Rollup merge of #155171 - cuviper:musl-cves, r=Mark-Simulacrum
Patch musl's CVE-2026-6042 and CVE-2026-40200 - [CVE-2026-6042] is a denial of service in `iconv`. - [CVE-2026-40200] is an out-of-bounds write in `qsort`. Neither is relevant to Rust itself, but they could be used in mixed-language projects that link with our `self-contained/libc.a`. [CVE-2026-6042]: https://www.openwall.com/lists/oss-security/2026/04/09/19 [CVE-2026-40200]: https://www.openwall.com/lists/musl/2026/04/10/3
M
Matthias Krüger committed
8bd29964c063f7ba355c24a6316423f97ac127f4
Committed by GitHub <noreply@github.com>
on 4/12/2026, 6:15:46 AM