Merge pull request #53 from RustSec/document-affected-arch-and-affected-os

README.md: Documented `affected_arch` and `affected_os`
2025-12-29 15:56:07 +01:00 · 2018-07-26 21:17:39 -07:00
parent 2f2af6807c 03eebdf3d2
commit bbfce11be0
2 changed files with 20 additions and 14 deletions
--- a/README.md
+++ b/README.md
@@ -60,30 +60,36 @@ This allows an attacker to Y.
 The flaw was corrected by Z.
 """

-# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
-# a change log entry, or a blogpost announcing the release (optional)
-url = "https://github.com/mystuff/mycrate/issues/123"
-
-# Keywords which describe this vulnerability, similar to Cargo keywords
-keywords = ["ssl", "mitm"]
-
 # Versions which include fixes for this vulnerability (mandatory)
 patched_versions = [">= 1.2.0"]

 # Versions which were never vulnerable (optional)
-unaffected_versions = ["< 1.1.0"]
+#unaffected_versions = ["< 1.1.0"]

-# Platforms this vulnerability specifically affects (optional)
-# See: https://docs.rs/rustsec/latest/rustsec/advisory/struct.PlatformReq.html
-#affected_platforms = ["*windows*"]
+# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
+# a change log entry, or a blogpost announcing the release (optional)
+url = "https://github.com/mystuff/mycrate/issues/123"
+
+# Keywords which describe this vulnerability, similar to Cargo (optional)
+keywords = ["ssl", "mitm"]

 # Vulnerability aliases, e.g. CVE IDs (optional but recommended)
 # Request a CVE for your RustSec vulns: https://iwantacve.org/
-aliases = ["CVE-2018-XXXX"]
+#aliases = ["CVE-2018-XXXX"]

 # References to related vulnerabilities (optional)
 # e.g. CVE for a C library wrapped by a -sys crate)
-references = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"]
+#references = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"]
+
+# CPU architectures impacted by this vulnerability (optional)
+# For a list of CPU architecture strings, see the "platforms" crate:
+# <https://docs.rs/platforms/latest/platforms/target/enum.Arch.html>
+#affected_arch = ["x86", "x86_64"]
+
+# Operating systems impacted by this vulnerability (optional)
+# For a list of OS strings, see the "platforms" crate:
+# <https://docs.rs/platforms/latest/platforms/target/enum.OS.html>
+#affected_os = ["windows"]
 ```

 ## License
--- a/crates/hyper/RUSTSEC-2016-0002.toml
+++ b/crates/hyper/RUSTSEC-2016-0002.toml
@@ -5,7 +5,7 @@ date = "2016-05-09"
 url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
 title = "HTTPS MitM vulnerability due to lack of hostname verification"
 keywords = ["ssl", "mitm"]
-affected_platforms = ["*windows*"]
+affected_os = ["windows"]
 patched_versions = [">= 0.9.4"]
 references = ["RUSTSEC-2016-0001"]
 description = """