[Pkg-rust-maintainers] Bug#1124687: rust-gix-date: RUSTSEC-2025-0140
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 5 16:38:15 GMT 2026
Source: rust-gix-date
Version: 0.9.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/GitoxideLabs/gitoxide/issues/2305
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi
>From https://rustsec.org/advisories/RUSTSEC-2025-0140.html:
| The function gix_date::parse::TimeBuf::as_str can create an illegal
| string containing non-utf8 characters. This violates the safety
| invariant of TimeBuf and can lead to undefined behavior when consuming
| the string.
|
| The bug can be prevented by adding str::from_utf8 to the function
| TimeBuf::write.
https://github.com/GitoxideLabs/gitoxide/issues/2305
Regards,
Salvatore
More information about the Pkg-rust-maintainers
mailing list