[Pkg-rust-maintainers] Bug#1103833: Bug#1103833: rust-protobuf: CVE-2024-7254
NoisyCoil
noisycoil at disroot.org
Fri Apr 25 19:32:50 BST 2025
On 25/04/25 07:05, Jonas Smedegaard wrote:
> Scaphande is now (pending upload) patched to no longer build-depend on
> the protobuf crate. Turns out it was optional and already unused for
> other reasons (will file a bug about that upstream).
Thanks Jonas!
As for erbium (via erbium-core), it looks like the functionality it uses
from prometheus (mostly DNS and DHCP) is independent of Protocol
Buffers, and decoupling prometheus from protobuf can be done without
erbium-core FTBFS. So if we're ok with removing protobuf-codegen we
should be able to remove protobuf v2 and reintroduce v3 in forky when we
need it.
More information about the Pkg-rust-maintainers
mailing list