Path to this page:
Subject: CVS commit: pkgsrc/shells/nushell
From: pin
Date: 2024-04-11 16:15:12
Message id: 20240411141512.4AF4CFA2C@cvs.NetBSD.org
Log Message:
shells/nushell: update to 0.92.2
This is the 0.92.2 patch release of Nushell.
This hot-fix addresses a security concern with how arguments are passed to
external commands on Windows.
The underlying vulnerability was found in the interaction of the Rust standard
library we use and the Windows command invocation logic and documented as
CVE-2024-24576
To address this concern, we update the version of the Rust compiler and
standard library used to build Nushell to the latest stable version (1.77.2).
Note: Distributors of Nushell need to upgrade their Rust toolchain to provide
a patched Nushell build.
pkgsrc note: As CVE-2024-24576 only affects Windows, we are patching away the
requirement for MSRV 1.72.2 back to 1.75.0
Files: