[Git][security-tracker-team/security-tracker][master] new rust-nix, rust-tokio issues

Mon, 03 Jan 2022 07:02:20 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
379f42ac by Moritz Muehlenhoff at 2022-01-03T16:01:43+01:00
new rust-nix, rust-tokio issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,13 +916,19 @@ CVE-2021-45712 (An issue was discovered in the rust-embed 
crate before 6.3.0 for
 CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 
0.6.1 fo ...)
        NOT-FOR-US: Rust crate simple_asn1
 CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 
1.9.x thr ...)
-       TODO: check
+       - rust-tokio <unfixed>
+       [bullseye] - rust-tokio <no-dsa> (Minor issue)
+       NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
+       NOTE: https://github.com/tokio-rs/tokio/issues/4225
 CVE-2021-45709 (An issue was discovered in the crypto2 crate through 
2021-10-08 for Ru ...)
        NOT-FOR-US: Rust crate crypto2
 CVE-2021-45708 (An issue was discovered in the abomonation crate through 
2021-10-17 fo ...)
        NOT-FOR-US: Rust crate abomonation
 CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x 
before  ...)
-       TODO: check
+       - rust-nix 0.23.0-1
+       [bullseye] - rust-nix <no-dsa> (Minor issue)
+       [buster] - rust-nix <not-affected> (Introduced in 0.16)
+       NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
 CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 
1.1.1 for R ...)
        NOT-FOR-US: Rust crate zeroize_derive
 CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for 
Rust. T ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/379f42ac960b30e0e91e451d58b1fdbc9572ebf2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/379f42ac960b30e0e91e451d58b1fdbc9572ebf2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to