From 338f097760fe893441598b873386fb98d4d7c62c Mon Sep 17 00:00:00 2001 From: Shnatsel Date: Sat, 31 Oct 2020 13:12:22 +0000 Subject: [PATCH] Assigned RUSTSEC-2020-0060 to futures-task --- ...TSEC-0000-0000.md => RUSTSEC-2020-0060.md} | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) rename crates/futures-task/{RUSTSEC-0000-0000.md => RUSTSEC-2020-0060.md} (94%) diff --git a/crates/futures-task/RUSTSEC-0000-0000.md b/crates/futures-task/RUSTSEC-2020-0060.md similarity index 94% rename from crates/futures-task/RUSTSEC-0000-0000.md rename to crates/futures-task/RUSTSEC-2020-0060.md index 83434fd..e92c847 100644 --- a/crates/futures-task/RUSTSEC-0000-0000.md +++ b/crates/futures-task/RUSTSEC-2020-0060.md @@ -1,23 +1,23 @@ -```toml -[advisory] -id = "RUSTSEC-0000-0000" -package = "futures-task" -date = "2020-09-04" -url = "https://github.com/rust-lang/futures-rs/pull/2206" -categories = ["code-execution", "memory-corruption"] -keywords = ["use-after-free", "arbitrary code execution", "memory-corruption", "memory-management"] - -[versions] -patched = [">= 0.3.6"] -unaffected = ["<= 0.2.1"] - -[affected] -functions = { "futures_task::waker" = [">= 0.3.0"] } -``` - -# futures_task::waker may cause a use-after-free if used on a type that isn't 'static - -Affected versions of the crate did not properly implement a `'static` lifetime bound on the `waker` function. -This resulted in a use-after-free if `Waker::wake()` is called after original data had been dropped. - -The flaw was corrected by adding `'static` lifetime bound to the data `waker` takes. +```toml +[advisory] +id = "RUSTSEC-2020-0060" +package = "futures-task" +date = "2020-09-04" +url = "https://github.com/rust-lang/futures-rs/pull/2206" +categories = ["code-execution", "memory-corruption"] +keywords = ["use-after-free", "arbitrary code execution", "memory-corruption", "memory-management"] + +[versions] +patched = [">= 0.3.6"] +unaffected = ["<= 0.2.1"] + +[affected] +functions = { "futures_task::waker" = [">= 0.3.0"] } +``` + +# futures_task::waker may cause a use-after-free if used on a type that isn't 'static + +Affected versions of the crate did not properly implement a `'static` lifetime bound on the `waker` function. +This resulted in a use-after-free if `Waker::wake()` is called after original data had been dropped. + +The flaw was corrected by adding `'static` lifetime bound to the data `waker` takes.