Source: rust-gix-date Version: 0.9.3-1 Severity: important Tags: security upstream Forwarded: https://github.com/GitoxideLabs/gitoxide/issues/2305 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi >From https://rustsec.org/advisories/RUSTSEC-2025-0140.html: | The function gix_date::parse::TimeBuf::as_str can create an illegal | string containing non-utf8 characters. This violates the safety | invariant of TimeBuf and can lead to undefined behavior when consuming | the string. | | The bug can be prevented by adding str::from_utf8 to the function | TimeBuf::write. https://github.com/GitoxideLabs/gitoxide/issues/2305 Regards, Salvatore
