OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-06 19:49:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Assign RUSTSEC-2018-0001 to untrusted

Browse Source 
Original PR:

https://github.com/RustSec/advisory-db/pull/24
This commit is contained in:
Tony Arcieri
2018-06-26 00:13:01 +01:00
parent 0c1ba96e69
commit 3c0458d26b
2 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Advisories.toml
View File

@@ -88,3 +88,26 @@ will panic if the value is greater than 2^64/1000 and less than or equal to
This flaw was corrected by explicitly checking for the `Max-Age` being in this
integer range and clamping the value to the maximum duration value.
"""
[[advisory]]
id = "RUSTSEC-2018-0001"
package = "untrusted"
unaffected_versions = []
patched_versions = [">= 0.6.2"]
dwf = []
url = "https://github.com/briansmith/untrusted/pull/20"
title = "An integer underflow could lead to panic"
date = "2018-06-21"
description = """
A mistake in error handling in untrusted before 0.6.2 could lead to an integer
underflow and panic if a user of the crate didn't properly check for errors
returned by untrusted.
Combination of these two programming errors (one in untrusted and another by
user of this crate) could lead to a panic and maybe a denial of service of
affected software.
The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also
advisable that users of untrusted check for their sources for cases where errors
returned by untrusted are not handled correctly.
"""

20
crates/untrusted/RUSTSEC-0000-0000.toml → crates/untrusted/RUSTSEC-2018-0001.toml
View File

@@ -1,31 +1,11 @@
[advisory]
package = "untrusted"
# Versions which were never vulnerable
unaffected_versions = []
# Versions which include fixes for this vulnerability
patched_versions = [">= 0.6.2"]
# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]
# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = "https://github.com/briansmith/untrusted/pull/20"
# Single-line description of a vulnerability
title = "An integer underflow could lead to panic"
# Disclosure date of the advisory (RFC 3339)
date = "2018-06-21"
# Enter a short-form description of the vulnerability here (required)
description = """
A mistake in error handling in untrusted before 0.6.2 could lead to an integer
underflow and panic if a user of the crate didn't properly check for errors