[Pkg-rust-maintainers] Bug#976867: Bug#976867: RUSTSEC-2020-0077: memmap: memmap is unmaintained

Sylvestre Ledru sylvestre at debian.org
Tue Dec 8 21:19:40 GMT 2020

Le 08/12/2020 à 21:59, Moritz Mühlenhoff a écrit :
> On Tue, Dec 08, 2020 at 09:10:22PM +0100, Sylvestre Ledru wrote:
>> Could you please explain why you set the severity as important?
>> AFAIK, there isn't a security exploit. Not in the binary shipping in Debian either.
> It was important enough to get published with the RUSTSEC advisory flow.

Not sure what you mean: Rustsec doesn't say much.

The crate is still available and published here: 
https://crates.io/crates/memmap with a lot of daily usage.

>> The fact that it is unmaintained upstream isn't a blocker on the Debian side AFAIK.
> Is anyone in the Rust maintainers able/willing to step in with an upstream fix
> in case there's a security issue in rust-memmap occurs?
With BurntSushi as comaintainer, I am not worried that he will step in 
case it happens:


> If so, feel free to close
> it.

ok, thanks, will do.


More information about the Pkg-rust-maintainers mailing list