Bug#1102137: marked as done (rust-openssl: RUSTSEC-2025-0022: Use-After-Free in Md::fetch and Cipher::fetch)

[Debian Bug Tracking System]

Your message dated Tue, 08 Apr 2025 04:54:54 +0000
with message-id <e1u20z8-004fvv...@fasolo.debian.org>
and subject line Bug#1102137: fixed in rust-openssl 0.10.72-1
has caused the Debian Bug report #1102137,
regarding rust-openssl: RUSTSEC-2025-0022: Use-After-Free in Md::fetch and 
Cipher::fetch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1102137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: rust-openssl
Version: 0.10.70-1
Severity: grave
Tags: security upstream
Forwarded: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

AFAIK, there is no CVE assigned yet for RUSTSEC-2025-0022 issue:

RUSTSEC-2025-0022:
| Use-After-Free in Md::fetch and Cipher::fetch

Reported/handled upstream in:
https://github.com/sfackler/rust-openssl/pull/2390

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: rust-openssl
Source-Version: 0.10.72-1
Done: Peter Michael Green <plugw...@debian.org>

We believe that the bug you reported is fixed in the latest version of
rust-openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1102...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Michael Green <plugw...@debian.org> (supplier of updated rust-openssl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 07 Apr 2025 08:34:33 +0000
Source: rust-openssl
Architecture: source
Version: 0.10.72-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 
<pkg-rust-maintain...@alioth-lists.debian.net>
Changed-By: Peter Michael Green <plugw...@debian.org>
Closes: 1102137
Changes:
 rust-openssl (0.10.72-1) unstable; urgency=medium
 .
   * Team upload.
   * Package openssl 0.10.72 from crates.io using debcargo 2.7.8
     + New upstream fixes RUSTSEC-2025-0022 (Closes: #1102137)
   * Remove unnessacery context in patches so they apply cleanly to new
     upstream.
   * Disable newly added aws-lc feature.
Checksums-Sha1:
 6e2eb261641c6dee2178c1415c345c2f96689830 2662 rust-openssl_0.10.72-1.dsc
 7915eb8d7259f1c886284eecce1dbd75160748ea 283852 
rust-openssl_0.10.72.orig.tar.gz
 ddbb748542e8a432577ef6344afce53328c12947 3012 
rust-openssl_0.10.72-1.debian.tar.xz
 b339ae29c0f88cdf55641f985042e804e70a7289 8523 
rust-openssl_0.10.72-1_source.buildinfo
Checksums-Sha256:
 c43bebd9269febc7458e7873ed7f61ab05459b6457cefab48787998e8b9e418a 2662 
rust-openssl_0.10.72-1.dsc
 fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da 283852 
rust-openssl_0.10.72.orig.tar.gz
 e01656111a3839d787863f1bbbab6e51263ab379f6724d80163a83c0ae06ba40 3012 
rust-openssl_0.10.72-1.debian.tar.xz
 8c557ec83b71f6e42fe559b3627860ee931bb3d74c2539a613281d2f3eb58d44 8523 
rust-openssl_0.10.72-1_source.buildinfo
Files:
 4ece58a4def86298aac203f953de284f 2662 rust optional rust-openssl_0.10.72-1.dsc
 c015be06dbb3b2b10b1a5fc9dd8c4f1e 283852 rust optional 
rust-openssl_0.10.72.orig.tar.gz
 ca3b96942092fd9e78e251e504c8a343 3012 rust optional 
rust-openssl_0.10.72-1.debian.tar.xz
 7d3f6dc22f73a767439906b0459d834f 8523 rust optional 
rust-openssl_0.10.72-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEU0DQATYMplbjSX63DEjqKnqP/XsFAmf0bZ8UHHBsdWd3YXNo
QGRlYmlhbi5vcmcACgkQDEjqKnqP/XuWKxAAmmtDiJ7U7sSJCrdQUPoxh3AiBNdW
L5V8a/QFI3JRhF/cawK7zSKTWGXQIYcNrVW21BDa3007BDuujt5SKUNYxZBOgRNw
LauXwJjgb2VkWTzLp3FwNb4XQ29YoOOXeNaqJ8w97H+MwZk9RPIo0LIDKWiryP0U
lKsgDLgTxDN2DAj2PlhJXPYdFG+TdTrJOnh0p3bTmk7zLdhL+MerZ4EUgTtl2yXw
7eQBJfCburYsS+ImgsvRNogjULH6AFgAY+T3OU+RqSKPw+8Fg8WobU4aH88/4FP4
b7RFjE5nQLpI5IeqnSsEsTUWjLCZ28uqMCcVmw4Pog4uSxCcR/FRSSpKP95vM09N
xA/VnBPRkMmJD9635srC6HguUyYAQjjsJLczNr2KQDAQl3Ky5Ld88enVrljXOlmU
2d8OJeb/y/1bTxcmoM3d2FSy9j1oDXimcEqMfcu54ptNj32XyeI9cUG14x3DbCVk
FgxTxQTIOiXdQK4yk5NdGZgugFBk15w+T46eyOqh4IKi90lJ8KKeskwnqwgpJTAW
oOc2yS7Y4NuiAPxRQ9Zo/SF1miWCTojnC7lyJkOBVULeVDr5urplHjOHEdoGl8wr
y5cMMqnEplhz1uTOMzHdkqzNTrSkS3OxR18yh53nUp/Vs5u6nzboHiYz4d8Bih3F
hgYuspy9OcwkPbQ=
=vQog
-----END PGP SIGNATURE-----

pgpYObNTHSSzJ.pgp
Description: PGP signature

--- End Message ---