You must log in or # to comment.
Honestly, cargo could flag crates with known CVEs, be a better package manager.
Removed by mod
Does this affect GNU tar, or Busybox tar, or BSD tar?
The title seems like a stupid attack on open source… Because closed source abandonware is not a security issue??
At least open source projects can be forked and updated, a closed source system would leave you with only the option of choosing between the software or security.
