[Pkg-rust-maintainers] Bug#1060861: RUSTSEC-2023-0078
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 15 20:10:57 GMT 2024
Hi Moritz,
On Mon, Jan 15, 2024 at 08:49:04PM +0100, Moritz Muehlenhoff wrote:
> Source: rust-tracing
> Version: 0.1.37-1
> Severity: important
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
>
> https://rustsec.org/advisories/RUSTSEC-2023-0078.html
> https://github.com/tokio-rs/tracing/pull/2765
> Fixed by: https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68683721 (tracing-0.1.40)
Please double-check but I think no Debian released version was ever
affected. The issue is fixed in 0.1.40 already upstream, with the
above commit (backed by
https://rustsec.org/advisories/RUSTSEC-2023-0078.html). The issue on
the other hand is introduced in
https://github.com/tokio-rs/tracing/commit/3a65354837a0f176178e15787fc700dd6fa11a92
which is first in 0.1.38.
In unstable we ever had only 0.1.37-1, then moved to 0.1.40-1.
Regards,
Salvatore
More information about the Pkg-rust-maintainers
mailing list