[Pkg-rust-maintainers] Bug#976867: Bug#976867: RUSTSEC-2020-0077: memmap: memmap is unmaintained
Moritz Mühlenhoff
jmm at inutil.org
Tue Dec 8 20:59:00 GMT 2020
On Tue, Dec 08, 2020 at 09:10:22PM +0100, Sylvestre Ledru wrote:
> Could you please explain why you set the severity as important?
> AFAIK, there isn't a security exploit. Not in the binary shipping in Debian either.
It was important enough to get published with the RUSTSEC advisory flow.
> The fact that it is unmaintained upstream isn't a blocker on the Debian side AFAIK.
Is anyone in the Rust maintainers able/willing to step in with an upstream fix
in case there's a security issue in rust-memmap occurs? If so, feel free to close
it. Otherwise work towards adapting reverse dependencies to the alternatives
listed in https://rustsec.org/advisories/RUSTSEC-2020-0077.html
Cheers,
Moritz
More information about the Pkg-rust-maintainers
mailing list