OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
786 Commits 1 Branch 0 Tags
00a4c19a4608a5010260bf3bf8e7b1e53e008bf2
Commit Graph

786 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Veetaha
b0bc62bdd5 Add cargo-deny to the list RustSec clients 
`cargo-deny` is an awesome tool, it seems to be the superset of `cargo-audit`. I think it is reasonable to mention it here along with `cargo-audit`.
cc @Jake-Shadle
 2020-05-02 20:27:32 +03:00
Tony Arcieri
aa789b9cbd Merge pull request #280 from Manishearth/obsolete 
RUSTSEC-2020-0011: make obsolete (closes #275)
 2020-04-26 07:06:32 -07:00
Manish Goregaokar
2b2b57668d RUSTSEC-2020-0011: make obsolete 2020-04-25 20:47:58 -07:00
Tony Arcieri
03f59c6a56 Merge pull request #279 from CAD97/patch-1 
RUSTSEC-2020-0011: make wording more objective
 2020-04-25 12:13:38 -07:00
Christopher Durham
c63704f56b RUSTSEC-2020-0011: make wording more objective 2020-04-25 15:10:50 -04:00
Tony Arcieri
0416e6aea7 Merge pull request #278 from RustSec/RUSTSEC-2020-0011/mark-as-informational 
RUSTSEC-2020-0011: mark as informational
 2020-04-25 12:02:52 -07:00
Tony Arcieri
63ca3a7793 RUSTSEC-2020-0011: mark as informational 
See discussion on https://github.com/RustSec/advisory-db/issues/275#issuecomment-619241211
 2020-04-25 12:00:31 -07:00
Lzu Tao
cff4f820ac warn about CVE-2020-1967 2020-04-25 15:38:14 +00:00
Tony Arcieri
eb2618ee1e Merge pull request #274 from RustSec/RUSTSEC-2020-0014 
Assign RUSTSEC-2020-0014 to rusqlite
 2020-04-24 12:42:08 -07:00
Tony Arcieri
183f65dfd1 Assign RUSTSEC-2020-0014 to rusqlite 
Original PR: https://github.com/RustSec/advisory-db/pull/267
 2020-04-24 12:40:14 -07:00
Tony Arcieri
dea12f0602 Merge pull request #267 from thomcc/rusqlite 
Add advisory for rusqlite
 2020-04-24 12:39:27 -07:00
Tony Arcieri
185c7d1c1d Merge pull request #273 from RustSec/RUSTSEC-2020-0013 
Assign RUSTSEC-2020-0013 to fake-static
 2020-04-24 12:38:34 -07:00
Tony Arcieri
2d87929fc8 Assign RUSTSEC-2020-0013 to fake-static 
Original PR: https://github.com/RustSec/advisory-db/pull/270
 2020-04-24 12:37:27 -07:00
Tony Arcieri
79a4b2fe7f Merge pull request #270 from eduardosm/fake-static 
Add advisory for fake-static
 2020-04-24 12:36:49 -07:00
Tony Arcieri
54532e80c5 Merge pull request #272 from RustSec/RUSTSEC-2020-0012 
Assign RUSTSEC-2020-0012 to os_str_bytes
 2020-04-24 12:36:30 -07:00
Tony Arcieri
a4b88992e9 Assign RUSTSEC-2020-0012 to os_str_bytes 
Original PR: https://github.com/RustSec/advisory-db/pull/269
 2020-04-24 12:35:29 -07:00
Tony Arcieri
e64a5618c6 Merge pull request #269 from eduardosm/os_str_bytes 
Add advisory for os_str_bytes
 2020-04-24 12:34:37 -07:00
Tony Arcieri
1d48ab2e21 Merge pull request #271 from RustSec/RUSTSEC-2020-0011 
Assign RUSTSEC-2020-0011 to plutonium
 2020-04-24 12:33:37 -07:00
Tony Arcieri
2a0ed62cd1 Assign RUSTSEC-2020-0011 to plutonium 
Original PR: https://github.com/RustSec/advisory-db/pull/268
 2020-04-24 12:30:55 -07:00
Tony Arcieri
a40b1c5192 Merge pull request #268 from najamelan/plutonium 
Advisory for plutonium.
 2020-04-24 12:26:57 -07:00
Eduardo Sánchez Muñoz
6e85444c98 Add advisory for fake-static 2020-04-24 12:57:07 +02:00
Naja Melan
ab1840c2be Try an empty array for patched versions. 
Co-Authored-By: Tony Arcieri <bascule@gmail.com>
 2020-04-24 06:05:59 +00:00
Eduardo Sánchez Muñoz
16a2f4c592 Add advisory for os_str_bytes 2020-04-24 00:23:27 +02:00
Naja Melan
b761cd7428 Advisory for plutonium. 2020-04-23 23:26:08 +02:00
Thom Chiovoloni
f8c59e28af Add advisory for rusqlite 2020-04-23 10:29:27 -07:00
Tony Arcieri
aecc04c1f1 Merge pull request #266 from RustSec/RUSTSEC-2017-0007 
Assign RUSTSEC-2017-0007 to lz4-compress
 2020-04-16 17:26:49 -07:00
Tony Arcieri
7a2a72d069 Assign RUSTSEC-2017-0007 to lz4-compress 
Original PR: https://github.com/RustSec/advisory-db/pull/264
 2020-04-16 17:23:59 -07:00
Tony Arcieri
e9d8ac2d54 Merge pull request #264 from RustSec/unmaintained-lz4-compress 
Mark lz4-compress as unmaintained
 2020-04-16 17:15:55 -07:00
Sergey "Shnatsel" Davidoff
6282ddf273 change advisory number to pass the linter 2020-04-17 02:07:56 +02:00
Sergey "Shnatsel" Davidoff
bbcceb735f Mark lz4-compress as unmaintained 2020-04-17 02:04:58 +02:00
Tony Arcieri
0004ee40af Merge pull request #263 from RustSec/RUSTSEC-2020-0010 
Assign RUSTSEC-2020-0010 to tiberius
 2020-04-16 09:01:01 -07:00
Tony Arcieri
c427489358 Assign RUSTSEC-2020-0010 to tiberius 
Original PR: https://github.com/RustSec/advisory-db/pull/262
 2020-04-16 08:59:42 -07:00
Tony Arcieri
110e83d354 Merge pull request #262 from RustSec/tiberius-unmaintained 
Add tiberius unmaintained advisory
 2020-04-16 08:58:38 -07:00
Tony Arcieri
cce1d47240 Add tiberius unmaintained advisory 2020-04-16 08:46:03 -07:00
Tony Arcieri
41dd03a2a8 Merge pull request #260 from RustSec/RUSTSEC-2020-0009 
Assign RUSTSEC-2020-0009 to flatbuffers
 2020-04-14 07:51:40 -07:00
Tony Arcieri
577308d91b Assign RUSTSEC-2020-0009 to flatbuffers 
Original PR: https://github.com/RustSec/advisory-db/pull/259
 2020-04-14 07:48:53 -07:00
Tony Arcieri
893cf52c6c Merge pull request #259 from eduardosm/flatbuffers 
Add advisory for flatbuffers
 2020-04-14 07:39:49 -07:00
Eduardo Sánchez Muñoz
4399b9e310 Improve advisory for flatbuffers. 2020-04-11 16:09:15 +02:00
Eduardo Sánchez Muñoz
cbeef93cf0 Add advisory for flatbuffers 2020-04-11 13:25:30 +02:00
Tony Arcieri
eaa3243b39 Merge pull request #258 from Pavlov123/master 
Add unaffected field to RUSTSEC-2020-0008.
 2020-04-01 08:00:09 -07:00
Pavlos Poulakis
c22f80eb55 Add unaffected field to RUSTSEC-2020-0008. 2020-04-01 13:28:48 +01:00
Tony Arcieri
ffac5aa5f2 Merge pull request #257 from hawkw/patch-1 
Fix patched version for RUSTSEC-2020-0008
 2020-03-31 12:14:37 -07:00
Eliza Weisman
9889ed0831 Fix patched version for RUSTSEC-2020-0008 
The vulnerability description for advisory RUSTSEC-2020-0008, "Flaw in
hyper allows request smuggling by sending a body in GET requests", lists
an incorrect patched version. The advisory states that the vulnerability
was fixed in `hyper` 0.12.35, but `hyper`'s changelog [shows][1] that 
the patch (hyperium/hyper@23fc8b0) was published in 0.12.34. I believe
that this means that `cargo audit` will incorrectly report patched 
versions as vulnerable.

