rust-brotli-sys bundles (insecure!) brotli

  • Open
  • quality assurance status badge
Details
One participant
  • Maxime Devos
Owner
unassigned
Submitted by
Maxime Devos
Severity
normal
M
M
Maxime Devos wrote on 2 Aug 2022 20:06
(address . bug-guix@gnu.org)
54a7e640-ae14-6e6c-6877-35ddc6bb3e35@telenet.be
I noticed rust-brotli-sys bundles brotli:
The version it bundles is apparently insecure:
have been multiple PR updating it to new PR but they were abandoned, so
it appears we have to remove rust-brotli-sys entirely (in favour of
rust-brotli?) or merge one of them (or better: unbundle) things on our own.
Greetings,
Maxime.
Attachment: OpenPGP_signature
M
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 56895@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 56895
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch