From 07f707755ae3bfa214654771a3c27d9b82f08ac3 Mon Sep 17 00:00:00 2001 From: Yechan Bae Date: Tue, 25 Aug 2020 15:48:36 -0400 Subject: [PATCH 1/2] Initial report for 0006-alpm-rs --- crates/alpm-rs/RUSTSEC-0000-0000.toml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 crates/alpm-rs/RUSTSEC-0000-0000.toml diff --git a/crates/alpm-rs/RUSTSEC-0000-0000.toml b/crates/alpm-rs/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..df3b138 --- /dev/null +++ b/crates/alpm-rs/RUSTSEC-0000-0000.toml @@ -0,0 +1,14 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "alpm-rs" +date = "2020-08-20" +informational = "unsound" +title = "StrcCtx deallocates a memory region that it doesn't own" +issue_url = "https://github.com/pigeonhands/rust-arch/issues/2" +description = """ +`StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`. +This can introduce memory safety issues such as double-free and use-after-free to client programs. +""" + +[versions] +patched = [] From 0c82150105a201036b09e5d4dfdef2b2727476d4 Mon Sep 17 00:00:00 2001 From: Yechan Bae Date: Tue, 25 Aug 2020 15:50:00 -0400 Subject: [PATCH 2/2] Update 0006-alpm-rs --- crates/alpm-rs/RUSTSEC-0000-0000.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/alpm-rs/RUSTSEC-0000-0000.toml b/crates/alpm-rs/RUSTSEC-0000-0000.toml index df3b138..229a364 100644 --- a/crates/alpm-rs/RUSTSEC-0000-0000.toml +++ b/crates/alpm-rs/RUSTSEC-0000-0000.toml @@ -4,7 +4,7 @@ package = "alpm-rs" date = "2020-08-20" informational = "unsound" title = "StrcCtx deallocates a memory region that it doesn't own" -issue_url = "https://github.com/pigeonhands/rust-arch/issues/2" +url = "https://github.com/pigeonhands/rust-arch/issues/2" description = """ `StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`. This can introduce memory safety issues such as double-free and use-after-free to client programs.