From 4399b9e310d1e45e95ecf8d2d0e6d188bde1f4ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= Date: Sat, 11 Apr 2020 16:05:57 +0200 Subject: [PATCH] Improve advisory for flatbuffers. --- crates/flatbuffers/RUSTSEC-0000-0000.toml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crates/flatbuffers/RUSTSEC-0000-0000.toml b/crates/flatbuffers/RUSTSEC-0000-0000.toml index cdf5a85..f19d816 100644 --- a/crates/flatbuffers/RUSTSEC-0000-0000.toml +++ b/crates/flatbuffers/RUSTSEC-0000-0000.toml @@ -2,11 +2,11 @@ id = "RUSTSEC-0000-0000" package = "flatbuffers" date = "2020-04-11" -title = "`read_scalar` and `read_scalar_at` are unsound`" +title = "`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks" url = "https://github.com/google/flatbuffers/issues/5825" description = """ The `read_scalar` and `read_scalar_at` functions are unsound -because the allow transmuting values without `unsafe` blocks. +because they allow transmuting values without `unsafe` blocks. The following example shows how to create a dangling reference: @@ -24,8 +24,9 @@ fn main() { """ [affected.functions] -"flatbuffers::read_scalar" = [] -"flatbuffers::read_scalar_at" = [] +"flatbuffers::read_scalar" = [">= 0.4.0"] +"flatbuffers::read_scalar_at" = [">= 0.4.0"] [versions] patched = [] +unaffected = ["< 0.4.0"]