| Release | Version |
|---|---|
| buster | 0.43.1-3~deb10u1 |
| bullseye | 0.47.0-3 |
| bookworm | 0.66.0+ds1-1 |
| trixie | 0.66.0+ds1-1 |
| sid | 0.66.0+ds1-1 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-38497 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Cargo downloads the Rust project\u2019s dependencies and compiles the ... |
| CVE-2022-46176 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Cargo is a Rust package manager. The Rust Security Response WG was not ... |
| CVE-2022-36114 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Cargo is a package manager for the rust programming language. It was d ... |
| CVE-2022-36113 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Cargo is a package manager for the rust programming language. After a ... |
| Bug | Description |
|---|---|
| CVE-2019-16760 | Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ... |
| CVE-2016-10130 | The http_connect function in transports/http.c in libgit2 before 0.24. ... |
| CVE-2016-10129 | The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ... |
| CVE-2016-10128 | Buffer overflow in the git_pkt_parse_line function in transports/smart ... |
| CVE-2016-8569 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows ... |
| CVE-2016-8568 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allo ... |