Source: rust-tokio Version: 1.43.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/tokio-rs/tokio/pull/7232 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi As reported in https://github.com/tokio-rs/tokio/pull/7232 and https://rustsec.org/advisories/RUSTSEC-2025-0023.html: | The broadcast channel internally calls clone on the stored value when | receiving it, and only requires T:Send. This means that using the | broadcast channel with values that are Send but not Sync can trigger | unsoundness if the clone implementation makes use of the value being | !Sync. iegards, Salvatore

