Bug 2177714 - RUSTSEC-2021-0153: encoding is unmaintained
Summary: RUSTSEC-2021-0153: encoding is unmaintained
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: rust-encoding
Version: 39
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rust SIG
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 2214199 2214200 2214202 2214206 2214201
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-13 13:17 UTC by Fabio Valentini
Modified: 2023-08-16 07:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Fabio Valentini 2023-03-13 13:17:28 UTC 
c.f. https://rustsec.org/advisories/RUSTSEC-2021-0153.html

The last release of the "encoding" crate was on 2016-08-28, and the last commit in the git repository of the project on GitHub was on 2017-07-11.

The "encoding_rs" crate is listed as a possible replacement.

The following Rust packages in Fedora depend on the "encoding" crate:

- librsvg2
- bat
- compress-tools
- lopdf
- tendril
- url (v1)

I plan to mark the "rust-encoding-devel" package with "Provides: deprecated()" to ensure no new packages in Fedora start depending on it, and will file additional bugs for all dependent packages.
Comment 1 Fabio Valentini 2023-06-12 09:49:57 UTC 
librsvg2 seems to have switched from the "encoding" to the "encoding_rs" crate since I filed this bug.
Comment 2 Fedora Release Engineering 2023-08-16 07:11:34 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.
Note You need to log in before you can comment on or make changes to this bug.