Hi Peter, Thanks for the quick followup.
On Sat, Aug 30, 2025 at 01:35:26AM +0100, Peter Green wrote: > > There is the RUSTSEC-2025-0051 advisory for rust-xcb: > > I feel calling this a "security" issue is a stretch. > > > https://rustsec.org/advisories/RUSTSEC-2025-0051.html > > | xcb::Connection::connect_to_fd* functions violate I/O safety > > The so-called "fixed version" doesn't seem to actually "fix" > anything, it just marks some functions as deprecated and > adds some new functions. The existing problematic functions > remain present, they are just deprecated (which will trigger > a compiler warning, but who reads those). > > There seem to be two reverse dependencies of rust-xcb in > Debian, a quick look on Debian code search suggests that > neither uses the problematic functions. > > I'll upload the new version anyway. Do you know if they eventually will be dropped after deprecation? If not we might just consider this then otherwise a non-issue? Regards, Salvatore
