Thanks for the report.
abscissa_derive is a dependency of abscissa_core but I have been
waiting with the upload of that since tracing-subscriber have some
features disabled and it's non-trivial to reenable them (due to the
regex situation iirc).
abscissa_core is a dependency of cargo-audit, and
at 07:10:22PM +0100, Alexander Kjäll wrote:
> > Hi
> >
> > I'm sorry for the semver breakage, the last version was a bit stressed
> > out due to the security problems with libgit2 not verifying server
> > signatures (that has since been fixed).
> >
> >
I just ran into the same problem when trying to determine where to
place the tab completions for Sequoia's gpg-sq and gpgv-sq
//Alex
Source: rust-h2
Severity: important
X-Debbugs-Cc: alexander.kj...@gmail.com
Dear Maintainer,
An attacker with an HTTP/2 connection to an affected endpoint can send
a steady stream of invalid frames to force the generation of reset frames
on the victim endpoint. By closing their recv window,
Source: rust-snow
Severity: important
X-Debbugs-Cc: alexander.kj...@gmail.com
Dear Maintainer,
There was a logic bug where unauthenticated payloads could still cause
a nonce increment in snow's internal state. For an attacker with the
ability to inject packets into the channel Noise is talking
Hi
That ahash is missing is blocking an upgrade of hashbrown, and that is
blocking the packaging of gitoxide and cargo among other things.
Is there something I can do to help out here?
//Alex
Source: rust-bendy
Severity: normal
X-Debbugs-Cc: alexander.kj...@gmail.com
Dear Maintainer,
Please consider pulling in this commit:
https://github.com/P3KI/bendy/commit/5abd78e79f86766094a2e1841e8bbdd696089b01
As failure is unsound: https://rustsec.org/advisories/RUSTSEC-2019-0036.html
Source: rust-rio
Severity: important
X-Debbugs-Cc: alexander.kj...@gmail.com
Dear Maintainer,
https://rustsec.org/advisories/RUSTSEC-2020-0021.html
Description
When a rio::Completion is leaked, its drop code will not run.
The drop code is responsible for waiting until the kernel
completes the
I wrote a patch to upgrade to nom 7, and it was somewhat non-trivial.
I would like to run this by upstream before we pull this into Debian
https://gitlab.com/davidbittner/ansi-parser/-/merge_requests/14
//Alex
to some real life things
taking all my free time lately.
best regards
Alexander Kjäll
Package: ftp.debian.org
Severity: normal
Please drop package, as it is already provided by rust-signature.
See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051867
Hi
Some rust code I'm trying to package seem to depend on zlib-ng, this
can maybe be patched out, but I thought I should ask about status on
this packaging effort before I undertake that work.
best regards
Alexander Kjäll
I think the solution here is to mark some of the autopkgtests as
broken. The dependency loop is only there if you take dev-dependencies
into account and those are mostly optional to package. I can make an
attempt on packaging them.
//Alex
Den tors 21 sep. 2023 kl 13:03 skrev Reinhard Tartler :
>
tags 1042909 - moreinfo
thanks
We needed some more time to handle a transition, sorry for filing this
bug prematurely.
Package: ftp.debian.org
Severity: normal
As per #1050138 there is no longer any need for this package.
Package: ftp.debian.org
Severity: normal
As per #1050138 there is no longer any need for this package.
Package: ftp.debian.org
Severity: normal
Hi, please remove this package on all architectures. It is an old rust library
used for transitioning with no reverse dependencies.
Hi
The missing dependency is in new:
https://ftp-master.debian.org/new/rust-typemap_0.3.3-1.html
Maybe it would save everyone some time if you checked that before
filing these kind of bugs?
best regards
Alexander Kjäll
Hi
The missing dependency is in new:
https://ftp-master.debian.org/new/rust-iai-macro_0.1.1-1.html
best regards
Alexander Kjäll
Hi
I noticed that the upstream project seem to have regained access and
started to publish new versions of packed_simd again:
https://crates.io/crates/packed_simd
I don't have a strong opinion regarding deleting this or not, but I
checked and it wasn't hard to get it building, so I pushed a
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rust-tree-ma...@packages.debian.org
Control: affects -1 + src:rust-tree-magic
Package that depended on tree-magic have migrated to use other packages.
