OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
506 Commits 1 Branch 0 Tags
0004ee40af690b7c4e21da56916da2e501f98864
Commit Graph

506 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
0004ee40af Merge pull request #263 from RustSec/RUSTSEC-2020-0010 
Assign RUSTSEC-2020-0010 to tiberius
 2020-04-16 09:01:01 -07:00
Tony Arcieri
c427489358 Assign RUSTSEC-2020-0010 to tiberius 
Original PR: https://github.com/RustSec/advisory-db/pull/262
 2020-04-16 08:59:42 -07:00
Tony Arcieri
110e83d354 Merge pull request #262 from RustSec/tiberius-unmaintained 
Add tiberius unmaintained advisory
 2020-04-16 08:58:38 -07:00
Tony Arcieri
cce1d47240 Add tiberius unmaintained advisory 2020-04-16 08:46:03 -07:00
Tony Arcieri
41dd03a2a8 Merge pull request #260 from RustSec/RUSTSEC-2020-0009 
Assign RUSTSEC-2020-0009 to flatbuffers
 2020-04-14 07:51:40 -07:00
Tony Arcieri
577308d91b Assign RUSTSEC-2020-0009 to flatbuffers 
Original PR: https://github.com/RustSec/advisory-db/pull/259
 2020-04-14 07:48:53 -07:00
Tony Arcieri
893cf52c6c Merge pull request #259 from eduardosm/flatbuffers 
Add advisory for flatbuffers
 2020-04-14 07:39:49 -07:00
Eduardo Sánchez Muñoz
4399b9e310 Improve advisory for flatbuffers. 2020-04-11 16:09:15 +02:00
Eduardo Sánchez Muñoz
cbeef93cf0 Add advisory for flatbuffers 2020-04-11 13:25:30 +02:00
Tony Arcieri
eaa3243b39 Merge pull request #258 from Pavlov123/master 
Add unaffected field to RUSTSEC-2020-0008.
 2020-04-01 08:00:09 -07:00
Pavlos Poulakis
c22f80eb55 Add unaffected field to RUSTSEC-2020-0008. 2020-04-01 13:28:48 +01:00
Tony Arcieri
ffac5aa5f2 Merge pull request #257 from hawkw/patch-1 
Fix patched version for RUSTSEC-2020-0008
 2020-03-31 12:14:37 -07:00
Eliza Weisman
9889ed0831 Fix patched version for RUSTSEC-2020-0008 
The vulnerability description for advisory RUSTSEC-2020-0008, "Flaw in
hyper allows request smuggling by sending a body in GET requests", lists
an incorrect patched version. The advisory states that the vulnerability
was fixed in `hyper` 0.12.35, but `hyper`'s changelog [shows][1] that 
the patch (hyperium/hyper@23fc8b0) was published in 0.12.34. I believe
that this means that `cargo audit` will incorrectly report patched 
versions as vulnerable.

This PR corrects the listed version.

