From 74e85683892acd9bf04c761b009c4929f9a47d68 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Sat, 26 Sep 2020 21:47:56 +0200 Subject: [PATCH 1/2] Advisory for unsound pinning in actix-codec --- crates/actix-codec/RUSTSEC-0000-0000.toml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 crates/actix-codec/RUSTSEC-0000-0000.toml diff --git a/crates/actix-codec/RUSTSEC-0000-0000.toml b/crates/actix-codec/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..40fa8c1 --- /dev/null +++ b/crates/actix-codec/RUSTSEC-0000-0000.toml @@ -0,0 +1,18 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "actix-codec" +date = "2020-01-30" +title = "Use-after-free in Framed due to lack of pinning" +url = "https://github.com/actix/actix-net/issues/91" +categories = ["memory-corruption"] + +description = """ +Affected versions of this crate did not require the buffer wrapped in `Framed` to be pinned, +but treated it as if it had a fixed location in memory. This may result in a use-after-free. + +The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`. +""" + +# Versions which include fixes for this vulnerability (mandatory) +[versions] +patched = [">= 0.3.0-beta.1"] From f4faaa9cc3ddb6268c88620f6a13bed1d38d7d27 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Sat, 26 Sep 2020 21:49:09 +0200 Subject: [PATCH 2/2] drop comment --- crates/actix-codec/RUSTSEC-0000-0000.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/crates/actix-codec/RUSTSEC-0000-0000.toml b/crates/actix-codec/RUSTSEC-0000-0000.toml index 40fa8c1..639e70c 100644 --- a/crates/actix-codec/RUSTSEC-0000-0000.toml +++ b/crates/actix-codec/RUSTSEC-0000-0000.toml @@ -13,6 +13,5 @@ but treated it as if it had a fixed location in memory. This may result in a use The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`. """ -# Versions which include fixes for this vulnerability (mandatory) [versions] patched = [">= 0.3.0-beta.1"]