.72-1.72.0-150400.9.3.1.s390x",
"product": {
"name": "rust1.72-1.72.0-150400.9.3.1.s390x",
"product_id": "rust1.72-1.72.0-150400.9.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-1.72.0-150400.24.24.1.x86_64",
"product": {
"name": "cargo-1.72.0-150400.24.24.1.x86_64",
"product_id": "cargo-1.72.0-150400.24.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"product": {
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"product_id": "cargo1.72-1.72.0-150400.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-1.72.0-150400.24.24.1.x86_64",
"product": {
"name": "rust-1.72.0-150400.24.24.1.x86_64",
"product_id": "rust-1.72.0-150400.24.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"product": {
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"product_id": "rust1.72-1.72.0-150400.9.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "rust-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "rust-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "rust-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "rust-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "rust-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "rust-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-1.72.0-150400.24.24.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "cargo-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo1.72-1.72.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "cargo1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.aarch64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.ppc64le"
},
"product_reference": "rust-1.72.0-150400.24.24.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.s390x"
},
"product_reference": "rust-1.72.0-150400.24.24.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-1.72.0-150400.24.24.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.x86_64"
},
"product_reference": "rust-1.72.0-150400.24.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.aarch64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.ppc64le"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.s390x"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust1.72-1.72.0-150400.9.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.x86_64"
},
"product_reference": "rust1.72-1.72.0-150400.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40030"
}
],
"notes": [
{
"category": "general",
"text": "Cargo downloads a Rust project\u0027s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected.\n\nRust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [\"\u003cimg src=\u0027\u0027 onerror=alert(0)\"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor.\n\nThis issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40030",
"url": "https://www.suse.com/security/cve/CVE-2023-40030"
},
{
"category": "external",
"summary": "SUSE Bug 1214689 for CVE-2023-40030",
"url": "https://bugzilla.suse.com/1214689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust-1.72.0-150400.24.24.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.4:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.4:rust1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:cargo-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:cargo1.72-1.72.0-150400.9.3.1.x86_64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.aarch64",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.ppc64le",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.s390x",
"openSUSE Leap 15.5:rust-1.72.0-150400.24.24.1.x86_64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.aarch64",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.ppc64le",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.s390x",
"openSUSE Leap 15.5:rust1.72-1.72.0-150400.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-21T08:53:26Z",
"details": "moderate"
}
],
"title": "CVE-2023-40030"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…