tschneidereit opened issue #2913:
The Bytecode Alliance would like to announce the forthcoming release of Cranelift version
0.74.0 and Wasmtime 0.27.0.This release will be made available on 2020/05/21 at approximately 7:00 PM UTC at https://github.com/advisories
Cranelift 0.74.0 and Wasmtime 0.27.0 are security releases. The highest severity issue fixed in these releases is
CRITICAL, based on the classification scheme defined in the OpenSSL Security Policy.Note: an announcement about this upcoming release has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
tschneidereit labeled issue #2913:
The Bytecode Alliance would like to announce the forthcoming release of Cranelift version
0.74.0 and Wasmtime 0.27.0.This release will be made available on 2020/05/21 at approximately 7:00 PM UTC at https://github.com/advisories
Cranelift 0.74.0 and Wasmtime 0.27.0 are security releases. The highest severity issue fixed in these releases is
CRITICAL, based on the classification scheme defined in the OpenSSL Security Policy.Note: an announcement about this upcoming release has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
tschneidereit labeled issue #2913:
The Bytecode Alliance would like to announce the forthcoming release of Cranelift version
0.74.0 and Wasmtime 0.27.0.This release will be made available on 2020/05/21 at approximately 7:00 PM UTC at https://github.com/advisories
Cranelift 0.74.0 and Wasmtime 0.27.0 are security releases. The highest severity issue fixed in these releases is
CRITICAL, based on the classification scheme defined in the OpenSSL Security Policy.Note: an announcement about this upcoming release has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
tschneidereit labeled issue #2913:
The Bytecode Alliance would like to announce the forthcoming release of Cranelift version
0.74.0 and Wasmtime 0.27.0.This release will be made available on 2020/05/21 at approximately 7:00 PM UTC at https://github.com/advisories
Cranelift 0.74.0 and Wasmtime 0.27.0 are security releases. The highest severity issue fixed in these releases is
CRITICAL, based on the classification scheme defined in the OpenSSL Security Policy.Note: an announcement about this upcoming release has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
tschneidereit commented on issue #2913:
_(Update 21-May-2021)_ Security releases available
Cranelift versions 0.74.0 and 0.73.1, and Wasmtime 0.27.0 and 0.26.1 are now available on crates.io. Additionally, binary releases are available on Github for the Wasmtime C-API shared library and CLI for version 0.27.0, and version 0.26.1.
These releases fixing the following issue
Memory access due to code generation flaw in Cranelift module (Critical) (CVE-2021-32629)
This is a vulnerability in Cranelift which may be exploited through Cranelift embeddings, as described in our security advisory.
Impacts:
- Cranelift version 0.73.0 and Wasmtime version 0.26.0
Note: an announcement about these releases has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
tschneidereit commented on issue #2913:
Closing this issue as this has all long happened, and there's no further need for keeping it visible. For notifications about future security releases, please subscribe to the mailing list mentioned in the OP.
tschneidereit closed issue #2913:
The Bytecode Alliance would like to announce the forthcoming release of Cranelift version
0.74.0 and Wasmtime 0.27.0.This release will be made available on 2020/05/21 at approximately 7:00 PM UTC at https://github.com/advisories
Cranelift 0.74.0 and Wasmtime 0.27.0 are security releases. The highest severity issue fixed in these releases is
CRITICAL, based on the classification scheme defined in the OpenSSL Security Policy.Note: an announcement about this upcoming release has been sent to the Bytecode Alliance's sec-announce mailing list. Subscribe to that list to receive updates about future security releases.
Last updated: Dec 23 2024 at 12:05 UTC