[Git][security-tracker-team/security-tracker][master] rust-cargo fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 29 14:55:02 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c903be4c by Moritz Muehlenhoff at 2026-05-29T15:54:27+02:00
rust-cargo fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5043,20 +5043,18 @@ CVE-2026-7766 (Kenik Camera management Panel is vulnerable to Path Traversal vul
 	NOT-FOR-US: Kenik Camera management Panel
 CVE-2026-5223 (Cargo incorrectly handled symlinks inside of crate tarballs downloaded ...)
 	- cargo <removed>
-	- rust-cargo <unfixed>
+	- rust-cargo 0.91.0-3
 	- rustc 1.95.0+dfsg1-2
 	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8
 	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5223/
 	NOTE: https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577
-	TODO: check correctness of tracking
 CVE-2026-5222 (Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-p ...)
 	- cargo <removed>
-	- rust-cargo <unfixed>
+	- rust-cargo 0.91.0-3
 	- rustc 1.95.0+dfsg1-2
 	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s
 	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5222/
 	NOTE: https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f
-	TODO: check correctness of tracking
 CVE-2026-4915 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-47077 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c903be4cca6c212ce6a4f71a6396934ba255ee97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c903be4cca6c212ce6a4f71a6396934ba255ee97
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/57379623/attachment.htm>

More information about the debian-security-tracker-commits mailing list