Bug#955151: marked as done (RUSTSEC-2020-0006: Flaw in `realloc` allows reading unknown memory)

[Debian Bug Tracking System]

Your message dated Sat, 28 Mar 2020 07:12:12 +0000
with message-id <e1ji5dc-0000sx...@fasolo.debian.org>
and subject line Bug#955151: fixed in rust-bumpalo 3.2.1-1
has caused the Debian Bug report #955151,
regarding RUSTSEC-2020-0006: Flaw in `realloc` allows reading unknown memory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
955151: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: rust-bumpalo
Version: 3.1.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/fitzgen/bumpalo/issues/69

Hi

Please see https://rustsec.org/advisories/RUSTSEC-2020-0006.html and
the upstream issue at https://github.com/fitzgen/bumpalo/issues/69 .

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: rust-bumpalo
Source-Version: 3.2.1-1
Done: Wolfgang Silbermayr <wolfg...@silbermayr.at>

We believe that the bug you reported is fixed in the latest version of
rust-bumpalo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 955...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wolfgang Silbermayr <wolfg...@silbermayr.at> (supplier of updated rust-bumpalo 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 Mar 2020 07:28:21 +0100
Source: rust-bumpalo
Architecture: source
Version: 3.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 
<pkg-rust-maintain...@alioth-lists.debian.net>
Changed-By: Wolfgang Silbermayr <wolfg...@silbermayr.at>
Closes: 955151
Changes:
 rust-bumpalo (3.2.1-1) unstable; urgency=medium
 .
   * Package bumpalo 3.2.1 from crates.io using debcargo 2.4.2
     Closes: #955151.
Checksums-Sha1:
 f407550c0ce2850eb558ef909c4e685aaaf64d00 2220 rust-bumpalo_3.2.1-1.dsc
 3fcf31e72717ad881e4efdc264d7bcb7ddde3610 120161 rust-bumpalo_3.2.1.orig.tar.gz
 d841134b0dcec947e15fd188490374fceeca8af8 2836 
rust-bumpalo_3.2.1-1.debian.tar.xz
 7585daf2c9ff18282dd612d2c9cbf7766aaad0c5 6700 
rust-bumpalo_3.2.1-1_source.buildinfo
Checksums-Sha256:
 b6c74f7985152d9dcb72bb19ed78289dc034676103cdba97a537367703a551b4 2220 
rust-bumpalo_3.2.1-1.dsc
 12ae9db68ad7fac5fe51304d20f016c911539251075a214f8e663babefa35187 120161 
rust-bumpalo_3.2.1.orig.tar.gz
 262fd431119d3abaf8cfdea83bb17917a6b74daaaf4dcd598becac9aaab5d934 2836 
rust-bumpalo_3.2.1-1.debian.tar.xz
 d9c524fc08869995ded097fe878238b9fe7f389ae666fffcb0a2d8d780c70d4a 6700 
rust-bumpalo_3.2.1-1_source.buildinfo
Files:
 1eaeeb15ca681c928b949da57a4d8e8f 2220 rust optional rust-bumpalo_3.2.1-1.dsc
 128ec9098be32a877e276a6fb904f79c 120161 rust optional 
rust-bumpalo_3.2.1.orig.tar.gz
 26fb38662d5e13c7bea00538fa4c637d 2836 rust optional 
rust-bumpalo_3.2.1-1.debian.tar.xz
 1e6890fa5642b4e37bfcad2e80e1787e 6700 rust optional 
rust-bumpalo_3.2.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEEhWSUk7LYy5Yue0UiITeAY1BXOwQFAl5+7o4XHHdvbGZnYW5n
QHNpbGJlcm1heXIuYXQACgkQITeAY1BXOwRf0RAAjJZqEslGy56cDBlxX8vbIuKm
qHNC9mr48mAFgM0y38OLyGQFZucVv0+0WoOzHRYfCO+80pwh0KOEbHB0v+VnGIQc
VqJ+Xou67Ltgjg7cNtmkMUq/IcbOGfFRyfuwZNyA98sBVFJW4DFw5dBX+Oo3c8WA
g34e3zoDyZzCmoBfitRl+bvVMBfs5Fj4i0as0lWMIRnW1CCx0lK+reSOnIzVBK8y
wLNNb4TH/jMCTmgKVyrXINRZpdlfcXHlfn8PNZfS3NffXWZ+8pC6eKKNLMmX4QZn
RPmqSOvd5YzDQ3Py72bRoG61S6JkRK/729H5Bkzf5FlXyPsxPV/2v3UjVJtcJ3ob
24YsuvllA4yQTSDtNcft4Q44pPkyeIF9u6RMuYwwb31HOovkzrbgBxrYRfz6iWl8
LEt072cx+ynEGtLfekclyratZLL38hx2tQd1L2sC2uhN42eUq+GuZFDyajiR1nzF
KqXEuNUIGTRSoMsVR/ufg/dVQlUft04X3t5dnW8bcKk6YxWR3BztfekbWREVid7x
Qdgxq7ka6VVm/oWmlXOrOz6GFIvQzbKFh0xCSPcY1V7dbPmIl0NlAAAyShtERM5R
Np75ReGs2EhOBft+VRGqn3cT85NKxVzzJM8nUhsHMUiPU77aUQ7cfqScS8FqVuWd
N8LsBeQmVJ2A1PklH+M=
=x7ft
-----END PGP SIGNATURE-----

--- End Message ---