[Pkg-rust-maintainers] Bug#1103833: rust-protobuf: CVE-2024-7254
NoisyCoil
noisycoil at disroot.org
Wed Apr 30 10:11:00 BST 2025
Because of this bug, rust-protobuf is now marked for autoremoval
together with the following packages:
rust-erbium, rust-erbium-core, rust-pprof, rust-prometheus,
rust-protobuf-codegen, rust-protobuf-codegen-pure, rust-protoc-rust,
rust-ttrpc, scaphandre.
scaphandre was already decoupled from it, the autoremoval should be
avoided once it migrates to testing (5 more days). As for the others,
neither erbium's maintainer nor the Rust Team for protobuf-codegen
showed interest in preventing their removal, and I'm not familiar enough
with these programs to make a decision, so I'll leave this bug hanging.
Options to prevent them from being removed are discussed in the present bug.
Cheers!
More information about the Pkg-rust-maintainers
mailing list