From f4a897370633708e8a84608b0a66da59687a00b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Kj=C3=A4ll?= <alexander.kjall@gmail.com>
Date: Sat, 6 Nov 2021 21:37:35 +0100
Subject: [PATCH] add cve info to advisories (#1099)

* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
---
 crates/algorithmica/RUSTSEC-2021-0053.md | 1 +
 crates/ammonia/RUSTSEC-2021-0074.md      | 1 +
 crates/anymap/RUSTSEC-2021-0065.md       | 2 ++
 crates/ark-r1cs-std/RUSTSEC-2021-0075.md | 1 +
 crates/better-macro/RUSTSEC-2021-0077.md | 1 +
 crates/comrak/RUSTSEC-2021-0063.md       | 1 +
 crates/iced-x86/RUSTSEC-2021-0068.md     | 1 +
 crates/libsecp256k1/RUSTSEC-2021-0076.md | 2 ++
 crates/nalgebra/RUSTSEC-2021-0070.md     | 1 +
 crates/prost-types/RUSTSEC-2021-0073.md  | 1 +
 crates/tokio/RUSTSEC-2021-0072.md        | 1 +
 11 files changed, 13 insertions(+)

diff --git a/crates/algorithmica/RUSTSEC-2021-0053.md b/crates/algorithmica/RUSTSEC-2021-0053.md
index 2b537e4..04cfbc7 100644
--- a/crates/algorithmica/RUSTSEC-2021-0053.md
+++ b/crates/algorithmica/RUSTSEC-2021-0053.md
@@ -5,6 +5,7 @@ package = "algorithmica"
 date = "2021-03-07"
 url = "https://github.com/AbrarNitk/algorithmica/issues/1"
 categories = ["memory-corruption"]
+aliases = ["CVE-2021-31996"]
 
 [versions]
 patched = []
diff --git a/crates/ammonia/RUSTSEC-2021-0074.md b/crates/ammonia/RUSTSEC-2021-0074.md
index fd60d4c..ee0ad21 100644
--- a/crates/ammonia/RUSTSEC-2021-0074.md
+++ b/crates/ammonia/RUSTSEC-2021-0074.md
@@ -6,6 +6,7 @@ date = "2021-07-08"
 url = "https://github.com/rust-ammonia/ammonia/pull/142"
 categories = ["format-injection"]
 keywords = ["html", "xss"]
+aliases = ["CVE-2021-38193"]
 
 [versions]
 patched = [">= 3.1.0", ">= 2.1.3, < 3.0.0"]
diff --git a/crates/anymap/RUSTSEC-2021-0065.md b/crates/anymap/RUSTSEC-2021-0065.md
index 1bfa602..5a9b1e5 100644
--- a/crates/anymap/RUSTSEC-2021-0065.md
+++ b/crates/anymap/RUSTSEC-2021-0065.md
@@ -5,6 +5,8 @@ package = "anymap"
 date = "2021-05-07"
 informational = "unmaintained"
 url = "https://github.com/chris-morgan/anymap/issues/37"
+aliases = ["CVE-2021-38187"]
+
 [versions]
 patched = []
 unaffected = []
diff --git a/crates/ark-r1cs-std/RUSTSEC-2021-0075.md b/crates/ark-r1cs-std/RUSTSEC-2021-0075.md
index e9db538..be34b75 100644
--- a/crates/ark-r1cs-std/RUSTSEC-2021-0075.md
+++ b/crates/ark-r1cs-std/RUSTSEC-2021-0075.md
@@ -6,6 +6,7 @@ date = "2021-07-08"
 categories = ["crypto-failure"]
 keywords = ["r1cs", "zksnark", "arkworks"]
 url = "https://github.com/arkworks-rs/r1cs-std/pull/70"
+aliases = ["CVE-2021-38194"]
 
 [versions]
 patched = [">= 0.3.1"]
diff --git a/crates/better-macro/RUSTSEC-2021-0077.md b/crates/better-macro/RUSTSEC-2021-0077.md
index aa6eadf..7d6ab4e 100644
--- a/crates/better-macro/RUSTSEC-2021-0077.md
+++ b/crates/better-macro/RUSTSEC-2021-0077.md
@@ -6,6 +6,7 @@ date = "2021-07-22"
 url = "https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38"
 categories = ["code-execution"]
 keywords = ["rce", "proc-macro"]
+aliases = ["CVE-2021-38196"]
 
