[Git][security-tracker-team/security-tracker][master] various rust-coreutils issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 1 11:54:54 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa6f8b91 by Moritz Muehlenhoff at 2026-06-01T12:54:03+02:00
various rust-coreutils issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25188,15 +25188,18 @@ CVE-2026-35369 (An argument parsing error in the kill utility of uutils coreutil
NOTE: https://github.com/uutils/coreutils/pull/9700
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/cae94028afcfa19b78dfc1072d1a22d8b2c6ca38 (0.6.0)
CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils coreutils when ...)
- - rust-coreutils <unfixed> (bug #1136198)
+ - rust-coreutils 0.9.0-1 (bug #1136198)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10327
+ NOTE: https://github.com/uutils/coreutils/pull/11211
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/f33bfb9321e5ebef0ef703aa6bfc8ee95bd21e1f (0.9.0)
CVE-2026-35367 (The nohup utility in uutils coreutils creates its default output file, ...)
- - rust-coreutils <unfixed> (bug #1136046)
+ - rust-coreutils 0.9.0-1 (bug #1136046)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10021
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/acd51ef18d90e5c26f694df721f896fa1c4a9edc (0.9.0)
CVE-2026-35366 (The printenv utility in uutils coreutils fails to display environment ...)
- rust-coreutils 0.6.0-1
[trixie] - rust-coreutils <no-dsa> (Minor issue)
@@ -25211,10 +25214,14 @@ CVE-2026-35365 (The mv utility in uutils coreutils improperly handles directory
NOTE: https://github.com/uutils/coreutils/pull/10546
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/9654e4abaf24449ef2279e9a16963edb5c8b8fef (0.7.0-1)
CVE-2026-35364 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...)
- - rust-coreutils <unfixed> (bug #1136045)
+ - rust-coreutils 0.9.0-1 (bug #1136045)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10015
+ NOTE: https://github.com/uutils/coreutils/pull/12170
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/515d74b995d5c2354f17dbc65ed9c884b393be1a (0.9.0)
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/54877ac475fa24b8f4b73cb4e6e286f9e7ab45f0 (0.9.0)
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/aa30c103004463ffe7b8a98ca0ce519d56bbbd41 (0.9.0)
CVE-2026-35363 (A vulnerability in the rm utility of uutils coreutils allows the bypas ...)
- rust-coreutils 0.8.0-1 (bug #1134876)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
@@ -25267,10 +25274,11 @@ CVE-2026-35355 (The install utility in uutils coreutils is vulnerable to a Time-
NOTE: https://github.com/uutils/coreutils/pull/10067
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/b5bbabc18a1121908848d836f869a4e98eb63886 (0.6.0)
CVE-2026-35354 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv ...)
- - rust-coreutils <unfixed> (bug #1136043)
+ - rust-coreutils 0.9.0-1 (bug #1136043)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10014
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/54877ac475fa24b8f4b73cb4e6e286f9e7ab45f0 (0.9.0)
CVE-2026-35353 (The mkdir utility in uutils coreutils incorrectly applies permissions ...)
- rust-coreutils 0.6.0-1
[trixie] - rust-coreutils <no-dsa> (Minor issue)
@@ -25283,12 +25291,12 @@ CVE-2026-35352 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10020
CVE-2026-35351 (The mv utility in uutils coreutils fails to preserve file ownership du ...)
- - rust-coreutils <unfixed> (bug #1136041)
+ - rust-coreutils 0.9.0-1 (bug #1136041)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9714
NOTE: https://github.com/uutils/coreutils/pull/11706
- NOTE: Fixed by: https://github.com/uutils/coreutils/commit/874efa7cc3361cb5af2a97db869147f910bcab44
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/874efa7cc3361cb5af2a97db869147f910bcab44 (0.9.0)
CVE-2026-35350 (The cp utility in uutils coreutils fails to properly handle setuid and ...)
- rust-coreutils 0.8.0-1 (bug #1134876)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6f8b9109d9cea385bc7d8f97e5c5ba46e4a659
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa6f8b9109d9cea385bc7d8f97e5c5ba46e4a659
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/fd318e9d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list