From a4120c1dce79839895bce7cc4018cd9dd2cd48b5 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Sun, 6 Mar 2022 12:11:48 +0100 Subject: [PATCH] mark RUSTSEC-2021-0019 fixed, add references (#1206) * Add references URLs to RUSTSEC-2021-0019 * update links to rust-x-bindings/ instead of rtbo/ which 404 * Fixed in v1.0 --- crates/xcb/RUSTSEC-2021-0019.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crates/xcb/RUSTSEC-2021-0019.md b/crates/xcb/RUSTSEC-2021-0019.md index de8076f..7569073 100644 --- a/crates/xcb/RUSTSEC-2021-0019.md +++ b/crates/xcb/RUSTSEC-2021-0019.md @@ -10,10 +10,11 @@ aliases = [ ] date = "2021-02-04" url = "https://github.com/RustSec/advisory-db/issues/653" +references = ["https://github.com/rust-x-bindings/rust-xcb/issues/78", "https://github.com/rust-x-bindings/rust-xcb/issues/94", "https://github.com/rust-x-bindings/rust-xcb/issues/95", "https://github.com/rust-x-bindings/rust-xcb/issues/96"] categories = ["memory-corruption", "memory-exposure"] [versions] -patched = [] +patched = [">= 1.0"] ``` # Multiple soundness issues @@ -26,7 +27,7 @@ X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X11 client to create an atom for arbitrary bytes. -This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/96 +This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/96 ## `xcb::xproto::GetPropertyReply::value()` allows arbitrary return types @@ -37,7 +38,7 @@ the X11 server are interpreted as the requested type. The users of the `xcb` crate are advised to only call this function with the intended types. These are `u8`, `u16`, and `u32`. -This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/95 +This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/95 ## Out of bounds read in `xcb::xproto::change_property()` @@ -53,7 +54,7 @@ end of the `data` slice is performed and the bytes are sent to the X11 server. The users of the `xcb` crate are advised to only call this function with one of the intended argument combinations. -This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/94 +This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/94 ## 'Safe' wrapper around `std::mem::transmute()` @@ -69,4 +70,4 @@ X11 events are mostly always 32 bytes large and this function works as intended. Users are advised to only cast to the event structs provided by the `xcb` crate (and hope for the best). -This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/78 +This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/78