[Pkg-rust-maintainers] Bug#1122195: rust-maxminddb: RUSTSEC-2025-0132
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 8 15:49:51 GMT 2025
Source: rust-maxminddb
Version: 0.24.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/oschwald/maxminddb-rust/issues/86
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi
See
https://rustsec.org/advisories/RUSTSEC-2025-0132.html
https://github.com/advisories/GHSA-mj73-j457-8x9q
| maxminddb prior to version 0.27 declared Reader::open_mmap as safe
| despite wrapping an inherently unsafe memmap2 operation with no extra
| step done to guarantee safety. This could have led to undefined
| behaviour if the file were to be modified on disk while the memory map
| was still active.
Report:
https://github.com/oschwald/maxminddb-rust/issues/86
Fixed by: https://github.com/oschwald/maxminddb-rust/commit/98f0e4fff9678c841ed33f3b8a46322f6163c32a
Regards,
Salvatore
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.17.8+deb14-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-rust-maintainers
mailing list