Merge pull request #174 from RustSec/CVE-2019-16760/fixups

CVE-2019-16760: update advisory title
2025-12-31 08:40:26 +01:00 · 2019-10-02 12:15:04 -07:00
parent a4f1c446c9 daf03936dd
commit 2659dc69f7
1 changed files with 4 additions and 3 deletions
--- a/rust/cargo/CVE-2019-16760.toml
+++ b/rust/cargo/CVE-2019-16760.toml
@@ -2,7 +2,10 @@
 id = "CVE-2019-16760"
 package = "cargo"
 date = "2019-09-30"
-title = "Security advisory for Cargo"
+aliases = ["GHSA-phjm-8x66-qw4r"]
+unaffected_versions = [">= 1.26.0"]
+url = "https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ"
+title = "Cargo prior to Rust 1.26.0 may download the wrong dependency"
 description = """
 The Rust team was recently notified of a security concern when using older
 versions of Cargo to build crates which use the package rename feature added in
@@ -106,5 +109,3 @@ with our [security policy][5].
 [4]: https://gist.github.com/pietroalbini/0d293b24a44babbeb6187e06eebd4992
 [5]: https://www.rust-lang.org/policies/security
 """
-unaffected_versions = [">= 1.26.0"]
-url = "https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ"