{"id":"MGASA-2018-0318","summary":"Updated rust packages fix security vulnerability","details":"\n The Rust Programming Language rustdoc version before version 1.27.0 contains\n a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins\n that can result in local code execution as a different user. This attack\n appear to be exploitable via using the --plugin flag without the --plugin-path \n flag. This vulnerability has been fixed in 1.27.1 (CVE-2018-1000622).\n\n This update also fixes a bug in the borrow checker verification of match\n expressions.\n","modified":"2026-04-16T06:23:25.447470593Z","published":"2018-07-23T22:27:34Z","upstream":["CVE-2018-1000622"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0318.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23328"},{"type":"ADVISORY","url":"https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html"},{"type":"WEB","url":"https://blog.rust-lang.org/2018/07/10/Rust-1.27.1.html"}],"affected":[{"package":{"name":"rust","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rust?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.27.1-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0318.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}