Skip to content

Commit

Permalink
doc(changelog): mention CVE fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@weihanglo
weihanglo committed Sep 17, 2022
1 parent 362ce33 commit 0a6b5ef
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,15 @@
## Cargo 1.64 (2022-09-22)
[a5e08c47...rust-1.64.0](https://github.com/rust-lang/cargo/compare/a5e08c47...rust-1.64.0)

### ⚠️ Fixes of security vulnerabilities

- [CVE-2022-36113: Extracting malicious crates can corrupt arbitrary files](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j)
- [CVE-2022-36114: Extracting malicious crates can fill the file system](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp)

For more information, please read
["Security advisories for Cargo (CVE-2022-36113, CVE-2022-36114)"](https://blog.rust-lang.org/2022/09/14/cargo-cves.html)
on the official Rust blog.

### Added

- 🎉 Packages can now inherit settings from the workspace so that the settings
Expand Down

0 comments on commit 0a6b5ef

Please sign in to comment.