[1]: https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v01234-2019-09-04
 2020-03-31 10:41:53 -07:00
Tony Arcieri
35d4b225d4 Merge pull request #256 from RustSec/RUSTSEC-2020-0008 
Assign RUSTSEC-2020-0008 to hyper
 2020-03-31 10:09:02 -07:00
Tony Arcieri
6053e3a05f Assign RUSTSEC-2020-0008 to hyper 
Original PR: https://github.com/RustSec/advisory-db/pull/255
 2020-03-31 10:07:02 -07:00
Tony Arcieri
66112b38a2 Merge pull request #255 from DemiMarie-parity/smuggling 
Add hyper request smuggling vulnerability
 2020-03-31 10:05:32 -07:00
Demi M. Obenour
91eed85346 Note that another vulnerability is needed for RCE 
Also make some trivial changes to pass the linter.
 2020-03-30 18:59:14 -04:00
Demi M. Obenour
8b6786f78c Merge branch 'master' into smuggling 2020-03-30 18:38:47 -04:00
Tony Arcieri
81193d1dba Merge pull request #254 from RustSec/RUSTSEC-2020-0007 
Assign RUSTSEC-2020-0007 to bitvec
 2020-03-30 12:48:39 -07:00
Tony Arcieri
4de36fe70a Assign RUSTSEC-2020-0007 to bitvec 
Original PR: https://github.com/RustSec/advisory-db/pull/253
 2020-03-30 12:45:16 -07:00
Tony Arcieri
f37a7bf90a Merge pull request #253 from myrrlyn/master 
Report memory management error in `bitvec`
 2020-03-30 11:02:11 -07:00
Alexander Payne
70389f6a25 Report memory management error in bitvec 
See myrrlyn/bitvec#55
 2020-03-27 16:10:15 -06:00
Tony Arcieri
de905c8bfe Merge pull request #252 from RustSec/RUSTSEC-2020-0006 
Assign RUSTSEC-2020-0006 to bumpalo
 2020-03-24 14:56:30 -07:00
Tony Arcieri
ab9cad4eba Assign RUSTSEC-2020-0006 to bumpalo 
Original PR: https://github.com/RustSec/advisory-db/pull/251
 2020-03-24 14:21:56 -07:00
Tony Arcieri
a6d2cc87a2 Merge pull request #251 from fitzgen/patch-1 
bumpalo: Report memory exposure bug in realloc
 2020-03-24 14:14:50 -07:00
Nick Fitzgerald
2a32306fa8 bumpalo: Report memory exposure bug in realloc 2020-03-24 14:12:17 -07:00
Tony Arcieri
ae3627d1a9 Merge pull request #250 from djc/template-cvss 
Mention CVSS field in template (see #248)
 2020-03-24 07:40:04 -07:00
Dirkjan Ochtman
3c71342be3 Mention CVSS field in template (see #248) 2020-03-24 15:36:32 +01:00
Tony Arcieri
e00d8ad965 Merge pull request #249 from RustSec/RUSTSEC-2020-0005 
Assign RUSTSEC-2020-0005 to cbox
 2020-03-23 09:33:34 -07:00
Tony Arcieri
da46c54637 Assign RUSTSEC-2020-0005 to cbox 
Original PR: https://github.com/RustSec/advisory-db/pull/246
 2020-03-23 09:25:44 -07:00
Tony Arcieri
9d4cdd5ebd Merge pull request #246 from eduardosm/cbox 
Add advisory for cbox
 2020-03-23 09:13:32 -07:00
Tony Arcieri
d99e1f9c94 Merge branch 'master' into cbox 2020-03-23 09:09:25 -07:00
Tony Arcieri
40077b6e77 Merge pull request #247 from rockstar/fix/adjust-patched-flatbuffers-version 
fix: update patched version for 2019-0028
 2020-03-21 19:23:49 -07:00
Paul Hummer
ca7a01db12 fix: update patched version for 2019-0028 
This patch updates the `RUSTSEC-2019-0028` advisory to show a patched
version is available. The patch was added [in PR 5554](https://github.com/google/flatbuffers/pull/5554),
and released with version `0.6.1`.
 2020-03-19 15:46:22 -06:00
Eduardo Sánchez Muñoz
ce9b3be5b3 Add advisory for cbox 2020-03-19 20:23:50 +01:00
Demi M. Obenour
0d7868ccb9 Add hyper request smuggling vulnerability 2020-03-19 11:41:39 -04:00
Tony Arcieri
b7d6d4ae35 Merge pull request #245 from RustSec/cve-mapping 
Add CVE mapping
 2020-03-18 09:34:35 -07:00
Sergey "Shnatsel" Davidoff
7797133c67 Add CVE mapping 2020-03-18 17:15:13 +01:00
Tony Arcieri
f9beae30a9 Merge pull request #244 from RustSec/RUSTSEC-2016-0005/md5-is-legacy 
RUSTSEC-2016-0005: move `md-5` crate to legacy algorithms
 2020-03-15 15:45:06 -07:00
Tony Arcieri
1880f0baf8 RUSTSEC-2016-0005: move md-5 crate to legacy algorithms 
https://www.kb.cert.org/vuls/id/836068/
 2020-03-15 15:43:02 -07:00
Tony Arcieri
a6dfe7ff88 Merge pull request #243 from stroxler/patch-1 
Add `md5` to RustCrypto digest crates
 2020-03-15 15:41:24 -07:00
Steven Troxler
b02ff94044 Add md5 to RustCrypto digest algorithms 
When migrating a codebase off of rust-crypto, I encountered a few uses of the md5 digest, and realized that it was missing from this advisory. Since deprecations are good onboarding tasks for folks new to rust (like me), I figured it would be helpful to explicitly state here that RustCrypto has an `md-5` crate you can use as (almost) a drop-in replacement
 2020-03-14 14:32:08 -07:00
Tony Arcieri
88461fc18f Merge pull request #242 from RustSec/RUSTSEC-2019-0031/add-link-to-spinning-top 
RUSTSEC-2019-0031: add link to `spinning_top`
 2020-03-13 09:54:03 -07:00
Tony Arcieri
ee50344262 RUSTSEC-2019-0031: add link to spinning_top 2020-03-13 09:05:42 -07:00
Tony Arcieri
19196c2936 Merge pull request #238 from RustSec/migrate-rust-advisories-to-v2-format 
Migrate `rust/` advisories to V2 format
 2020-03-01 12:11:53 -08:00
Tony Arcieri
f0ee46e990 Migrate rust/ advisories to V2 format 
The migration in #236 only handled the `crates/` advisories, not the
ones in `rust/`.

This commit completes the migration.
 2020-03-01 12:10:57 -08:00
Tony Arcieri
5165b5f215 Merge pull request #239 from RustSec/fix-rustsec-admin-caching 
.github: fix rustsec-admin install caching
 2020-03-01 12:10:36 -08:00
Tony Arcieri
ce7810963c .github: fix rustsec-admin install caching 
Fixes use of the cached `rustsec-admin` binary, which was added in #237
 2020-03-01 12:08:37 -08:00
Tony Arcieri
35fe84ed86 Merge pull request #237 from RustSec/cache-rustsec-admin-install 
.github: cache installation of rustsec-admin
 2020-03-01 11:11:15 -08:00
Tony Arcieri
38626513a9 .github: cache installation of rustsec-admin 2020-03-01 11:03:23 -08:00