[Pkg-rust-maintainers] Bug#1139958: rust-http-types: RUSTSEC-2026-0174: Authorization::value and WwwAuthenticate::value can violate ASCII invariants

Ananthu C V weepingclown at debian.org
Tue Jun 16 08:08:11 BST 2026


Hi,

On Tue, Jun 16, 2026 at 02:49:56AM +0100, Peter Green wrote:
> > > The http-types crate is unmaintained and the issue is unlikely to be
> > > fixed.
> > 
> > Given the last statement this is more about tracking.
> > 
> > Can the package OTOH be worked towards beeing removed?
> 
> Reverse dependencies seem to be async-h1 and http-cache.

async-h1 doesn't have any rdeps at the moment, so let's just work
towards removing it. No point in keeping a vulnerability around. This
also might have been a dependency for surf (which in turn was
originally needed for zellij) which I managed to drop from the
dependencies, so maybe I also wouldn't get affected.

-- 
Best,
Ananthu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20260616/c7e3db52/attachment.sig>


More information about the Pkg-rust-maintainers mailing list