c.f. https://rustsec.org/advisories/RUSTSEC-2023-0020.html The last release of the "const-cstr" crate was on 2018-02-10. This is also the last day on which code changes happened in the project's git repo on GitHub. The project is now a read-only archive. The code has some issues that violate Rust soundness rules and can lead to panics when parsing untrusted data. The const_str and cstr crates are listed as possible alternatives. The following Rust packages in Fedora depend on the "const-cstr" crate: - libblkio - yeslogic-fontconfig-sys I plan to mark the "rust-const-cstr-devel" package with "Provides: deprecated()" to ensure no new packages in Fedora depending on it, and will file additional bugs for all dependent packages.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.