[1] https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests/898
I decoupled handlebars from the rest and filed [1] to also decouple
prometheus: erbium (its only (transitive) reverse dependency
application) doesn't use protobuf's functionality. This however is not a
small change, so it needs consensus from the team (hence the MR). Pros
and cons are detailed in [1].
- Bug#1103833: rust-protobuf: CVE-2024-7254 Salvatore Bonaccorso
- Bug#1103833: rust-protobuf: CVE-2024-7254 NoisyCoil
- Bug#1103833: rust-protobuf: CVE-2024-7254 Jonas Smedegaard
- Bug#1103833: [Pkg-rust-maintainers] Bug#... NoisyCoil
- Bug#1103833: rust-protobuf: CVE-2024... NoisyCoil
- Bug#1103833: rust-protobuf: CVE... NoisyCoil
