Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Bug#1103252: rust-pprof - soundness issue RUSTSEC-2024-0408

From Peter Green@21:1/5 to All on Tue Apr 15 18:00:01 2025

Package: rust-pprof
Version: 0.13.0-5
Severity: serious
X-debbugs-cc: alexander.kjall@gmail.com

A soundness issue was reported in rust-prost 0.13, https://rustsec.org/advisories/RUSTSEC-2024-0408.html
which is reported as causing real-world failures in
downstream applications.

I looked at updating to the new upstream version,
(wip packaging for new upstream version is in the
debcargo-conf git) but that introduces a dependency
on a crate that is not in Debian.

rust-pprof does not appear to have any reverse
dependencies, and I don't think it should be included
in trixie in it's current state.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Mon Apr 21 14:00:01 2025

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kj�ll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Cheers,
Moritz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Peter Michael Green@21:1/5 to All on Mon Apr 21 14:30:01 2025

On 21/04/2025 12:47, Moritz Mühlenhoff wrote:

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kjäll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Jonas asked for a new upstream version not so long ago, so presumablly
he has, or had future plans for stuff that depends on pprof. Adding him
to cc.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Centurion
  Sat Jun 14 09:29:30 2025
  from Berea, Ohio via Telnet
- Plume
  Sat Jun 14 05:15:48 2025
  from Uk via SSH
- Centurion
  Sat Jun 14 04:44:25 2025
  from Berea, Ohio via Telnet
- Centurion
  Sat Jun 14 03:55:25 2025
  from Berea, Ohio via Telnet
- Adam Fancher
  Fri Jun 13 23:00:16 2025
  from Winsted, Ct via Telnet
- Plume
  Fri Jun 13 22:17:22 2025
  from Uk via SSH
- Centurion
  Fri Jun 13 18:58:14 2025
  from Berea, Ohio via Telnet
- Bob Worm
  Fri Jun 13 10:37:24 2025
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	491
Nodes:	16 (2 / 14)
Uptime:	145:58:23
Calls:	9,694
Calls today:	4
Files:	13,731
Messages:	6,178,580