[Pkg-rust-maintainers] Bug#988945: CVE-2019-25009

Sebastian Ramacher sramacher at debian.org
Wed Jun 23 21:12:45 BST 2021


On 2021-05-21 21:37:32 +0200, Moritz Muehlenhoff wrote:
> Source: rust-http
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
> 
> CVE-2019-25009:
> https://rustsec.org/advisories/RUSTSEC-2019-0034.html
> https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7
> https://github.com/hyperium/http/commit/8ffe094df1431321d450860cc56a22dd53175f5e

I have added a removal hint for rust-http and its reverse dependencies.
They are not used by anything other than rust libraries.

Cheers
-- 
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20210623/e83482b9/attachment.sig>


More information about the Pkg-rust-maintainers mailing list