commit: eddf0bceebcd4dd598204376c580feac89efba03
parent c759cddc6f0b24f9127370c260f709f19d5d7fd4
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Wed, 29 Oct 2025 19:34:05 +0100
notes/rust-issues: async-tar
Diffstat:
1 file changed, 6 insertions(+), 0 deletions(-)
diff --git a/notes/rust-issues.xhtml b/notes/rust-issues.xhtml
@@ -34,6 +34,12 @@
This is what intentionally throwing distros away gets you into.
</p>
+ <h2>Abandonned <code>async-tar</code> gets a vulnerability, fix status gets lost into fork-ception</h2>
+ <p>
+ Managed to even break python <code>uv</code> packager:
+ <a href="https://www.theregister.com/2025/10/22/vulnerable_rust_crate/">Forking confusing: Vulnerable Rust crate exposes uv Python packager</a>
+ </p>
+
<h2>Extra: Crates.io outage due to bad URL mangling</h2>
<p>
<a href="https://blog.rust-lang.org/inside-rust/2023/07/21/crates-io-postmortem.html">crates.io Postmortem: Broken Crate Downloads</a>
