A new rustup version was synced from Debian, and the build logs confirm
that the patched librust-tar-0.4-dev version was pulled.
** Changed in: rustup (Ubuntu Resolute)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2148332
Title:
CVE-2026-33056: Packages that depend on rust-tar might still contain
vulnerable code
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/elan/+bug/2148332/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
