Debian Bug report logs -
#986803
CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2020-36317 CVE-2020-36318
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>:
Bug#986803; Package rustc.
(Mon, 12 Apr 2021 10:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>.
(Mon, 12 Apr 2021 10:03:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: rustc
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>:
Bug#986803; Package rustc.
(Mon, 12 Apr 2021 10:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ximin Luo <infinity0@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>.
(Mon, 12 Apr 2021 10:30:03 GMT) (full text, mbox, link).
Message #10 received at 986803@bugs.debian.org (full text, mbox, reply):
It looks like these CVEs affect all versions up to 1.52 (which is not yet released).
Do you have links to patches fixing these bugs that can be backported to 1.48? We've had 1.48 for a while due to the migration freeze, and I've been informed that some rust packages in Debian break with newer versions of rustc and will need themselves to be updated - so I'd rather not force that during the freeze, I'd rather backport security fixes to 1.48.
Best,
Ximin
Moritz Muehlenhoff:
> Package: rustc
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>
> _______________________________________________
> Pkg-rust-maintainers mailing list
> Pkg-rust-maintainers@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-rust-maintainers
>
--
GPG: ed25519/56034877E1F87C35
https://github.com/infinity0/pubkeys.git
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 12 Apr 2021 11:48:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Apr 13 08:07:19 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon