Merge pull request #49 from RustSec/affected-platforms

Affected Platforms
2026-01-05 03:00:34 +01:00 · 2018-07-24 15:58:57 -07:00
parent 20d789b68d 2632340526
commit ac0e00251b
2 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -70,6 +70,10 @@ patched_versions = [">= 1.2.0"]
 # Versions which were never vulnerable (optional)
 unaffected_versions = ["< 1.1.0"]

+# Platforms this vulnerability specifically affects (optional)
+# See: https://docs.rs/rustsec/latest/rustsec/advisory/struct.PlatformReq.html
+#affected_platforms = ["*windows*"]
+
 # Vulnerability aliases, e.g. CVE IDs (optional but recommended)
 # Request a CVE for your RustSec vulns: https://iwantacve.org/
 aliases = ["CVE-2018-XXXX"]
--- a/crates/hyper/RUSTSEC-2016-0002.toml
+++ b/crates/hyper/RUSTSEC-2016-0002.toml
@@ -6,6 +6,7 @@ references = ["RUSTSEC-2016-0001"]
 date = "2016-05-09"
 url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
 title = "HTTPS MitM vulnerability due to lack of hostname verification"
+affected_platforms = ["*windows*"]
 description = """
 When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
 perform hostname verification when making HTTPS requests.