[Pkg-rust-maintainers] Bug#1103833: rust-protobuf: CVE-2024-7254
NoisyCoil
noisycoil at disroot.org
Sat Apr 26 15:30:33 BST 2025
I decoupled handlebars from the rest and filed [1] to also decouple
prometheus: erbium (its only (transitive) reverse dependency
application) doesn't use protobuf's functionality. This however is not a
small change, so it needs consensus from the team (hence the MR). Pros
and cons are detailed in [1].
[1] https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests/898
More information about the Pkg-rust-maintainers
mailing list