Rust: News

Rust: News Mr_Figtree • 1y ago • 100%

Security advisory for Cargo (CVE-2023-38497) | Rust Blog

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

Rust: News mjw • 1y ago • 100%

RFC3355 "Start working on a Rust specification" accepted

The Foundation is planning to hire a technical editor / project manager for somewhere between 6 and 9 months.