From c9858c0fc638e7516bd165dbe29919bb7d3c3f56 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Apr 2024 17:16:20 +0100 Subject: [PATCH] Synchronize IDs (2024-04-11) (#1936) Co-authored-by: amousset <329388+amousset@users.noreply.github.com> --- crates/cassandra-cpp/RUSTSEC-2024-0017.md | 3 ++- crates/crayon/RUSTSEC-2024-0018.md | 1 + crates/eyre/RUSTSEC-2024-0021.md | 1 + crates/h2/RUSTSEC-2024-0332.md | 1 + crates/hpack/RUSTSEC-2023-0085.md | 1 + crates/libdav1d-sys/RUSTSEC-2024-0016.md | 1 + crates/transpose/RUSTSEC-2023-0080.md | 1 + crates/whoami/RUSTSEC-2024-0020.md | 1 + 8 files changed, 9 insertions(+), 1 deletion(-) diff --git a/crates/cassandra-cpp/RUSTSEC-2024-0017.md b/crates/cassandra-cpp/RUSTSEC-2024-0017.md index 0ee54ec..bdd36be 100644 --- a/crates/cassandra-cpp/RUSTSEC-2024-0017.md +++ b/crates/cassandra-cpp/RUSTSEC-2024-0017.md @@ -7,11 +7,12 @@ url = "https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc- informational = "unsound" categories = ["memory-corruption", "memory-exposure"] keywords = ["memory-safety", "use-after-free"] -aliases = ["GHSA-x9xc-63hg-vcfq"] +aliases = ["CVE-2024-27284", "GHSA-x9xc-63hg-vcfq"] [versions] patched = [">= 3.0.0"] ``` + # Non-idiomatic use of iterators leads to use after free Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed. diff --git a/crates/crayon/RUSTSEC-2024-0018.md b/crates/crayon/RUSTSEC-2024-0018.md index 271e65a..1bbf8e1 100644 --- a/crates/crayon/RUSTSEC-2024-0018.md +++ b/crates/crayon/RUSTSEC-2024-0018.md @@ -6,6 +6,7 @@ date = "2024-02-27" url = "https://github.com/shawnscode/crayon/issues/109" categories = ["memory-corruption"] keywords = ["std::mem::uninitialized", "address-sanitizer"] +aliases = ["GHSA-xfhw-6mc4-mgxf"] [versions] patched = [] diff --git a/crates/eyre/RUSTSEC-2024-0021.md b/crates/eyre/RUSTSEC-2024-0021.md index 7353ae6..dc75efd 100644 --- a/crates/eyre/RUSTSEC-2024-0021.md +++ b/crates/eyre/RUSTSEC-2024-0021.md @@ -5,6 +5,7 @@ package = "eyre" date = "2024-03-05" url = "https://github.com/eyre-rs/eyre/issues/141" categories = ["memory-corruption"] +aliases = ["GHSA-4v52-7q2x-v4xj"] [versions] patched = [">= 0.6.12"] diff --git a/crates/h2/RUSTSEC-2024-0332.md b/crates/h2/RUSTSEC-2024-0332.md index 27720e7..3243ad7 100644 --- a/crates/h2/RUSTSEC-2024-0332.md +++ b/crates/h2/RUSTSEC-2024-0332.md @@ -6,6 +6,7 @@ date = "2024-04-03" references = ["https://seanmonstar.com/blog/hyper-http2-continuation-flood/"] categories = ["denial-of-service"] keywords = ["http", "http2", "h2"] +aliases = ["GHSA-q6cp-qfwq-4gcv"] [versions] patched = ["^0.3.26", ">= 0.4.4"] diff --git a/crates/hpack/RUSTSEC-2023-0085.md b/crates/hpack/RUSTSEC-2023-0085.md index c91b870..ac06264 100644 --- a/crates/hpack/RUSTSEC-2023-0085.md +++ b/crates/hpack/RUSTSEC-2023-0085.md @@ -6,6 +6,7 @@ date = "2023-09-15" url = "https://github.com/mlalic/hpack-rs/issues/11" categories = ["denial-of-service"] references = ["https://github.com/sno2/hpack-rs-patched/commit/d669282924a95311599e9e7dd53869ee96b3a2f5"] +aliases = ["GHSA-w7hm-hmxv-pvhf"] [versions] patched = [] diff --git a/crates/libdav1d-sys/RUSTSEC-2024-0016.md b/crates/libdav1d-sys/RUSTSEC-2024-0016.md index a0ad455..06f0309 100644 --- a/crates/libdav1d-sys/RUSTSEC-2024-0016.md +++ b/crates/libdav1d-sys/RUSTSEC-2024-0016.md @@ -6,6 +6,7 @@ date = "2024-02-19" url = "https://www.cvedetails.com/cve/CVE-2024-1580/" categories = ["memory-corruption"] keywords = ["integer-overflow"] +aliases = ["GHSA-mc39-h54g-pvw6"] [affected] [versions] diff --git a/crates/transpose/RUSTSEC-2023-0080.md b/crates/transpose/RUSTSEC-2023-0080.md index 63d92ae..79608c0 100644 --- a/crates/transpose/RUSTSEC-2023-0080.md +++ b/crates/transpose/RUSTSEC-2023-0080.md @@ -5,6 +5,7 @@ package = "transpose" date = "2023-12-18" url = "https://github.com/ejmahler/transpose/issues/11" categories = ["memory-corruption"] +aliases = ["GHSA-5gmm-6m36-r7jh"] [versions] patched = [">= 0.2.3"] diff --git a/crates/whoami/RUSTSEC-2024-0020.md b/crates/whoami/RUSTSEC-2024-0020.md index 3ea1d0e..fba0d6f 100644 --- a/crates/whoami/RUSTSEC-2024-0020.md +++ b/crates/whoami/RUSTSEC-2024-0020.md @@ -6,6 +6,7 @@ date = "2024-02-28" url = "https://github.com/ardaku/whoami/issues/91" categories = ["denial-of-service", "memory-corruption"] keywords = ["buffer-overflow", "stack-buffer-overflow", "cwe-121"] +aliases = ["GHSA-w5w5-8vfh-xcjq"] [affected] # Other Unix OSes that aren't Linux or macOS are affected as well.