The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.
Hello again from the Rust Leadership Council. In our first blog post, we laid out several immediate goals for the council and promised to report back on their progress. It has been about a month since our first update so we wanted to share how it's going and what we're working on now.
The Rust team is happy to announce a new version of Rust, 1.71.0. Rust is a programming language empowering everyone to build reliable and efficient software....
Over the last several years, I’ve rewritten Rust’s regex crate to enable better internal composition, and to make it easier to add optimizations while maintaining correctness. In the course of this rewrite I created a new crate, regex-automata, which exposes much of the regex crate internals as their own APIs for others to...
This Week in Rust 506 (this-week-in-rust.org)
Security advisory for Cargo (CVE-2023-38497) | Rust Blog (blog.rust-lang.org)
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.
#106 GUADEC 2023 · This Week in GNOME (thisweek.gnome.org)
Update on what happened across the GNOME project in the week from July 21 to July 28.
This Week in Rust 505 (this-week-in-rust.org)
July 2023 Leadership Council Update | Inside Rust Blog (blog.rust-lang.org)
Hello again from the Rust Leadership Council. In our first blog post, we laid out several immediate goals for the council and promised to report back on their progress. It has been about a month since our first update so we wanted to share how it's going and what we're working on now.
#105 Legendary Saturday Edition · This Week in GNOME (thisweek.gnome.org)
Update on what happened across the GNOME project in the week from July 15 to July 22.
This Week in Rust 504 (this-week-in-rust.org)
Announcing Rust 1.71.0 | Rust Blog (blog.rust-lang.org)
The Rust team is happy to announce a new version of Rust, 1.71.0. Rust is a programming language empowering everyone to build reliable and efficient software....
This Week in Rust 503 (this-week-in-rust.org)
Bevy 0.11 (bevyengine.org)
Bevy is a refreshingly simple data-driven game engine built in Rust. It is free and open-source forever!...
Fedora Project on Mastodon clarifies some things about the telemetry proposal (fosstodon.org)
Yesterday a change proposal for Fedora 40 was made in Fedora Discussion....
#103 Flowing Information · This Week in GNOME (thisweek.gnome.org)
Update on what happened across the GNOME project in the week from June 30 to July 07.
Contribute at the Fedora Linux Test Week for Kernel 6.4 - Fedora Magazine (fedoramagazine.org)
Invitation to the kernel v6.4 testing week for Fedora Linux July 9-16
Two new Linux desktops, one with deep roots, come to Debian [Lomiri and GSDE] (www.theregister.com)
One's a bit raw and touchy, but the other is vintage stuff, brought up to date
This Week in Rust 502 (this-week-in-rust.org)
Regex engine internals as a library - Andrew Gallant's Blog (blog.burntsushi.net)
Over the last several years, I’ve rewritten Rust’s regex crate to enable better internal composition, and to make it easier to add optimizations while maintaining correctness. In the course of this rewrite I created a new crate, regex-automata, which exposes much of the regex crate internals as their own APIs for others to...