Keywords

Documents the new `keywords` attribute and adds keywords to all current
advisories. These can be consumed by the web UI.

README.md

@@ -64,6 +64,9 @@ The flaw was corrected by Z.
 # a change log entry, or a blogpost announcing the release (optional)
 url = "https://github.com/mystuff/mycrate/issues/123"
 
+# Keywords which describe this vulnerability, similar to Cargo keywords
+keywords = ["ssl", "mitm"]
+
 # Versions which include fixes for this vulnerability (mandatory)
 patched_versions = [">= 1.2.0"]
 

crates/base64/RUSTSEC-2017-0004.toml

@@ -1,11 +1,12 @@
 [advisory]
 id = "RUSTSEC-2017-0004"
 package = "base64"
-patched_versions = [">= 0.5.2"]
-aliases = ["CVE-2017-1000430"]
+date = "2017-05-03"
 url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
 title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf"
-date = "2017-05-03"
+patched_versions = [">= 0.5.2"]
+keywords = ["memory-corruption"]
+aliases = ["CVE-2017-1000430"]
 description = """
 Affected versions of this crate suffered from an integer overflow bug when
 calculating the size of a buffer to use when encoding base64 using the

crates/cookie/RUSTSEC-2017-0005.toml

@@ -2,6 +2,7 @@
 id = "RUSTSEC-2017-0005"
 package = "cookie"
 patched_versions = ["< 0.6.0", "^0.6.2", ">= 0.7.6"]
+keywords = ["crash"]
 url = "https://github.com/alexcrichton/cookie-rs/pull/86"
 title = "Large cookie Max-Age values can cause a denial of service"
 date = "2017-05-06"

crates/hyper/RUSTSEC-2016-0002.toml

@@ -1,12 +1,13 @@
 [advisory]
 id = "RUSTSEC-2016-0002"
 package = "hyper"
-patched_versions = [">= 0.9.4"]
-references = ["RUSTSEC-2016-0001"]
 date = "2016-05-09"
 url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
 title = "HTTPS MitM vulnerability due to lack of hostname verification"
+keywords = ["ssl", "mitm"]
 affected_platforms = ["*windows*"]
+patched_versions = [">= 0.9.4"]
+references = ["RUSTSEC-2016-0001"]
 description = """
 When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
 perform hostname verification when making HTTPS requests.

crates/openssl/RUSTSEC-2016-0001.toml

@@ -3,6 +3,7 @@ id = "RUSTSEC-2016-0001"
 package = "openssl"
 patched_versions = [">= 0.9.0"]
 date = "2016-11-05"
+keywords = ["ssl", "mitm"]
 url = "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0"
 title = "SSL/TLS MitM vulnerability due to insecure defaults"
 description = """

crates/security-framework/RUSTSEC-2017-0003.toml

@@ -3,6 +3,7 @@ id = "RUSTSEC-2017-0003"
 package = "security-framework"
 patched_versions = [">= 0.1.12"]
 date = "2017-03-15"
+keywords = ["mitm"]
 url = "https://github.com/sfackler/rust-security-framework/pull/27"
 title = "Hostname verification skipped when custom root certs used"
 description = """

crates/smallvec/RUSTSEC-2018-0003.toml

@@ -4,6 +4,7 @@ package = "smallvec"
 unaffected_versions = ["< 0.3.2"]
 patched_versions = [">= 0.6.3", "^0.3.4", "^0.4.5", "^0.5.1"]
 url = "https://github.com/servo/rust-smallvec/issues/96"
+keywords = ["memory-corruption"]
 title = "Possible double free during unwinding in SmallVec::insert_many"
 date = "2018-07-19"
 description = """

crates/sodiumoxide/RUSTSEC-2017-0001.toml

@@ -4,6 +4,7 @@ package = "sodiumoxide"
 patched_versions = [">= 0.0.14"]
 aliases = ["CVE-2017-1000168"]
 date = "2017-01-26"
+keywords = ["cryptography"]
 url = "https://github.com/dnaq/sodiumoxide/issues/154"
 title = "scalarmult() vulnerable to degenerate public keys"
 description = """

crates/tar/RUSTSEC-2018-0002.toml

@@ -3,6 +3,7 @@ id = "RUSTSEC-2018-0002"
 package = "tar"
 unaffected_versions = []
 patched_versions = [">= 0.4.16"]
+keywords = ["file-overwrite"]
 url = "https://github.com/alexcrichton/tar-rs/pull/156"
 title = "Links in archives can overwrite any existing file"
 date = "2018-06-29"

crates/untrusted/RUSTSEC-2018-0001.toml

@@ -4,6 +4,7 @@ package = "untrusted"
 unaffected_versions = []
 patched_versions = [">= 0.6.2"]
 url = "https://github.com/briansmith/untrusted/pull/20"
+keywords = ["crash"]
 title = "An integer underflow could lead to panic"
 date = "2018-06-21"
 description = """