[Pkg-rust-maintainers] Processed: bugs

Ximin Luo infinity0 at debian.org
Sun Apr 23 09:55:00 UTC 2017

retitle 860989 cargo: embeds a copy of libgit2 affected by CVE-2016-8568 CVE-2016-8569
retitle 860990 cargo: embeds a copy of libgit2 affected by CVE-2016-10128 CVE-2016-10129 CVE-2016-10130

Debian Bug Tracking System:
> Processing commands for control at bugs.debian.org:
> [..]

Note that this is fixed in experimental but not in testing/sid which still carries cargo 0.15 with a libgit2 "0.24 + 1" version, I didn't check exactly which one it was. All of the CVEs are fixed in 0.25.1, I believe.



GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE

More information about the Pkg-rust-maintainers mailing list