From 7786157156e02c25502346ca40309b0d30aad0b2 Mon Sep 17 00:00:00 2001 From: newpavlov Date: Wed, 6 Nov 2019 19:47:35 +0300 Subject: [PATCH 1/2] add an advisory for streebog bug --- crates/streebog/RUSTSEC-0000-0000.toml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 crates/streebog/RUSTSEC-0000-0000.toml diff --git a/crates/streebog/RUSTSEC-0000-0000.toml b/crates/streebog/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000..e572778 --- /dev/null +++ b/crates/streebog/RUSTSEC-0000-0000.toml @@ -0,0 +1,13 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "streebog" +date = "2019-10-06" +title = "Incorrect implementation of the Streebog hash functions" +description = """ +Internal `update-sigma` function was implemented incorrectly and depending on +`debug-assertions` it could've caused an incorrect result or panic for some +a certain inputs. +""" +patched_versions = [">= 0.8.0"] +url = "https://github.com/RustCrypto/hashes/pull/91" +category = ["crypto-failure"] \ No newline at end of file From 34eb710de5220dfc7b1cb6436566e450a202ea77 Mon Sep 17 00:00:00 2001 From: newpavlov Date: Wed, 6 Nov 2019 19:49:57 +0300 Subject: [PATCH 2/2] fix description --- crates/streebog/RUSTSEC-0000-0000.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/streebog/RUSTSEC-0000-0000.toml b/crates/streebog/RUSTSEC-0000-0000.toml index e572778..a4e3389 100644 --- a/crates/streebog/RUSTSEC-0000-0000.toml +++ b/crates/streebog/RUSTSEC-0000-0000.toml @@ -5,8 +5,8 @@ date = "2019-10-06" title = "Incorrect implementation of the Streebog hash functions" description = """ Internal `update-sigma` function was implemented incorrectly and depending on -`debug-assertions` it could've caused an incorrect result or panic for some -a certain inputs. +`debug-assertions` it could've caused an incorrect result or panic for certain +inputs. """ patched_versions = [">= 0.8.0"] url = "https://github.com/RustCrypto/hashes/pull/91"