I just looked at this issue. rust-ncurses is a thin wrapper around ncurses. It exposes unsafe (in the rust sense) C APIs to safe rust code. The rust security team consider this to be a vulnerability.
There is more discussion of this issue at https://github.com/jeaye/ncurses-rs/issues/188 the fix would be to mark most if not all of the functions exposed by the library as unsafe and release a new major version of the library. Any reverse dependencies would then need to be adapted to work with the new unsafe functions. The upstream maintainer has indicated they would be accepting of a pull request but is not interested in doing the work themselves. There is also another wrapper called ncursesw which seems to be better maintained and offers both low-level wrappers (correctly marked as unsafe) and higher-level wrappers (some of which are safe). It is not packaged in Debian. I looked to see what if-any packages in Debian use rust-ncurses and I did not find any in either buster, bullseye or sid. Is there a reason to keep this package around?
