[Pkg-rust-maintainers] Bug#988729: Bug#988729: CVE-2021-21299
Moritz Mühlenhoff
jmm at inutil.org
Mon May 24 15:55:19 BST 2021
Am Wed, May 19, 2021 at 07:39:55PM +0200 schrieb Fabian Grünbichler:
> On May 18, 2021 8:42 pm, Moritz Muehlenhoff wrote:
> > Source: rust-hyper
> > Severity: grave
> > Tags: security
> > X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
> >
> > CVE-2021-21299:
> > https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
> > https://rustsec.org/advisories/RUSTSEC-2021-0020.html
>
> FWIW, (rust-hyper) doesn't have any rdeps in bullseye AFAICT[1], so it
> could either be ignored there or removed from bullseye without
> consequences.
No strong opinion, but if there are really no rdeps yet, it's probably better
to hint it out of testing.
Cheers,
Moritz
More information about the Pkg-rust-maintainers
mailing list