please package versione 0.13.0 of rust-asn1.
It's a semver bump, which given how dependencies are typically specified in the rust world probablly counts as a transition. Unfortunately upstream doesn't provide a changelog so it's difficult for me to tell how substantial the changes actually are. That said, the only reverse dependency seems to be python-cryptography, so I would say an update is not totally out of the question. In any case I've uploaded it to experimental so it can be used to develop and test against.
This new version is needed by python-cryptography/39.0.1 and we need that version to fix CVE-2023-23931
We are supposed to be in the "soft freeze", is this new upstream version really essential for fixing the bug? have you discussed this with the rest of the python team or with the release team? what if-any testing have you done.