Bug#1051808: [Pkg-rust-maintainers] Bug#1051808: rust-users: RUSTSEC-2023-0059
On Wed, 13 Sep 2023 04:07:24 +0100 Peter Green wrote: > > rust-users is currently unmaintained upstream. > > > > In a fork a proposed patch can be found. > > > > What is the rust-users situation with respect of Debian as it is > > unmantained upstream? > > So we have two options, patch it or move away from it to a fork > > The crate "uzers" which is a fork of this crate was recently > uploaded to Debian and I have just uploaded version 0.11.3 of > it. I believe that said version includes a fix for this issue. > > Uzers is listed as an alternative on the rustsec entry, but at > least so-far there doesn't seem to have been a whole lot of uptake. > crates.io only lists one reverse dependency of said fork, which > is itself a fork of exa. > Currently packaged downstreams are pam, sniffglue, and please (packaged as pleaser). I've sent pull requests to [pam] & [sniffglue] and opened an issue for [please]. Hopefully we can soon see them migrate. pam: https://github.com/1wilkens/pam/pull/39 sniffglue: https://github.com/kpcyrd/sniffglue/pull/124 -- Sdrager, Blair Noctis OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1051808: [Pkg-rust-maintainers] Bug#1051808: rust-users: RUSTSEC-2023-0059
rust-users is currently unmaintained upstream. In a fork a proposed patch can be found. What is the rust-users situation with respect of Debian as it is unmantained upstream? So we have two options, patch it or move away from it to a fork The crate "uzers" which is a fork of this crate was recently uploaded to Debian and I have just uploaded version 0.11.3 of it. I believe that said version includes a fix for this issue. Uzers is listed as an alternative on the rustsec entry, but at least so-far there doesn't seem to have been a whole lot of uptake. crates.io only lists one reverse dependency of said fork, which is itself a fork of exa.
Bug#1051808: rust-users: RUSTSEC-2023-0059
Source: rust-users Version: 0.11.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/ogham/rust-users/issues/55 X-Debbugs-Cc: car...@debian.org, Debian Security Team There is the RUSTSEC-2023-0059 advisory for rust-users: https://rustsec.org/advisories/RUSTSEC-2023-0059.html https://github.com/ogham/rust-users/issues/55 rust-users is currently unmaintained upstream. In a fork a proposed patch can be found. What is the rust-users situation with respect of Debian as it is unmantained upstream? Regards, Salvatore
