[Pkg-rust-maintainers] Bug#969899: rust-libflate: use-after-free vulnerability on panic in client code

Alexander Kjäll alexander.kjall at gmail.com
Tue Sep 8 14:45:41 BST 2020

Source: rust-libflate
Version: 0.1.19-1
Severity: normal
Tags: upstream, security

Dear Maintainer,

The library have a use after free vulnerability in versions from 0.1.14 up to but not including 0.1.25

Advisory text: https://rustsec.org/advisories/RUSTSEC-2019-0010.html

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-2-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

More information about the Pkg-rust-maintainers mailing list