Edward O'Callaghan submitted this change.
util/flashrom_tester: Update sys-info crate to version 0.9
An issue was discovered in the sys-info crate before 0.8.0 for Rust.
sys_info::disk_info calls can trigger a double free. To prevent any
potential problems, update this crate to version 0.9 (as of writing,
sys-info version 0.9.1 is the latest).
Refer to CVE-2020-36434 for more details about the sys-info crate bug.
TEST=Run `cargo build` in `util/flashrom_tester`, it still works fine.
Change-Id: I3b6b21e830ff3107860f7bcbfe2d58b29efe0c12
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/63975
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-by: Peter Marheine <pmarheine@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>
Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
M util/flashrom_tester/Cargo.toml
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/flashrom_tester/Cargo.toml b/util/flashrom_tester/Cargo.toml
index e7a5820..8956b92 100644
--- a/util/flashrom_tester/Cargo.toml
+++ b/util/flashrom_tester/Cargo.toml
@@ -22,7 +22,7 @@
log = { version = "0.4", features = ["std"] }
rand = "0.6.4"
serde_json = "1"
-sys-info = "0.5.7"
+sys-info = "0.9"
[build-dependencies]
built = { version = "0.3", default-features = false, features = ["serialized_time", "serialized_version"] }
To view, visit change 63975. To unsubscribe, or for help writing mail filters, visit settings.