pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rust - volunteers sought...



Havard Eidnes <he%NetBSD.org@localhost> writes:

> If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
> from a recent CVE disclosure which turned out to be a security
> issue only on Windows, ref. CVE-2024-24576.

I think in general it's wrong for a program to insist on security-fixed
dependencies.

> That had however the effect of several program maintainers
> installing "you must use a rust version without this CVE" into
> their setups.

That seems easy enough to patch out, as a bug.



Home | Main Index | Thread Index | Old Index