Several memory corruption issues via safe APIs

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

UBUNTU-CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

PT-2026-35041

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.24 through 0.10.77 Description FFI trampolines behind the functions set psk client callback, set psk server callback, set cookie generate cb, and set stateless cookie generate cb in SslContextBuilder forward the user...

Security update for cargo-packaging, rust-bindgen

This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0. Patch...

[SECURITY] Fedora 41 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc41

Rust FFI bindings to jemalloc...

EUVD-2023-2715

Malicious code in bioql PyPI...

[SECURITY] Fedora 41 Update: maturin-1.8.7-2.fc41

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

The `google-apis-rs` project is now unmaintained

Instead, please start using and migrate to the official Google Rust bindings...

RUSTSEC-2025-0066 The `google-apis-rs` project is now unmaintained

Instead, please start using and migrate to the official Google Rust bindings...

[SECURITY] Fedora 41 Update: maturin-1.8.6-1.fc41

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 42 Update: maturin-1.8.6-1.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 41 Update: rust-gstreamer-0.23.5-2.fc41

Rust bindings for GStreamer...

[SECURITY] Fedora 40 Update: rust-gstreamer-0.23.5-2.fc40

Rust bindings for GStreamer...

[SECURITY] Fedora 42 Update: rust-gstreamer-0.23.5-2.fc42

Rust bindings for GStreamer...

[SECURITY] Fedora 41 Update: rust-openssl-0.10.72-1.fc41

OpenSSL bindings...

[SECURITY] Fedora 37 Update: rust-nettle-sys-2.2.0-1.fc37

Low-level Rust bindings for the Nettle cryptographic library...