- Package:
- src:rust-hyper
- Source:
- rust-hyper
- Submitter:
- Moritz Muehlenhoff
- Date:
- 2022-06-25 00:06:03 UTC
- Severity:
- grave
- Tags:
CVE-2021-21299: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf https://rustsec.org/advisories/RUSTSEC-2021-0020.html Cheers, Moritz
FWIW, (rust-hyper) doesn't have any rdeps in bullseye AFAICT[1], so it could either be ignored there or removed from bullseye without consequences. for bullseye+1, I plan on updating it as soon as sid is unfrozen again, but the dependency chain needed for that update is quite big so it might take a bit to pass through NEW etc (which was also the reason why it didn't get updated in time pre-freeze). there are no affected rdeps in unstable either though, as they are all using hyper as client, not server. 1: dev/list-rdeps.sh from debcargo-conf agrees
Am Wed, May 19, 2021 at 07:39:55PM +0200 schrieb Fabian Grünbichler:
No strong opinion, but if there are really no rdeps yet, it's probably better
to hint it out of testing.
Cheers,
Moritz
We believe that the bug you reported is fixed in the latest version of rust-hyper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988729@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Michael Green <plugwash@debian.org> (supplier of updated rust-hyper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Fri, 24 Jun 2022 23:44:18 +0000 Source: rust-hyper Architecture: source Version: 0.14.19-1 Distribution: unstable Urgency: medium Maintainer: Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net> Changed-By: Peter Michael Green <plugwash@debian.org> Closes: 988729 Changes: rust-hyper (0.14.19-1) unstable; urgency=medium . * Package hyper 0.14.19 from crates.io using debcargo 2.5.0 * Set collapse_features = true . [ Fabian Gruenbichler ] * Team upload. * Package hyper 0.14.18 from crates.io using debcargo 2.5.0 . * closes: #988729 Checksums-Sha1: 718e776f20eca3660c75253ea5037edc83979bbc 3619 rust-hyper_0.14.19-1.dsc a96b4575c525e8cc4671a55842ea5436306ad6d5 182288 rust-hyper_0.14.19.orig.tar.gz b4c7a51d3c7ec517b34de46d12dc76b1a47b8d7e 3548 rust-hyper_0.14.19-1.debian.tar.xz f17d52191c304af892a0d555f4d13a9f73210c6a 11283 rust-hyper_0.14.19-1_source.buildinfo Checksums-Sha256: 4d437f56d358bc938a20fb258cf260ae9ca64a386aec8cfae3fd15ef5d51e441 3619 rust-hyper_0.14.19-1.dsc 42dc3c131584288d375f2d07f822b0cb012d8c6fb899a5b9fdb3cb7eb9b6004f 182288 rust-hyper_0.14.19.orig.tar.gz d72c1631f068cb12ea0a8c8cc8ae6240d4684f4b0e900e36484fa8f354263c29 3548 rust-hyper_0.14.19-1.debian.tar.xz 801915229f90318dcd1085e6484a2ad54b646e88923ff95b82f08e6e142a9a6b 11283 rust-hyper_0.14.19-1_source.buildinfo Files: 3eaf9d0f7a1244d98b42d92efdc178c2 3619 rust optional rust-hyper_0.14.19-1.dsc 74837c8570567d6b63e9c217a73a96a7 182288 rust optional rust-hyper_0.14.19.orig.tar.gz 1a381936b2874231f3c1ef550951a32a 3548 rust optional rust-hyper_0.14.19-1.debian.tar.xz 9b20e77bd41253dbec1ef3d796c46990 11283 rust optional rust-hyper_0.14.19-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEU0DQATYMplbjSX63DEjqKnqP/XsFAmK2TGYUHHBsdWd3YXNo QGRlYmlhbi5vcmcACgkQDEjqKnqP/XvWGw//WyiBe7rR4JBDA5WBmtoTni945Yb7 qtMlMia/Rv9XqVoKrPLNzomvs+iIOOLnosOTCAdi8/dtmUVadDaW3WOyIZH7zuuS 2xQeC9zVv6Ee3PSCZDXQ82uq0YyjfwUY5VpYiQw23JneHrqckF+LmQo3d6ObQUeu 7M6HUr5JdvtaOVtGMIEyQlPl/0e8cl74scg7FzXJSFwOVwsyvL0UofM4Sv+ysf+V iNYIsMxUX0DzQ0RD9tFw3eDXnYvmo/dK0Eb1F+IGBPlQAu6YcXp/mrzMYF6zTKtM 6YqNQnLMSY+GFjFRRs6yNprJtUH+yQDT8A4iA0wDUP437jM8H3Pppv/4UmCKqbxo mWVpWA7nRKyHb3sCrNeDElCl2VVeJmAjywtkVW2yJfcIzsYsTVrYcwrOULpI6ClD H4rL66lz3VvDohvzOpthp2yAy9eDzDdWfVEFd1wgchP2wQfbNuPA7IYbBC1vMeXz S4q1uuGbR6fkl89eLvqPGDScHo17Wm4s8vPFEoCklgG7lJcCJj4yHKo56tng3Wvc IHV63y1kZbhpQCGpq5Z3bfvLG9x+xCMG3Nb8r1d211FDXWGaParqSgF4coB+8PAw avHsNjweibanjM/kePf7lI1hNlMKd1ieg5gZkpu2ArijGCUwKK1qmiDjRZoPeyAT kx1qEScUdMCpm5g= =FNWO -----END PGP SIGNATURE-----