[Pkg-rust-maintainers] Bug#1017084: rust-chrono: please update to v0.4.21
Peter Green
plugwash at debian.org
Sat Aug 13 14:33:21 BST 2022
>
> ome reverse dependencies tightens dependency on chrono to v0.4.20 or
> v0.4.21, apparently related to RUSTSEC advisory 2020-0159 (bug#996913).
As I discussed in that bug report, while I understand why rustsec
consider this a security issue (they treat all soundness bugs as security
issues) I don't think it's particularly useful to characterise it as one
downstream.
> Please update to latest upstream release 0.4.21 to allow this security
> tightening to take effect in Debian-packaged code.
The new upstream version depends on the iana-time-zone crate, if/when
someone packages that crate and it passes trough NEW, I am happy to
update chrono.
More information about the Pkg-rust-maintainers
mailing list