CVE fix

[up2wing]

Summary

Address five Dependabot security alerts reported against this repository.
All fixes are dependency-only (no business logic changes); each commit is
independently buildable via make shim to keep git bisect clean.

Alerts Fixed

Commit	Component	Advisory	Action
ee9b9c4	(multi)	CVE-2026-25727	bump time 0.3.36 → 0.3.47
1725951	hypervisor	CVE-2023-50711 / GHSA-875g-mfp6-g7f9	bump vmm-sys-util in rate_limiter 0.11.1 → 0.12.1
a004cc4	hypervisor + shim	CVE-2026-25541 / GHSA-434x-w66g-qw3r / RUSTSEC-2026-0007	bump bytes to 1.11.1 (transitive)
d195743	agent	CVE-2026-25541	bump bytes to 1.11.1 (transitive)
70ffc5c	hypervisor + shim	GHSA-g98v-hv3f-hcfr	bump env_logger to 0.10.2, dropping unmaintained atty

Notes on Commit Layout

• bytes and env_logger updates touch both hypervisor/Cargo.lock and
  CubeShim/Cargo.lock in a single commit, because CubeShim links
  hypervisor via a path dependency and make shim --locked requires
  both lockfiles to stay in sync. The agent workspace is independent and
  is upgraded in its own commit.
• No Cargo.toml change for bytes (transitive dep, lockfile only).
• env_logger upgrade also removes atty from the dependency graph for
  the hypervisor and shim builds; the codebase only uses
  env_logger::init() / try_init() which are stable across 0.8 → 0.10.

Verification

• make shim passes for every commit in this PR (verified via
  git checkout <SHA> && make shim for each).
• No Cargo.toml API consumers need to change; cargo build --release --locked succeeds end-to-end.

Checklist

• All commits include Signed-off-by (DCO).
• All commits include Assisted-by: CodeBuddy:Claude-Opus-4.7 per
  AGENTS.md.
• No business logic / source code changes.

[kinwin-ustc]

/cubebot review

[github-actions]

Claude finished @kinwin-ustc's task in 1m 29s —— View job

---

Review of PR #267 — CVE Fix

I've reviewed all 5 commits. Overall this is a clean, well-structured security patch PR. Detailed findings below.

Summary

Aspect	Verdict
Bug count	0 — no logic changes to introduce bugs
Security	Correctly addresses 5 advisories
Commit hygiene	Excellent — each commit independently buildable
Documentation	Accurate error-free commit messages
AGENTS.md compliance	✅ Assisted-by present, human Signed-off-by correct

Per-Commit Review

1. ee9b9c4 — time 0.3.41 → 0.3.47 ✅

• Bumps agent/Cargo.toml from 0.3.41 to 0.3.47 to fix CVE-2026-25727 (stack-exhaustion DoS via RFC 2822 input).
• Lockfile pull-through: num-conv 0.2.1, serde 1.0.228, serde_core, deranged 0.5.x, syn 2.0.87 — all expected SemVer-compatible transitive updates for time 0.3.47.
• Note: The agent source code uses std::time exclusively (via use std::time;), not the time crate directly. The explicit Cargo.toml dependency pins time for its transitive consumers. This is correct.

2. 1725951 — vmm-sys-util 0.11.1 → workspace = true ✅

• Changes rate_limiter/Cargo.toml from a standalone "0.11.1" pin to { workspace = true }.
• The workspace pins vmm-sys-util at 0.12.1, which is the fixed version for CVE-2023-50711 (OOB read in FamStructWrapper::deserialize).
• Removes vmm-sys-util 0.11.2 from the lockfile entirely — clean deduplication.
• Fix this → (informational — no issues found)

3. a004cc4 — bytes 1.9.0/1.10.1 → 1.11.1 (hypervisor + CubeShim) ✅

• Lockfile-only change. bytes 1.11.1 fixes CVE-2026-25541 (integer wraparound in BytesMut::reserve).
• Multiple consumers updated: h2, http-body, hyper, prost, tokio, tonic, tokio-util.
• CubeShim and hypervisor lockfiles coordinated correctly — make shim --locked will succeed.

4. d195743 — bytes 1.11.0 → 1.11.1 (agent) ✅

• Lockfile-only change in both agent/Cargo.lock and agent/libs/Cargo.lock.
• Note: The agent was on 1.11.0 which is still within the vulnerable range (< 1.11.1), so this fix is necessary.
• Multiple consumers updated: netlink-packet-core, netlink-packet-route, prost, tokio.

5. 70ffc5c — env_logger 0.8.4/0.9.3 → 0.10.2 ✅

• Bumps all 4 hypervisor crates that pin env_logger to a single 0.10.2 version.
• Removes atty 0.2.14 (and hermit-abi 0.1.19) from both hypervisor and CubeShim dependency graphs.
• Verified: codebase uses only env_logger::init() and env_logger::try_init() — both stable across the 0.8 → 0.10 boundary.
• The PR honestly notes that the agent workspace retains atty via clap 3.0.1 (out of scope here).

Additional Observations

• No AGENTS.md violation found: Assisted-by: CodeBuddy:Claude-Opus-4.7 follows the required AGENT_NAME:MODEL_VERSION format. Human Signed-off-by: Yi Wang <foxywang@tencent.com> is present on every commit per the DCO policy.
• DCO compliance: All 5 commits are Signed-off-by.
• No business logic changes: All 10 changed files are either Cargo.toml version bumps or Cargo.lock auto-updates.

Verdict

Approved. This PR correctly fixes 5 distinct security advisories with no regression risk. The commit organization (one CVE per commit, coordinated lockfile updates for dependent workspaces, clear messages) makes this an exemplar security patch PR.