[Pkg-rust-maintainers] Bug#1112471: Bug#1112471: rust-xcb: RUSTSEC-2025-0051
Peter Green
plugwash at debian.org
Sat Aug 30 01:35:26 BST 2025
> There is the RUSTSEC-2025-0051 advisory for rust-xcb:
I feel calling this a "security" issue is a stretch.
> https://rustsec.org/advisories/RUSTSEC-2025-0051.html
> | xcb::Connection::connect_to_fd* functions violate I/O safety
The so-called "fixed version" doesn't seem to actually "fix"
anything, it just marks some functions as deprecated and
adds some new functions. The existing problematic functions
remain present, they are just deprecated (which will trigger
a compiler warning, but who reads those).
There seem to be two reverse dependencies of rust-xcb in
Debian, a quick look on Debian code search suggests that
neither uses the problematic functions.
I'll upload the new version anyway.
More information about the Pkg-rust-maintainers
mailing list