[Pkg-rust-maintainers] Bug#1128418: marked as done (rust-rpm-sequoia: CVE-2026-2625)
Holger Levsen
holger at layer-acht.org
Mon Apr 27 12:09:39 BST 2026
control: notfound -1 1.8.0-2
thanks
from #sequoia:
<h01ger> re: deb#1128418 - rpm-sequoia 1.8.0 is also affected, right?
<neal> | h01ger: 1.8 is not impacted: https://github.com/rpm-software-management/rpm-sequoia/blob/v1.8.0/src/lib.rs#L1500
<neal> The vulnerability was introduced in this commit: https://github.com/rpm-software-management/rpm-sequoia/commit/be1bece75a4041b5ad1525c3732a7cff3a77dc02
<h01ger> oh, thanks, i'll correct the bug then
<h01ger> neal: can i just quote you?
<neal> yes
<h01ger> thanks!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
I'll believe in climate change when Texas freezes over. (Ted Cruz)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20260427/42e7b5e6/attachment-0001.sig>
More information about the Pkg-rust-maintainers
mailing list