Am Wed, May 19, 2021 at 07:39:55PM +0200 schrieb Fabian Grünbichler: > On May 18, 2021 8:42 pm, Moritz Muehlenhoff wrote: > > Source: rust-hyper > > Severity: grave > > Tags: security > > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > > > CVE-2021-21299: > > https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf > > https://rustsec.org/advisories/RUSTSEC-2021-0020.html > > FWIW, (rust-hyper) doesn't have any rdeps in bullseye AFAICT[1], so it > could either be ignored there or removed from bullseye without > consequences.
No strong opinion, but if there are really no rdeps yet, it's probably better to hint it out of testing. Cheers, Moritz