Edward O'Callaghan has submitted this change. ( https://review.coreboot.org/c/flashrom/+/63975 )
Change subject: util/flashrom_tester: Update sys-info crate to version 0.9 ......................................................................
util/flashrom_tester: Update sys-info crate to version 0.9
An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. To prevent any potential problems, update this crate to version 0.9 (as of writing, sys-info version 0.9.1 is the latest).
Refer to CVE-2020-36434 for more details about the sys-info crate bug.
TEST=Run `cargo build` in `util/flashrom_tester`, it still works fine.
Change-Id: I3b6b21e830ff3107860f7bcbfe2d58b29efe0c12 Signed-off-by: Angel Pons th3fanbus@gmail.com Reviewed-on: https://review.coreboot.org/c/flashrom/+/63975 Reviewed-by: Edward O'Callaghan quasisec@chromium.org Reviewed-by: Anastasia Klimchuk aklm@chromium.org Reviewed-by: Peter Marheine pmarheine@chromium.org Reviewed-by: Jack Rosenthal jrosenth@chromium.org Reviewed-by: Tim Wawrzynczak twawrzynczak@chromium.org Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M util/flashrom_tester/Cargo.toml 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Tim Wawrzynczak: Looks good to me, approved Edward O'Callaghan: Looks good to me, approved Jack Rosenthal: Looks good to me, but someone else must approve Peter Marheine: Looks good to me, but someone else must approve Anastasia Klimchuk: Looks good to me, but someone else must approve
diff --git a/util/flashrom_tester/Cargo.toml b/util/flashrom_tester/Cargo.toml index e7a5820..8956b92 100644 --- a/util/flashrom_tester/Cargo.toml +++ b/util/flashrom_tester/Cargo.toml @@ -22,7 +22,7 @@ log = { version = "0.4", features = ["std"] } rand = "0.6.4" serde_json = "1" -sys-info = "0.5.7" +sys-info = "0.9"
[build-dependencies] built = { version = "0.3", default-features = false, features = ["serialized_time", "serialized_version"] }