OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 23:08:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
786 Commits 1 Branch 0 Tags
00a4c19a4608a5010260bf3bf8e7b1e53e008bf2
Commit Graph

430 Commits

Author SHA1 Message Date
github-actions[bot]
00a4c19a46 Assigned RUSTSEC-2020-0065 to fake_clock (#471) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:46:33 -08:00
Stephen Coyle
a949bd4620 Add unmaintained crate advisory for fake_clock (#465) 
It's been renamed to `sn_fake_clock`
 2020-11-02 06:45:29 -08:00
github-actions[bot]
74c2e86f5d Assigned RUSTSEC-2020-0064 to ffi_utils (#470) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:45:15 -08:00
Stephen Coyle
3adba0fcc4 Add unmaintained crate advisory for ffi_utils (#464) 
It's been renamed to `sn_ffi_utils`
 2020-11-02 06:43:54 -08:00
github-actions[bot]
51fd5e3c97 Assigned RUSTSEC-2020-0063 to safe-nd (#469) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:43:36 -08:00
Stephen Coyle
0da539a26e Add unmaintained crate advisory for safe-nd (#467) 
It's been renamed to `sn_data_types`
 2020-11-02 06:42:05 -08:00
Shnatsel
52cd103576 Assigned RUSTSEC-2020-0062 to futures-util 2020-10-31 13:16:56 +00:00
Sergey "Shnatsel" Davidoff
529c111e43 Merge pull request #460 from BlackHoleFox/futures-util-futuresunordered-badsync 
Add advisory for unsound Sync impl on FuturesUnordered in futures-util
 2020-10-31 14:16:33 +01:00
Shnatsel
e4784fd312 Assigned RUSTSEC-2020-0061 to futures-task 2020-10-31 13:16:00 +00:00
Sergey "Shnatsel" Davidoff
3a89b52370 Merge pull request #459 from BlackHoleFox/futures-task-noop_waker_ref-null-deref 
Add advisory for potential null pointer deref in futures-task
 2020-10-31 14:15:36 +01:00
Shnatsel
338f097760 Assigned RUSTSEC-2020-0060 to futures-task 2020-10-31 13:12:22 +00:00
BlackHoleFox
47bfd9f2a4 Add advisory for unsound Sync implemention on FuturesUnordered in futures-util 2020-10-30 20:54:34 -05:00
BlackHoleFox
8c7efa1d5c Add advisory for potential null pointer deref in futures-task 2020-10-30 20:30:38 -05:00
BlackHoleFox
6a31581e98 Add advisory for use-after-free in futures-util task::waker 2020-10-30 19:44:41 -05:00
github-actions[bot]
9cd2504f39 Assigned RUSTSEC-2020-0059 to futures-util (#456) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-30 19:55:47 -04:00
BlackHoleFox
a36b1185ed Add advisory for data race fix in futures-util (#455) 2020-10-30 19:54:00 -04:00
Tony Arcieri
67a2144be6 RUSTSEC-2020-0015: remove wildcards (#451) 
They're breaking the parser:

https://github.com/RustSec/rustsec-crate/pull/244/checks?check_run_id=1305962917
 2020-10-25 14:39:06 -07:00
Tony Arcieri
1bf68e0dce RUSTSEC-2020-0015: use wildcards in version req (#450) 
`semver` v0.11 is having trouble parsing these requirements.
 2020-10-25 14:28:21 -07:00
Tony Arcieri
3b1f08f212 Unyank RUSTSEC-2020-0011 (#448) 
This advisory is featured in the `plutonium` rustdoc:

