[Git][security-tracker-team/security-tracker][master] new rust-nix, rust-tokio issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 3 15:02:09 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
379f42ac by Moritz Muehlenhoff at 2022-01-03T16:01:43+01:00
new rust-nix, rust-tokio issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,13 +916,19 @@ CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for
 CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
 	NOT-FOR-US: Rust crate simple_asn1
 CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
-	TODO: check
+	- rust-tokio <unfixed>
+	[bullseye] - rust-tokio <no-dsa> (Minor issue)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
+	NOTE: https://github.com/tokio-rs/tokio/issues/4225
 CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
 	NOT-FOR-US: Rust crate crypto2
 CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
 	NOT-FOR-US: Rust crate abomonation
 CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before  ...)
-	TODO: check
+	- rust-nix 0.23.0-1
+	[bullseye] - rust-nix <no-dsa> (Minor issue)
+	[buster] - rust-nix <not-affected> (Introduced in 0.16)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
 CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
 	NOT-FOR-US: Rust crate zeroize_derive
 CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/379f42ac960b30e0e91e451d58b1fdbc9572ebf2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/379f42ac960b30e0e91e451d58b1fdbc9572ebf2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220103/563fa6a2/attachment.htm>

More information about the debian-security-tracker-commits mailing list