Subscribed
We need to address
- Two of the vendored packages are currently vulnerable (reported by
osv-scanner)
- `openssl` v0.10.71 is vulnerable to CVE-2025-3416. Although it's a
rust wrapper around the system openssl library, the vulnerability is
in the wrapper itself.
- `sequoia-openpgp`v2.0.0 is vulnerable to CVE-2025-67897, which is a
vendored rust crate source.
still I believe and merge with Debian again
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2089690
Title:
[MIR] rust-sequoia-sqv
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2089690/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
