2320416 – Please branch and build rust-remove_dir_all0.7 in epel10

Bug 2320416 - Please branch and build rust-remove_dir_all0.7 in epel10

Summary: Please branch and build rust-remove_dir_all0.7 in epel10

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	rust-remove_dir_all0.7
Sub Component:
Version:	epel10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Rust SIG
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	EPELPackagersSIG 2320412
TreeView+	depends on / blocked

Reported:	2024-10-21 17:53 UTC by Michel Lind
Modified:	2024-10-22 18:17 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-10-22 18:17:26 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Michel Lind 2024-10-21 17:53:54 UTC

Please branch and build rust-remove_dir_all0.7 in epel10.

Comment 1 Fabio Valentini 2024-10-21 19:52:58 UTC

Why file a bug when you're just going to do it immediately?
I would prefer to *not* have remove_dir_all v0.7 in epel10.

The v0.7 branch is affected by an unfixable TOCTOU vulnerability:
https://rustsec.org/advisories/RUSTSEC-2023-0018.html

Comment 2 Michel Lind 2024-10-22 18:17:26 UTC

Apologies - should have let the filed requests sit in for a while first. I was basically filing at least for visibility of the dependency tree.

Re-retired as it turns out we can avoid bringing in all these packages

Note You need to log in before you can comment on or make changes to this bug.