[Pkg-rust-maintainers] Bug#1055895: Bug#1055895: rust-self-cell: RUSTSEC-2023-0070
Peter Green
plugwash at debian.org
Tue Nov 14 03:45:11 GMT 2023
>
> Please see https://rustsec.org/advisories/RUSTSEC-2023-0070.html
I have read the upstream advisory and the linked bug report and while
I don't fully understand the nitty gritty details my understanding of
the issue is.
* It was discovered that code (which was not marked as unsafe)
could mis-use self-cell in a way that invoked undefined
behaviour.
* This was fixed by adding an additional compile time check
which will cause the build to fail in such cases.
Based on this understanding I have
* Uploaded the new version of rust-self-cell
* Performed a rebuild test of the only reverse dependency
rust-coreutils, it built successfully, so presumably it is
not impacted by this issue.
More information about the Pkg-rust-maintainers
mailing list