Skip to content

Commit

Permalink
doc(changelog): mention CVE fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
weihanglo committed Sep 19, 2022
1 parent 73ba3f3 commit 11d3c59
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,15 @@
[#10784](https://github.com/rust-lang/cargo/pull/10784)

### Fixed

- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
Extracting malicious crates can corrupt arbitrary files.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
Extracting malicious crates can fill the file system.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
- The `os` output in `cargo --version --verbose` now supports more platforms.
[#10802](https://github.com/rust-lang/cargo/pull/10802)
- Cached git checkouts will now be rebuilt if they are corrupted. This may
Expand Down

0 comments on commit 11d3c59

Please sign in to comment.