Per discussion on irc, the updated package doesn't setuid on the /usr/bin/please and /usr/bin/pleaseedit binaries. Looking into the issue revealed that the package shipped in hirsute has the same issue.
The debian/rules file overrides dh_fixperms to set the setuid bit on the binaries, but on Ubuntu dh_strip a little further along the build process seems to remove them again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928381 Title: Fixes for CVE-2021-31153, CVE-2021-31154 and CVE-2021-31155 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rust-pleaser/+bug/1928381/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
