There are 2 open security issues in buster.
2 issues left for the package maintainer to handle:
- CVE-2019-25009:
(needs triaging)
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
- CVE-2020-25574:
(needs triaging)
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
You can find information about how to handle these issues in the security team's documentation.