Skip to content

Add Cargo sparse registry fix reference#8268

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8268from
cookesan:cargo-p688-fix-reference
Open

Add Cargo sparse registry fix reference#8268
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8268from
cookesan:cargo-p688-fix-reference

Conversation

@cookesan

Copy link
Copy Markdown

Adds the release-branch fix commit for rust-lang/cargo#17031 to GHSA-p688-r7jv-fm6f.

Evidence checked:

  • PR #17031 merged the Cargo fixes for CVE-2026-5222 and CVE-2026-5223.
  • Cargo tag 0.97.0 contains release-branch commit 3c51f26a26501ac51fd593db0d21f88719c65b1b.
  • That commit keeps .git suffix normalization scoped to git registries and adds sparse registry URL regression coverage.
  • The crates.io cargo 0.97.0 package is present, not yanked, and its archive contains the fixed canonical URL code and regression test.
@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8268 June 29, 2026 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant