| Release | Version |
|---|---|
| bullseye | 0.47.0-3 |
| bookworm | 0.66.0+ds1-1 |
| Bug | bullseye | bookworm | Description |
|---|---|---|---|
| CVE-2023-40030 | vulnerable (no DSA) | vulnerable (no DSA) | Cargo downloads a Rust project\u2019s dependencies and compiles the pr ... |
| CVE-2023-38497 | vulnerable (no DSA) | vulnerable (no DSA) | Cargo downloads the Rust project\u2019s dependencies and compiles the ... |
| CVE-2022-46176 | vulnerable (no DSA) | fixed | Cargo is a Rust package manager. The Rust Security Response WG was not ... |
| CVE-2022-36114 | vulnerable (no DSA) | fixed | Cargo is a package manager for the rust programming language. It was d ... |
| CVE-2022-36113 | vulnerable (no DSA) | fixed | Cargo is a package manager for the rust programming language. After a ... |
| Bug | Description |
|---|---|
| CVE-2019-16760 | Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ... |
| CVE-2016-10130 | The http_connect function in transports/http.c in libgit2 before 0.24. ... |
| CVE-2016-10129 | The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ... |
| CVE-2016-10128 | Buffer overflow in the git_pkt_parse_line function in transports/smart ... |
| CVE-2016-8569 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows ... |
| CVE-2016-8568 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allo ... |