Le 08/12/2020 à 21:59, Moritz Mühlenhoff a écrit :
On Tue, Dec 08, 2020 at 09:10:22PM +0100, Sylvestre Ledru wrote:
Could you please explain why you set the severity as important?
AFAIK, there isn't a security exploit. Not in the binary shipping in Debian
either.
It was important enough to get published with the RUSTSEC advisory flow.
Not sure what you mean: Rustsec doesn't say much.
The crate is still available and published here:
https://crates.io/crates/memmap with a lot of daily usage.
The fact that it is unmaintained upstream isn't a blocker on the Debian side
AFAIK.
Is anyone in the Rust maintainers able/willing to step in with an upstream fix
in case there's a security issue in rust-memmap occurs?
With BurntSushi as comaintainer, I am not worried that he will step in
case it happens:
https://github.com/danburkert/memmap-rs/issues/90#issuecomment-737587767
If so, feel free to close
it.
ok, thanks, will do.
S