Skip to content

Add RUSTSEC advisory for git2#2620

Merged
djc merged 3 commits intorustsec:mainfrom
BoLu1225:git2-advisory
Feb 4, 2026
Merged

Add RUSTSEC advisory for git2#2620
djc merged 3 commits intorustsec:mainfrom
BoLu1225:git2-advisory

Conversation

@BoLu1225
Copy link
Contributor

@BoLu1225 BoLu1225 commented Feb 2, 2026

Have confirmed with the maintainer and fixed the bug in latest release

@djc
Copy link
Member

djc commented Feb 3, 2026
edited
Loading

@ehuss do you agree that publishing an advisory for this is useful? Should it be informational = "unsound"?

cuviper
cuviper reviewed Feb 3, 2026
View reviewed changes
Copy link
Contributor

@cuviper cuviper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI we are discussing in the security response team whether this warrants a full CVE, but it didn't come to our attention until after the fact. I personally think at least informational = "unsound" is reasonable though, and I suppose we can update rustsec if we decide to go further.

@BoLu1225 @cuviper
Apply suggestion from @cuviper
92d248e 
Co-authored-by: Josh Stone <cuviper@gmail.com>
@djc
Copy link
Member

djc commented Feb 4, 2026

FYI we are discussing in the security response team whether this warrants a full CVE, but it didn't come to our attention until after the fact. I personally think at least informational = "unsound" is reasonable though, and I suppose we can update rustsec if we decide to go further.

Thanks. @BoLu1225 can you add the informational metadata?

@djc djc merged commit eca995a into rustsec:main Feb 4, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djc djc djc approved these changes

+1 more reviewer

@cuviper cuviper cuviper left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BoLu1225 @djc @cuviper