rust-tree-magic never entered
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rust-sloppy-rfc4...@packages.debian.org
Control: affects -1 + src:rust-sloppy-rfc4880
This package has never been part of a stable release, and it's no longer needed
as noone works on
Package: ftp.debian.org
Severity: normal
User: ftp.debian@packages.debian.org
Usertags: remove
X-Debbugs-Cc: rust-ncur...@packages.debian.org
Control: affects -1 + src:rust-ncurses
Please remove rust-ncurses. It was packaged for rust-curses, but have
been patched out from that library as
Hi
The list-rdeps.sh script in
https://salsa.debian.org/rust-team/debcargo-conf/ shows that it's in
use:
$ ./dev/list-rdeps.sh const-cstr
Versions of rust-const-cstr in unstable:
librust-const-cstr-dev 0.3.0-1+b1
Versions of rdeps of rust-const-cstr in unstable, that
Hi
I have started to look at updating the group of sequoia packages as
part of packaging https://crates.io/crates/sequoia-chameleon-gnupg
But since we are in a freeze right now I haven't spent very much time
on it, am very happy to collaborate on the effort.
//Alex
Package: wnpp
Severity: wishlist
Description: Know the exact crate versions used to build your Rust
executable. Audit binaries for known bugs or security vulnerabilities
in production, at scale, with zero bookkeeping.
This works by embedding data about the dependency tree in JSON format
into a
Source: rust-chrono
Severity: minor
Tags: security
Dear Maintainer,
This package is affected by this security vulnerability that isn't tracked by
debian yet:
https://rustsec.org/advisories/RUSTSEC-2020-0159.html
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT
Package: librust-nix-dev
Version: 0.19.0-1
Severity: normal
Tags: security
Dear Maintainer,
This package is affected by this security vulnerability that isn't tracked by
debian yet:
https://rustsec.org/advisories/RUSTSEC-2021-0119.html
-- System Information:
Debian Release: bookworm/sid
that depends on cursive into debian.
best regards
Alexander Kjäll
Den ons 14 okt. 2020 kl 05:57 skrev peter green :
>
> I just looked at this issue.
>
> rust-ncurses is a thin wrapper around ncurses. It exposes unsafe (in the rust
> sense) C
> APIs to safe rust code. The
Source: rust-sized-chunks
Version: 0.6.2-1
Severity: normal
Tags: upstream, security
Dear Maintainer,
Chunk:
Array size is not checked when constructed with unit() and pair().
Array size is not checked when constructed with From>.
Clone and insert_from are not panic-safe; A
Source: rust-rand-core-0.3
Version: 0.3.0-2
Severity: normal
Tags: upstream, security
Dear Maintainer,
Versions under 0.4.2 violated alignment when casting byte slices to integer
slices, resulting in undefined behavior.
Advisory: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
--
Package: rust-rand-core-0.2
Version: 0.2.2-1
Severity: normal
Tags: upstream, security
Dear Maintainer,
Versions under 0.4.2 violated alignment when casting byte slices to integer
slices, resulting in undefined behavior.
Advisory: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
--
Source: rust-rand-core
Version: 0.3.0-1
Severity: normal
Tags: upstream, security
Dear Maintainer,
Versions under 0.4.2 violated alignment when casting byte slices to integer
slices, resulting in undefined behavior.
Advisory: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
-- System
Source: rust-libflate
Version: 0.1.19-1
Severity: normal
Tags: upstream, security
Dear Maintainer,
The library have a use after free vulnerability in versions from 0.1.14 up to
but not including 0.1.25
Advisory text: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
-- System
Source: rust-http
Version: 0.1.19-1
Severity: normal
Dear Maintainer,
Versions below 0.1.20 of rust-http have a denial of service vulnerability.
Description of the vulnerability:
HeaderMap::reserve() used usize::next_power_of_two() to calculate the increased
capacity. However,
Source: rust-failure
Severity: normal
Tags: upstream
Dear Maintainer,
Security problem reported upstream:
https://rustsec.org/advisories/RUSTSEC-2019-0036.html
And the project is eol without a fix:
https://rustsec.org/advisories/RUSTSEC-2020-0036.html
-- System Information:
Debian Release:
Package: wnpp
Severity: wishlist
Description: A simple password manager written in Rust. Is compatible
with the pass filesystem layout and have a ncurses gui.
URL: https://github.com/cortex/ripasso/
License: GPLv3
Copyright: Alexander Kjäll, Joakim Lundbord
37 matches
Mail list logo
