Source: rust-rpm-sequoia Version: 1.10.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for rust-rpm-sequoia. CVE-2026-2625[0]: | Denial of Service via crafted RPM file during signature verification The only available reference at time of writin is [1] the bugzilla entry at Red Hat. A quick search in [2] has not revealed the issue beeing reported already, at least I was not able to find it. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-2625 https://www.cve.org/CVERecord?id=CVE-2026-2625 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2440357 [2] https://github.com/rpm-software-management/rpm-sequoia/issues Please adjust the affected versions in the BTS as needed. Regards, Salvatore