https://docs.rs/plutonium/

It'd be a shame to have the link 404.
 2020-10-25 12:51:46 -07:00
github-actions[bot]
146de2d8c7 Assigned RUSTSEC-2018-0021 to libpulse-binding (#447) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:21:56 -07:00
Lyndon Brown
59bee556dd Add advisory for use-after-frees fixed in libpulse-binding v1.2.1 (#433) 2020-10-25 12:19:41 -07:00
github-actions[bot]
1e48ac3958 Assigned RUSTSEC-2019-0038 to libpulse-binding (#446) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:19:23 -07:00
Lyndon Brown
681a20408c Add advisory for notable UB fix in libpulse-binding v2.6.0 (#435) 2020-10-25 12:17:51 -07:00
github-actions[bot]
218de91af9 Assigned RUSTSEC-2020-0058 to stream-cipher (#445) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:14:03 -07:00
Tony Arcieri
5c9ebbfa87 Add unmaintained crate advisory for stream-cipher (#444) 
It's been renamed to `cipher`.
 2020-10-25 12:09:41 -07:00
github-actions[bot]
fa616899f0 Assigned RUSTSEC-2020-0057 to block-cipher (#443) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:05:32 -07:00
Tony Arcieri
8505c9578f Add unmaintained crate advisory for block-cipher (#442) 
It's been renamed to `cipher`.
 2020-10-25 12:04:19 -07:00
github-actions[bot]
691a7504be Assigned RUSTSEC-2020-0056 to stdweb (#441) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 11:57:46 -07:00
Tony Arcieri
6544190137 Add unmaintained crate advisory for stdweb (#439) 
Closes #391
 2020-10-25 11:08:58 -07:00
Tony Arcieri
fb2a1a6c47 Rename RUSTSEC-2020-0055 to RUSTSEC-2018-0020 (#437) 
It was accidentally filed under the wrong year.
 2020-10-22 06:49:26 -07:00
Sergey "Shnatsel" Davidoff
7338ca9c70 Addign RUSTSEC-2020-0055 to libpulse-binding 2020-10-22 05:31:42 +02:00
Lyndon Brown
c128a6bdcd Add advisory for possible use-after-free fixed in libpulse-binding v2.5.0 2020-10-22 03:15:42 +01:00
Sergey "Shnatsel" Davidoff
7d14cb7de8 Merge pull request #428 from taiki-e/rustsec-2020-0052 
Add CVE and GHSA to RUSTSEC-2020-0052
 2020-10-17 01:12:16 +02:00
Tony Arcieri
68af791cc2 Assign RUSTSEC-2020-{0053,0054} to dirs/directories (#431) 
Original PR: https://github.com/RustSec/advisory-db/pull/430/files
 2020-10-16 13:55:50 -07:00
melocene
e36c10d843 dirs and directories crates are unmaintained (#430) 2020-10-16 13:50:54 -07:00
Taiki Endo
7358a10d0d Add CVE and GHSA to RUSTSEC-2020-0052 2020-10-15 04:06:29 +09:00
Egor Larionov
b6bcce2c6b Add patch version for the unsoundness issue in dync (#427) 2020-10-13 07:41:52 -04:00
Sergey "Shnatsel" Davidoff
a2bb0aaa00 Assign RUSTSEC-2020-0052 to crossbeam-channel 2020-10-11 15:16:26 +02:00
Taiki Endo
c764af890f Remove informational field 2020-10-11 21:55:54 +09:00
Taiki Endo
8b71717eb4 Add categories and informational fields 2020-10-11 17:27:18 +09:00
Taiki Endo
ba83b81ec4 Add advisory for UB in crossbeam-channel 0.4.3 2020-10-11 16:57:44 +09:00
Tony Arcieri
8c4b6b7d43 RUSTSEC-2019-0031: spin is maintained (#424) 
We added `yanked = true` to the advisory, however it doesn't seem to be
having the intended effect (the query for unmaintained crates is
probably failing to exclude the yanked advisories)

This is another workaround which makes the `unaffected` requirement
match all versions. Hopefully this means that `spin` will stop being
reported as unmaintained.
 2020-10-10 07:19:19 -07:00
Joshua Barretto
279da1f813 Yanked spin unmaintained advisory 2020-10-08 12:24:25 +01:00
Ammar Askar
6034646f24 Add patched version for atom crate. 2020-10-06 10:28:04 -04:00
Tony Arcieri
ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
 2020-10-01 18:29:11 -07:00
Tony Arcieri
2770460f9c RUSTSEC-2020-0011: rename obsolete to yanked (#419) 
This field name has changed
 2020-10-01 13:56:35 -07:00
Tony Arcieri
7af8522208 Assign RUSTSEC-2019-0037 to pnet (#418) 
Original PR: https://github.com/RustSec/advisory-db/pull/335
 2020-10-01 08:30:38 -07:00
Vladimir
7c95e1b1a1 libpnet (#335) 
Co-authored-by: 0xd34b33f <0xd34b33f@users.noreply.github.com>
 2020-10-01 08:21:28 -07:00
github-actions[bot]
b136b74460 Assigned RUSTSEC-2020-0051 to rustsec (#416) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-01 08:21:08 -07:00
Tony Arcieri
bfa9e12685 Add rustsec crate advisory for breaking changes to advisory format (#415) 
In theory this advisory should trigger this feature of `cargo-audit`
which checks for advisories filed against the `rustsec` crate:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

After merging, I will test with an older `cargo-audit` version to see if
it has the intended effect.
 2020-10-01 08:19:41 -07:00