Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Bug#1103252: rust-pprof - soundness issue RUSTSEC-2024-0408

From Peter Green@21:1/5 to All on Tue Apr 15 18:00:01 2025

Package: rust-pprof
Version: 0.13.0-5
Severity: serious
X-debbugs-cc: alexander.kjall@gmail.com

A soundness issue was reported in rust-prost 0.13, https://rustsec.org/advisories/RUSTSEC-2024-0408.html
which is reported as causing real-world failures in
downstream applications.

I looked at updating to the new upstream version,
(wip packaging for new upstream version is in the
debcargo-conf git) but that introduces a dependency
on a crate that is not in Debian.

rust-pprof does not appear to have any reverse
dependencies, and I don't think it should be included
in trixie in it's current state.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Mon Apr 21 14:00:01 2025

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kj�ll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Cheers,
Moritz

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Peter Michael Green@21:1/5 to All on Mon Apr 21 14:30:01 2025

On 21/04/2025 12:47, Moritz Mühlenhoff wrote:

Am Tue, Apr 15, 2025 at 07:52:49PM +0200 schrieb Alexander Kjäll:

pprof was at some point needed for the gix stack, if they have moved
away from using it then I agree that it's not needed in trixie.

Will this bug be enought to block it, or do we need to do anything more?

If it's entirely unused, then rather file an RM bug against ftp.debian.org?

Jonas asked for a new upstream version not so long ago, so presumablly
he has, or had future plans for stuff that depends on pprof. Adding him
to cc.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Centurion
  Tue Jun 10 04:44:57 2025
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 9 23:08:44 2025
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 9 21:49:37 2025
  from Wales, Uk via Telnet
- Plume
  Mon Jun 9 20:39:48 2025
  from Uk via SSH
- Michal Wronka
  Mon Jun 9 19:31:41 2025
  from Wroclaw, Poland via Telnet
- Driswillis156
  Sun Jun 8 22:29:00 2025
  from Nope via SSH
- Bob Worm
  Sun Jun 8 21:04:22 2025
  from Wales, Uk via Telnet
- Logan
  Sun Jun 8 15:24:00 2025
  from Adelaide via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	489
Nodes:	16 (2 / 14)
Uptime:	48:26:24
Calls:	9,670
Calls today:	1
Files:	13,719
Messages:	6,170,209