[Pkg-rust-maintainers] Bug#986803: Bug#986803: CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318
Ximin Luo
infinity0 at debian.org
Mon Apr 12 11:18:16 BST 2021
It looks like these CVEs affect all versions up to 1.52 (which is not yet released).
Do you have links to patches fixing these bugs that can be backported to 1.48? We've had 1.48 for a while due to the migration freeze, and I've been informed that some rust packages in Debian break with newer versions of rustc and will need themselves to be updated - so I'd rather not force that during the freeze, I'd rather backport security fixes to 1.48.
Best,
Ximin
Moritz Muehlenhoff:
> Package: rustc
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
>
> _______________________________________________
> Pkg-rust-maintainers mailing list
> Pkg-rust-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers
>
--
GPG: ed25519/56034877E1F87C35
https://github.com/infinity0/pubkeys.git
More information about the Pkg-rust-maintainers
mailing list