Tony Arcieri
ac125ee29a
Translate database into V3 advisory format ( #420 )
...
As proposed in #240 and tracked in #414 , this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.
This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.
Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
2020-10-01 18:29:11 -07:00
github-actions[bot]
ce0b60265d
Assign RUSTSEC-2018-0018 to smallvec ( #341 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2020-07-24 11:48:53 -04:00
Ralf Jung
fca3269356
add smallvec unsoundness ( #337 )
2020-07-24 11:47:39 -04:00
Sergey "Shnatsel" Davidoff
7797133c67
Add CVE mapping
2020-03-18 17:15:13 +01:00
Tony Arcieri
64c17acfe3
Migrate all advisories to V2 format ( closes #228 )
...
As announced in #228 , this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.
This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
2020-03-01 10:46:35 -08:00
Tony Arcieri
01ac6725d5
Fix all advisories to pass linter
...
Mostly related to the `affected_functions` field, which has changed a
few times.
2019-09-09 12:19:01 -07:00
Tony Arcieri
3a175b7b37
Assign RUSTSEC-2019-0012 to smallvec
...
Original PR: https://github.com/RustSec/advisory-db/pull/127/
2019-07-19 14:12:22 -07:00
Sergey "Shnatsel" Davidoff
150700481b
Update RUSTSEC-0000-0000.toml
2019-07-19 21:45:40 +02:00
Sergey "Shnatsel" Davidoff
3b810f1c13
Add advisory for smallvec issue #149
2019-07-19 21:35:39 +02:00
Tony Arcieri
a20910b79f
Assign RUSTSEC-2019-0009 to smallvec
...
Original PR: https://github.com/RustSec/advisory-db/pull/119
2019-07-03 06:57:06 -07:00
Sergey "Shnatsel" Davidoff
2cbddfd81d
Drop comments from new smallvec advisory
2019-07-02 22:55:15 +02:00
Sergey "Shnatsel" Davidoff
7af1eac5b1
Rename tentative advisory to please CI
2019-06-30 20:11:34 +02:00
Sergey "Shnatsel" Davidoff
144eb01eef
Add advisory for SmallVec issues #148
2019-06-30 20:04:20 +02:00
Tony Arcieri
782efebde9
Revert "Add affected functions to legacy security warnings ( #83 )"
...
This reverts commit 0a981e2b6f
2019-01-13 17:31:25 -08:00
Moritz Beller
0a981e2b6f
Add affected functions to legacy security warnings ( #83 )
...
Add affected functions to advisories
Add `affected_functions` to:
- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
2018-12-21 06:11:32 -08:00
Tony Arcieri
2d9a2632a7
Keywords
...
Documents the new `keywords` attribute and adds keywords to all current
advisories. These can be consumed by the web UI.
2018-07-24 16:02:35 -07:00
Tony Arcieri
cb81d3ceaa
Rename "dwf" TOML tag to "aliases" ( closes #36 )
...
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
2018-07-21 19:47:30 -07:00
Tony Arcieri
79fd13ac6f
crates: Add 'id' attribute to all advisories
...
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
2018-07-21 15:22:39 -07:00
Matt Brubeck
194883b71e
More patched versions released for smallvec
2018-07-20 10:31:28 -07:00
Tony Arcieri
7855ffa911
Assign RUSTSEC-2018-0003 to smallvec
...
Original PR:
https://github.com/RustSec/advisory-db/pull/30
2018-07-19 19:20:54 -07:00
Matt Brubeck
fd11c62bc5
Advisory: Possible double free in SmallVec::insert_many
...
For details, see:
* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
2018-07-19 15:00:38 -07:00
