Among the 13 debian patches available in version 0.66.0+ds1-1 of the package, we noticed the following issues:
commit 4855d12f9d91860a7b79b919deba1f08a19879aa
Author: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Date: Wed Jan 11 18:55:48 2023 +0100
bump version to 0.66.0+ds1-1
Signed-off-by: Fabian Grünbichler <debian@fabian.gruenbichler.email>
commit 70bdb1bfa856db01fb5db7b20a757d2247a91c29
Author: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Date: Wed Jan 11 19:10:20 2023 +0100
update d/copyright
for newly added, vendored dependencies
Signed-off-by: Fabian Grünbichler <debian@fabian.gruenbichler.email>
commit 1520c2f6fcd6635d981efe711f18680715a923e9
Merge: 43d600468a 219e736326
Author: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Date: Thu Jan 12 15:39:19 2023 +0100
Update upstream source from tag 'upstream/0.66.0+ds1'
Update to upstream version '0.66.0+ds1'
with Debian dir 1eb4fb8eeb65bb50b9f85a4fc4d6a3d47395bc12
commit 219e7363266c99449e0b6e631b331223ec928c7a
Merge: a9f67d5777 4bc8f24d3e
Author: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Date: Thu Jan 12 15:38:52 2023 +0100
New upstream version 0.66.0+ds1
commit 43d600468a6af77de5e61ce14569fc0ee1331a35
Author: Fabian Grünbichler <debian@fabian.gruenbichler.email>
Date: Wed Jan 11 18:41:56 2023 +0100
update unsuspicious files
for dependencies pulled in by the CVE fix
Signed-off-by: Fabian Grünbichler <debian@fabian.gruenbichler.email>
commit 4c7a4b8cb95f8822fd06838e6039e269db717e74
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Wed Jan 11 10:50:21 2023 +0100
apply CVE fix for tarball generation
the fix updates and adds dependencies which we need to vendor.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
commit e3191111227fe933f83c88719e646c333103afd0
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Wed Jan 11 11:04:09 2023 +0100
adjust CVE patches for src:cargo
Cargo.toml files are not normalized here, since they are not obtained from
crates.io but from the upstream tarball. The bundled cargo-test-support crate
also needs to be adjusted.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
commit c08743d18400e90c6c6c3f327c01f7b8d3bc50fa
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Wed Jan 11 10:50:07 2023 +0100
add CVE-2022-46176 fix
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
There are 3 open security issues in bullseye.
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/c/cargo.png){kind=link}