Bug#1060861: RUSTSEC-2023-0078

Moritz Muehlenhoff Tue, 16 Jan 2024 05:15:14 -0800

On Mon, Jan 15, 2024 at 09:10:57PM +0100, Salvatore Bonaccorso wrote:
> Hi Moritz,
> 
> On Mon, Jan 15, 2024 at 08:49:04PM +0100, Moritz Muehlenhoff wrote:
> > Source: rust-tracing
> > Version: 0.1.37-1
> > Severity: important
> > Tags: security
> > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
> > 
> > https://rustsec.org/advisories/RUSTSEC-2023-0078.html
> > https://github.com/tokio-rs/tracing/pull/2765
> > Fixed by: 
> > https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68683721
> >  (tracing-0.1.40)
> 
> Please double-check but I think no Debian released version was ever
> affected. The issue is fixed in 0.1.40 already upstream, with the
> above commit (backed by
> https://rustsec.org/advisories/RUSTSEC-2023-0078.html). The issue on
> the other hand is introduced in
> https://github.com/tokio-rs/tracing/commit/3a65354837a0f176178e15787fc700dd6fa11a92
> which is first in 0.1.38. 
> 
> In unstable we ever had only 0.1.37-1, then moved to 0.1.40-1.


That's in fact true! Still let's update to the latest release anyway.

Cheers,
        Moritz

Bug#1060861: RUSTSEC-2023-0078

Reply via email to