diff --git a/README.md b/README.md index eff2876..118be59 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,9 @@ The flaw was corrected by Z. # a change log entry, or a blogpost announcing the release (optional) url = "https://github.com/mystuff/mycrate/issues/123" +# Keywords which describe this vulnerability, similar to Cargo keywords +keywords = ["ssl", "mitm"] + # Versions which include fixes for this vulnerability (mandatory) patched_versions = [">= 1.2.0"] diff --git a/crates/base64/RUSTSEC-2017-0004.toml b/crates/base64/RUSTSEC-2017-0004.toml index 9f6c462..f32858a 100644 --- a/crates/base64/RUSTSEC-2017-0004.toml +++ b/crates/base64/RUSTSEC-2017-0004.toml @@ -1,11 +1,12 @@ [advisory] id = "RUSTSEC-2017-0004" package = "base64" -patched_versions = [">= 0.5.2"] -aliases = ["CVE-2017-1000430"] +date = "2017-05-03" url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319" title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf" -date = "2017-05-03" +patched_versions = [">= 0.5.2"] +keywords = ["memory-corruption"] +aliases = ["CVE-2017-1000430"] description = """ Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the diff --git a/crates/cookie/RUSTSEC-2017-0005.toml b/crates/cookie/RUSTSEC-2017-0005.toml index d5c107d..4e11cef 100644 --- a/crates/cookie/RUSTSEC-2017-0005.toml +++ b/crates/cookie/RUSTSEC-2017-0005.toml @@ -2,6 +2,7 @@ id = "RUSTSEC-2017-0005" package = "cookie" patched_versions = ["< 0.6.0", "^0.6.2", ">= 0.7.6"] +keywords = ["crash"] url = "https://github.com/alexcrichton/cookie-rs/pull/86" title = "Large cookie Max-Age values can cause a denial of service" date = "2017-05-06" diff --git a/crates/hyper/RUSTSEC-2016-0002.toml b/crates/hyper/RUSTSEC-2016-0002.toml index bba3283..c03c4a7 100644 --- a/crates/hyper/RUSTSEC-2016-0002.toml +++ b/crates/hyper/RUSTSEC-2016-0002.toml @@ -1,12 +1,13 @@ [advisory] id = "RUSTSEC-2016-0002" package = "hyper" -patched_versions = [">= 0.9.4"] -references = ["RUSTSEC-2016-0001"] date = "2016-05-09" url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09" title = "HTTPS MitM vulnerability due to lack of hostname verification" +keywords = ["ssl", "mitm"] affected_platforms = ["*windows*"] +patched_versions = [">= 0.9.4"] +references = ["RUSTSEC-2016-0001"] description = """ When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. diff --git a/crates/openssl/RUSTSEC-2016-0001.toml b/crates/openssl/RUSTSEC-2016-0001.toml index ec509da..9fd2764 100644 --- a/crates/openssl/RUSTSEC-2016-0001.toml +++ b/crates/openssl/RUSTSEC-2016-0001.toml @@ -3,6 +3,7 @@ id = "RUSTSEC-2016-0001" package = "openssl" patched_versions = [">= 0.9.0"] date = "2016-11-05" +keywords = ["ssl", "mitm"] url = "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0" title = "SSL/TLS MitM vulnerability due to insecure defaults" description = """ diff --git a/crates/security-framework/RUSTSEC-2017-0003.toml b/crates/security-framework/RUSTSEC-2017-0003.toml index 890d29f..588c5b3 100644 --- a/crates/security-framework/RUSTSEC-2017-0003.toml +++ b/crates/security-framework/RUSTSEC-2017-0003.toml @@ -3,6 +3,7 @@ id = "RUSTSEC-2017-0003" package = "security-framework" patched_versions = [">= 0.1.12"] date = "2017-03-15" +keywords = ["mitm"] url = "https://github.com/sfackler/rust-security-framework/pull/27" title = "Hostname verification skipped when custom root certs used" description = """ diff --git a/crates/smallvec/RUSTSEC-2018-0003.toml b/crates/smallvec/RUSTSEC-2018-0003.toml index bf4a67a..836cdb1 100644 --- a/crates/smallvec/RUSTSEC-2018-0003.toml +++ b/crates/smallvec/RUSTSEC-2018-0003.toml @@ -4,6 +4,7 @@ package = "smallvec" unaffected_versions = ["< 0.3.2"] patched_versions = [">= 0.6.3", "^0.3.4", "^0.4.5", "^0.5.1"] url = "https://github.com/servo/rust-smallvec/issues/96" +keywords = ["memory-corruption"] title = "Possible double free during unwinding in SmallVec::insert_many" date = "2018-07-19" description = """ diff --git a/crates/sodiumoxide/RUSTSEC-2017-0001.toml b/crates/sodiumoxide/RUSTSEC-2017-0001.toml index 46ff08d..3294785 100644 --- a/crates/sodiumoxide/RUSTSEC-2017-0001.toml +++ b/crates/sodiumoxide/RUSTSEC-2017-0001.toml @@ -4,6 +4,7 @@ package = "sodiumoxide" patched_versions = [">= 0.0.14"] aliases = ["CVE-2017-1000168"] date = "2017-01-26" +keywords = ["cryptography"] url = "https://github.com/dnaq/sodiumoxide/issues/154" title = "scalarmult() vulnerable to degenerate public keys" description = """ diff --git a/crates/tar/RUSTSEC-2018-0002.toml b/crates/tar/RUSTSEC-2018-0002.toml index 5680c24..c1f551d 100644 --- a/crates/tar/RUSTSEC-2018-0002.toml +++ b/crates/tar/RUSTSEC-2018-0002.toml @@ -3,6 +3,7 @@ id = "RUSTSEC-2018-0002" package = "tar" unaffected_versions = [] patched_versions = [">= 0.4.16"] +keywords = ["file-overwrite"] url = "https://github.com/alexcrichton/tar-rs/pull/156" title = "Links in archives can overwrite any existing file" date = "2018-06-29" diff --git a/crates/untrusted/RUSTSEC-2018-0001.toml b/crates/untrusted/RUSTSEC-2018-0001.toml index 03309c0..fcd1b83 100644 --- a/crates/untrusted/RUSTSEC-2018-0001.toml +++ b/crates/untrusted/RUSTSEC-2018-0001.toml @@ -4,6 +4,7 @@ package = "untrusted" unaffected_versions = [] patched_versions = [">= 0.6.2"] url = "https://github.com/briansmith/untrusted/pull/20" +keywords = ["crash"] title = "An integer underflow could lead to panic" date = "2018-06-21" description = """