On Sat, 9 Sep 2023 09:16:55 +0300 Michael Tokarev wrote:
> 09.09.2023 03:07, Peter Green:
>
> > async-tls has not switched upstream. On the other hand I don't
> > see any packages in Debian using it yet. ccing mjt to see what
> > the reason for packaging it was.
>
> async-tls isn't my baby, count
09.09.2023 03:07, Peter Green:
async-tls has not switched upstream. On the other hand I don't
see any packages in Debian using it yet. ccing mjt to see what
the reason for packaging it was.
async-tls isn't my baby, count_omega (=werdahias, Cc'd) asked to sponsor it
on Jun-28 and I uploaded it,
I think this indicates that it can indeed be safely removed from Debian? I'm
CC'ing developers that have made uploads to this packages in the past for
additiponal opinions as I suspect the issue is more subtle than that.
dak rm does not take account of virtual packages. So for rust packages
it i
Hi Salvatore,
thanks for filing this bug.
> Please see https://rustsec.org/advisories/RUSTSEC-2023-0052.html .
This page is giving a very general description of the problem:
>> When this crate is given a pathological certificate chain to validate, it
>> will spend CPU time exponential with th
Source: rust-webpki
Version: 0.22.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi
Please see https://rustsec.org/advisories/RUSTSEC-2023-0052.html .
FWIW, there is a fix in the rustls-webpki is a fork, which
5 matches
Mail list logo
