From 0a4f0ee9604477d34a73fb3fb6c03a9602e91b02 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 24 Jul 2018 15:35:07 -0700 Subject: [PATCH 1/2] CONTRIBUTING.md: Fix link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4d3265f..2c297ef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -44,7 +44,7 @@ A: No, anyone can file an advisory against any crate. The legitimacy of **Q: Can I file an advisory without creating a pull request?** A: Yes, instead of creating a full advisory yourself you can also - [open an issue on the advisory-db repo]: https://github.com/RustSec/advisory-db/issues + [open an issue on the advisory-db repo](https://github.com/RustSec/advisory-db/issues) or email information about the vulnerability to [rustsec@googlegroups.com](mailto:rustsec@googlegroups.com). From ad872b63b2e3bf075f450704c95c16f2560c73ab Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 24 Jul 2018 15:36:23 -0700 Subject: [PATCH 2/2] README.md: Move title/description up in advisory example --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 5c07171..f20b241 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,22 @@ package = "mycrate" # Disclosure date of the advisory as an RFC 3339 date (mandatory) date = "2017-02-25" +# Single-line description of a vulnerability (mandatory) +title = "Flaw in X allows Y" + +# Enter a short-form description of the vulnerability here (mandatory) +description = """ +Affected versions of this crate did not properly X. + +This allows an attacker to Y. + +The flaw was corrected by Z. +""" + +# URL to a long-form description of this issue, e.g. a GitHub issue/PR, +# a change log entry, or a blogpost announcing the release (optional) +url = "https://github.com/mystuff/mycrate/issues/123" + # Versions which include fixes for this vulnerability (mandatory) patched_versions = [">= 1.2.0"] @@ -61,22 +77,6 @@ aliases = ["CVE-2018-XXXX"] # References to related vulnerabilities (optional) # e.g. CVE for a C library wrapped by a -sys crate) references = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"] - -# URL to a long-form description of this issue, e.g. a GitHub issue/PR, -# a change log entry, or a blogpost announcing the release (optional) -url = "https://github.com/mystuff/mycrate/issues/123" - -# Single-line description of a vulnerability (mandatory) -title = "Flaw in X allows Y" - -# Enter a short-form description of the vulnerability here (mandatory) -description = """ -Affected versions of this crate did not properly X. - -This allows an attacker to Y. - -The flaw was corrected by Z. -""" ``` ## License