From e6b5f1a74f643d59f2d6a66b75f8c5ea6348c0b4 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Wed, 15 Mar 2017 22:34:43 -0700 Subject: [PATCH] Assign RUSTSEC-2017-0003 to security-framework Original PR: https://github.com/RustSec/advisory-db/pull/16 --- Advisories.toml | 17 +++++++++++++++++ ...EC-0000-0000.toml => RUSTSEC-2017-0003.toml} | 1 + 2 files changed, 18 insertions(+) rename crates/security-framework/{RUSTSEC-0000-0000.toml => RUSTSEC-2017-0003.toml} (96%) diff --git a/Advisories.toml b/Advisories.toml index dad625b..38f34a3 100644 --- a/Advisories.toml +++ b/Advisories.toml @@ -32,3 +32,20 @@ is if an application constructs headers based on unsanitized user input. This issue was fixed by replacing all newline characters with a space during serialization of a header value. """ + +[[advisory]] +id = "RUSTSEC-2017-0003" +package = "security-framework" +patched_versions = [">= 0.1.12"] +dwf = [] +date = "2017-03-15" +url = "https://github.com/sfackler/rust-security-framework/pull/27" +title = "Hostname verification skipped when custom root certs used" +description = """ +If custom root certificates were registered with a `ClientBuilder`, the +hostname of the target server would not be validated against its presented leaf +certificate. + +This issue was fixed by properly configuring the trust evaluation logic to +perform that check. +""" diff --git a/crates/security-framework/RUSTSEC-0000-0000.toml b/crates/security-framework/RUSTSEC-2017-0003.toml similarity index 96% rename from crates/security-framework/RUSTSEC-0000-0000.toml rename to crates/security-framework/RUSTSEC-2017-0003.toml index e146a6a..d4e8e63 100644 --- a/crates/security-framework/RUSTSEC-0000-0000.toml +++ b/crates/security-framework/RUSTSEC-2017-0003.toml @@ -2,6 +2,7 @@ package = "security-framework" patched_versions = [">= 0.1.12"] dwf = [] +date = "2017-03-15" url = "https://github.com/sfackler/rust-security-framework/pull/27" title = "Hostname verification skipped when custom root certs used" description = """