[Git][security-tracker-team/security-tracker][master] Update status for rust-oneshot issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 26 13:15:36 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ca74245 by Salvatore Bonaccorso at 2026-04-26T14:15:07+02:00
Update status for rust-oneshot issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43122,10 +43122,12 @@ CVE-2026-22796 (Issue summary: A type confusion vulnerability exists in the sign
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4 (openssl-3.5.5)
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49 (openssl-3.0.19)
 CVE-2026-XXXX [RUSTSEC-2026-0005: Potential use-after-free in oneshot when used asynchronously]
-	- rust-oneshot <unfixed>
+	- rust-oneshot 0.2.1-1
 	[trixie] - rust-oneshot <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0005.html
 	NOTE: https://github.com/faern/oneshot/issues/73
+	NOTE: https://github.com/faern/oneshot/pull/74
+	NOTE: Fixed by: https://github.com/faern/oneshot/commit/f19ff7c3bff2a91e4cbd8a923163769519a3a744 (v0.1.12)
 CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's  ...)
 	- golang-github-theupdateframework-go-tuf 2.4.1+0.7.0-1 (bug #1126581)
 	[trixie] - golang-github-theupdateframework-go-tuf <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca74245775377375d9e2f4089f9ddb485b793e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ca74245775377375d9e2f4089f9ddb485b793e1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260426/0266f021/attachment.htm>

More information about the debian-security-tracker-commits mailing list