Package: rust-pprof Version: 0.13.0-5 Severity: serious X-debbugs-cc: alexander.kj...@gmail.com
A soundness issue was reported in rust-prost 0.13, https://rustsec.org/advisories/RUSTSEC-2024-0408.html which is reported as causing real-world failures in downstream applications. I looked at updating to the new upstream version, (wip packaging for new upstream version is in the debcargo-conf git) but that introduces a dependency on a crate that is not in Debian. rust-pprof does not appear to have any reverse dependencies, and I don't think it should be included in trixie in it's current state.
