Source: rust-maxminddb Version: 0.24.0-2 Severity: important Tags: security upstream Forwarded: https://github.com/oschwald/maxminddb-rust/issues/86 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi See https://rustsec.org/advisories/RUSTSEC-2025-0132.html https://github.com/advisories/GHSA-mj73-j457-8x9q | maxminddb prior to version 0.27 declared Reader::open_mmap as safe | despite wrapping an inherently unsafe memmap2 operation with no extra | step done to guarantee safety. This could have led to undefined | behaviour if the file were to be modified on disk while the memory map | was still active. Report: https://github.com/oschwald/maxminddb-rust/issues/86 Fixed by: https://github.com/oschwald/maxminddb-rust/commit/98f0e4fff9678c841ed33f3b8a46322f6163c32a Regards, Salvatore -- System Information: Debian Release: forky/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.17.8+deb14-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
