Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Bug#1103252: rust-pprof - soundness issue RUSTSEC-2024-0408

From Peter Green@21:1/5 to All on Tue Apr 15 18:00:01 2025

Package: rust-pprof
Version: 0.13.0-5
Severity: serious
X-debbugs-cc: alexander.kjall@gmail.com

A soundness issue was reported in rust-prost 0.13, https://rustsec.org/advisories/RUSTSEC-2024-0408.html
which is reported as causing real-world failures in
downstream applications.

I looked at updating to the new upstream version,
(wip packaging for new upstream version is in the
debcargo-conf git) but that introduces a dependency
on a crate that is not in Debian.

rust-pprof does not appear to have any reverse
dependencies, and I don't think it should be included
in trixie in it's current state.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Mon Apr 21 14:00:01 2025

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kj�ll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Cheers,
Moritz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Peter Michael Green@21:1/5 to All on Mon Apr 21 14:30:01 2025

On 21/04/2025 12:47, Moritz Mühlenhoff wrote:

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kjäll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Jonas asked for a new upstream version not so long ago, so presumablly
he has, or had future plans for stuff that depends on pprof. Adding him
to cc.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Centurion
  Tue Jun 17 02:59:31 2025
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 16 23:05:02 2025
  from Wales, Uk via Telnet
- Ian Rihard Kosednar
  Mon Jun 16 20:44:01 2025
  from No via SSH
- Guest
  Mon Jun 16 20:26:11 2025
  from No via SSH
- Plume
  Mon Jun 16 06:46:57 2025
  from Uk via SSH
- Centurion
  Mon Jun 16 05:18:46 2025
  from Berea, Ohio via Telnet
- Guest
  Sun Jun 15 18:58:11 2025
  from No via SSH
- Plume
  Sun Jun 15 15:01:03 2025
  from Uk via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	493
Nodes:	16 (2 / 14)
Uptime:	13:05:29
Calls:	9,711
Calls today:	1
Files:	13,740
Messages:	6,181,642