OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 10:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

string-interner-0.6.4 also fixes RUSTSEC-2019-0023

Browse Source 
The fix https://github.com/Robbepop/string-interner/pull/10
released in 0.7.1 was also backported to the 0.6 release line in
https://github.com/Robbepop/string-interner/pull/14 and released in 0.6.4.
This commit is contained in:
Bas van Dijk
2019-12-21 11:43:05 +01:00
parent 7bc1753de3
commit 158c986aa4
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
crates/string-interner/RUSTSEC-2019-0023.toml
View File

@@ -14,7 +14,10 @@ An attacker can do brute force attack to get the data pointed by the dangling po
The flaw was corrected by <https://github.com/Robbepop/string-interner/pull/10>.
This patch implements `Clone` manually to the interner type, so that the internal raw pointers always point the strings owned by the same interner.
PR #10 was also backported to the 0.6 release line in
<https://github.com/Robbepop/string-interner/pull/14> and was released in 0.6.4.
"""
patched_versions = [">= 0.7.1"]
patched_versions = ["^0.6.4", ">= 0.7.1"]
url = "https://github.com/Robbepop/string-interner/issues/9"
keywords = ["use after free"]