[Pkg-rust-maintainers] Processed: bugs
Ximin Luo
infinity0 at debian.org
Sun Apr 23 09:55:00 UTC 2017
retitle 860989 cargo: embeds a copy of libgit2 affected by CVE-2016-8568 CVE-2016-8569
retitle 860990 cargo: embeds a copy of libgit2 affected by CVE-2016-10128 CVE-2016-10129 CVE-2016-10130
Debian Bug Tracking System:
> Processing commands for control at bugs.debian.org:
> [..]
Note that this is fixed in experimental but not in testing/sid which still carries cargo 0.15 with a libgit2 "0.24 + 1" version, I didn't check exactly which one it was. All of the CVEs are fixed in 0.25.1, I believe.
https://sources.debian.net/src/cargo/0.15.0~dev-1/deps/libgit2-sys-0.6.2/libgit2/CHANGELOG.md/
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
More information about the Pkg-rust-maintainers
mailing list