Monthly Archive: December 2020

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0072.html

An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0070.html

An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0070.html

An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0070.html

An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0070.html

An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0070.html

An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0068.html

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0062.html

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0061.html

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0060.html

An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0059.html

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. Date published : 2020-12-31...

An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0050.html

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0049.html