 [affected]
 functions = { "better_macro::println" = ["> 1.0.0"] }
diff --git a/crates/comrak/RUSTSEC-2021-0063.md b/crates/comrak/RUSTSEC-2021-0063.md
index b1fcc50..eab7edf 100644
--- a/crates/comrak/RUSTSEC-2021-0063.md
+++ b/crates/comrak/RUSTSEC-2021-0063.md
@@ -6,6 +6,7 @@ date = "2021-05-04"
 url = "https://github.com/kivikakk/comrak/releases/tag/0.10.1"
 categories = ["format-injection"]
 keywords = ["xss"]
+aliases = ["CVE-2021-38186"]
 
 [versions]
 patched = [">= 0.10.1"]
diff --git a/crates/iced-x86/RUSTSEC-2021-0068.md b/crates/iced-x86/RUSTSEC-2021-0068.md
index f168434..1e10bea 100644
--- a/crates/iced-x86/RUSTSEC-2021-0068.md
+++ b/crates/iced-x86/RUSTSEC-2021-0068.md
@@ -5,6 +5,7 @@ package = "iced-x86"
 date = "2021-05-19"
 url = "https://github.com/icedland/iced/issues/168"
 keywords = ["soundness"]
+aliases = ["CVE-2021-38188"]
 
 [affected]
 functions = { "iced_x86::Decoder::new" = ["<= 1.10.3"] }
diff --git a/crates/libsecp256k1/RUSTSEC-2021-0076.md b/crates/libsecp256k1/RUSTSEC-2021-0076.md
index 36718a0..48e6e14 100644
--- a/crates/libsecp256k1/RUSTSEC-2021-0076.md
+++ b/crates/libsecp256k1/RUSTSEC-2021-0076.md
@@ -5,6 +5,8 @@ package = "libsecp256k1"
 date = "2021-07-13"
 url = "https://github.com/paritytech/libsecp256k1/pull/67"
 categories = ["crypto-failure"]
+aliases	= ["CVE-2021-38195"]
+
 [versions]
 patched = [">= 0.5.0"]
 ```
diff --git a/crates/nalgebra/RUSTSEC-2021-0070.md b/crates/nalgebra/RUSTSEC-2021-0070.md
index 233f3dc..5f8a5f8 100644
--- a/crates/nalgebra/RUSTSEC-2021-0070.md
+++ b/crates/nalgebra/RUSTSEC-2021-0070.md
@@ -6,6 +6,7 @@ date = "2021-06-06"
 url = "https://github.com/dimforge/nalgebra/issues/883"
 categories = ["memory-corruption", "memory-exposure"]
 keywords = ["memory-safety"]
+aliases = ["CVE-2021-38190"]
 
 [versions]
 patched = [">= 0.27.1"]
diff --git a/crates/prost-types/RUSTSEC-2021-0073.md b/crates/prost-types/RUSTSEC-2021-0073.md
index 63ea6bb..373321a 100644
--- a/crates/prost-types/RUSTSEC-2021-0073.md
+++ b/crates/prost-types/RUSTSEC-2021-0073.md
@@ -6,6 +6,7 @@ date = "2021-07-08"
 url = "https://github.com/tokio-rs/prost/issues/438"
 categories = ["denial-of-service"]
 keywords = ["denial-of-service"]
+aliases = ["CVE-2021-38192"]
 
 [versions]
 patched = [">= 0.8.0"]
diff --git a/crates/tokio/RUSTSEC-2021-0072.md b/crates/tokio/RUSTSEC-2021-0072.md
index efc2718..feb7890 100644
--- a/crates/tokio/RUSTSEC-2021-0072.md
+++ b/crates/tokio/RUSTSEC-2021-0072.md
@@ -6,6 +6,7 @@ date = "2021-07-07"
 url = "https://github.com/tokio-rs/tokio/issues/3929"
 categories = ["memory-corruption"]
 keywords = ["race condition", "send"]
+aliases = ["CVE-2021-38191"]
 
 [affected]
 functions = { "tokio::task::JoinHandle::abort" = ["<= 1.8.0, >= 0.3.0"] }