Your message dated Sun, 10 Apr 2022 19:50:06 +0000 with message-id <e1nddzw-000dpr...@fasolo.debian.org> and subject line Bug#988945: fixed in rust-http 0.1.21-0.1 has caused the Debian Bug report #988945, regarding CVE-2019-25009 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rust-http Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> CVE-2019-25009: https://rustsec.org/advisories/RUSTSEC-2019-0034.html https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7 https://github.com/hyperium/http/commit/8ffe094df1431321d450860cc56a22dd53175f5e Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: rust-http Source-Version: 0.1.21-0.1 Done: Jonas Smedegaard <d...@jones.dk> We believe that the bug you reported is fixed in the latest version of rust-http, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Smedegaard <d...@jones.dk> (supplier of updated rust-http package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Apr 2022 21:36:10 +0200 Source: rust-http Architecture: source Version: 0.1.21-0.1 Distribution: unstable Urgency: medium Maintainer: Debian Rust Maintainers <pkg-rust-maintain...@alioth-lists.debian.net> Changed-By: Jonas Smedegaard <d...@jones.dk> Closes: 988945 Changes: rust-http (0.1.21-0.1) unstable; urgency=medium . * non-maintainer upload * upgrade to new upstream release 0.2.21; closes: bug#988945, thanks to Moritz Muehlenhoff; CVE-2019-25009 * drop patch cherry-picked upstream now applied * fix unsatisfiable dependencies and failure to build from source: + add patches to use newer release of crate bytes + build-depend and autopkgtest-depend on librust-block-bytes-1+default-dev (not older version gone since 2021-11-28) + add patch to avoid crates quickcheck rand: same-API quickcheck not in Debian; see <https://github.com/BurntSushi/quickcheck/pull/271#issue-784946462=> + add patch to avoid crate seahash: used only for benchmark + drop autopkgtest dependencies on librust-quickcheck-1+default-dev librust-rand-0.8+default-dev librust-seahash-4+default-dev (some of which were never in Debian) Checksums-Sha1: b4f8c56ab1a51add92807685296191f321197128 2377 rust-http_0.1.21-0.1.dsc ff1f936d02f15a3a031e1723ed89a136b10a697d 116115 rust-http_0.1.21.orig.tar.gz dcb784f9d73c0a73cdaeba1d21b9aece06aa8f87 5500 rust-http_0.1.21-0.1.debian.tar.xz 966cc5dac51877555ac379c8d536fe03399d25b4 7188 rust-http_0.1.21-0.1_amd64.buildinfo Checksums-Sha256: e73fd48cb2c0136e6c1ace023ec1a3c269c9f0ed0e886afb0e58c55afe730ef0 2377 rust-http_0.1.21-0.1.dsc 7142ae8e6486247698be014b8d54b6a47829ed612c6c8a31c1798ec74ce6e611 116115 rust-http_0.1.21.orig.tar.gz e7ad0595355d80f520470e05c3f73ce3b340bcc0707ec61106d1e4adffd9030a 5500 rust-http_0.1.21-0.1.debian.tar.xz 3eedcd39190b2def805af4523c1f830bbd01471b19ed48f1c441f6db19acafbc 7188 rust-http_0.1.21-0.1_amd64.buildinfo Files: b60ce53e8e6f44bac5b27eb391de9bc5 2377 rust optional rust-http_0.1.21-0.1.dsc af1ec69448324aa2c8eec06a02574565 116115 rust optional rust-http_0.1.21.orig.tar.gz fa8f98df6ccae03b8d3288b0fb5f1884 5500 rust optional rust-http_0.1.21-0.1.debian.tar.xz a82a5170a6a8efd3d499c03361018d89 7188 rust optional rust-http_0.1.21-0.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmJTMygACgkQLHwxRsGg ASEQrA/9G05+9/g7DA5O7UyswmBr7+PDUmfQAdb+h/IBa6yYGwUV1f0MoVgc2Kwl vG5g30o5tZERtRnFKTME70Y6Vho6pA5aeIf29cLUCZyLYaEtiGIuIIqbjg9EsGnX +SnjQhZeGpKn6It8NRukx+PDlO6+Dr2o4Y9oWEO70C9TuCRrwg5qekHEqssQ7IC7 LwS+4CO0RK1pGtC/ka/O0JdhZayh+IYhHneBqT/iGWzhgF9UfpNoH2hnCGDPVcP3 au+wyOS27gSDRrgYn+Xs0lpwvd5Wou70E0vcS0cY7VVB8sXo6+ddWtCaNiL66A5s nPf+26sFOWw1LAU4KGB3tw1ily1/4ukGCVjNx0BsF5fZnGz26ByFfnQ+0ahg53pC mvNPNyRJB6WOR3kQ+kh5tSdmvuJeuJYUm7kR5uJ5Bo7XEobPI1gUDQLasLPPDdrg 0i8ka1U7hDo20/NLqSkG5AHq089pl/Rs1aNBGLQC6sOe+jqiy8UuFoWCT7CrWG0c Pqd6S8TBBoC2AT5/zixBpu361jLmASoTN9Ozhk3sV7QnSvDfMqh469ki9OOMtuE/ oSxJO7G6lkPODddqXzXdP8ggT/ZBTyoAdYsLUMwNDL1GVie3KrkCnVGmAo6g8lEQ 9QIkUqdoN/Ze9faTYB4N5v+Muo+9gPq7DKKdUEGjNF/5aigBM+A= =j1wK -----END PGP SIGNATURE-----
--- End Message ---
