1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1103988: rust-tokio: RUSTSEC-2025-0023: Broadcast channel calls clo

    From Salvatore Bonaccorso@21:1/5 to All on Wed Apr 23 17:20:01 2025
    Source: rust-tokio
    Version: 1.43.0-1
    Severity: important
    Tags: security upstream
    Forwarded: https://github.com/tokio-rs/tokio/pull/7232
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi

    As reported in https://github.com/tokio-rs/tokio/pull/7232 and https://rustsec.org/advisories/RUSTSEC-2025-0023.html:

    | The broadcast channel internally calls clone on the stored value when
    | receiving it, and only requires T:Send. This means that using the
    | broadcast channel with values that are Send but not Sync can trigger
    | unsoundness if the clone implementation makes use of the value being
    | !Sync.

    iegards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From NoisyCoil@21:1/5 to All on Wed Apr 23 18:20:01 2025
    Source: rust-tokio
    Followup-For: Bug #1103988
    X-Debbugs-Cc: noisycoil@tutanota.com
    Control: tags -1 + pending

    Fixed in VCS, waiting for upload.

    Thanks!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)