In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since 25.10. Most of them came out of an external audit commissioned ahead of the 26.04 LTS.
I read through the list and thought th…
The usual handling in Rust afterwards is in most cases log one error or return to upstream “there was an error”. In some rare cases all errors returned as a single case.
Both of these first are bad for i18n and finding what’s really happened in the middle.
In that for, all error messages have been lost. If to add such output “for” is the most elegant solution.
No they’re in the resulting iterator
The usual handling in Rust afterwards is in most cases log one error or return to upstream “there was an error”. In some rare cases all errors returned as a single case.
Both of these first are bad for i18n and finding what’s really happened in the middle.