[Pkg-rust-maintainers] Bug#1031201: rust-asn1: please package versione 0.13.0
peter green
plugwash at p10link.net
Tue Feb 14 02:50:33 GMT 2023
> please package versione 0.13.0 of rust-asn1.
It's a semver bump, which given how dependencies are typically specified
in the rust world probablly counts as a transition. Unfortunately upstream
doesn't provide a changelog so it's difficult for me to tell how
substantial the changes actually are.
That said, the only reverse dependency seems to be python-cryptography, so
I would say an update is not totally out of the question.
In any case I've uploaded it to experimental so it can be used to develop
and test against.
> This new version is needed by python-cryptography/39.0.1 and we need that
> version to fix CVE-2023-23931
We are supposed to be in the "soft freeze", is this new upstream version
really essential for fixing the bug? have you discussed this with the
rest of the python team or with the release team? what if-any testing
have you done.
More information about the Pkg-rust-maintainers
mailing list