This PR corrects the listed version.

[1]: https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v01234-2019-09-04
 2020-03-31 10:41:53 -07:00
Tony Arcieri
35d4b225d4 Merge pull request #256 from RustSec/RUSTSEC-2020-0008 
Assign RUSTSEC-2020-0008 to hyper
 2020-03-31 10:09:02 -07:00
Tony Arcieri
6053e3a05f Assign RUSTSEC-2020-0008 to hyper 
Original PR: https://github.com/RustSec/advisory-db/pull/255
 2020-03-31 10:07:02 -07:00
Tony Arcieri
66112b38a2 Merge pull request #255 from DemiMarie-parity/smuggling 
Add hyper request smuggling vulnerability
 2020-03-31 10:05:32 -07:00
Demi M. Obenour
91eed85346 Note that another vulnerability is needed for RCE 
Also make some trivial changes to pass the linter.
 2020-03-30 18:59:14 -04:00
Demi M. Obenour
8b6786f78c Merge branch 'master' into smuggling 2020-03-30 18:38:47 -04:00
Tony Arcieri
81193d1dba Merge pull request #254 from RustSec/RUSTSEC-2020-0007 
Assign RUSTSEC-2020-0007 to bitvec
 2020-03-30 12:48:39 -07:00
Tony Arcieri
4de36fe70a Assign RUSTSEC-2020-0007 to bitvec 
Original PR: https://github.com/RustSec/advisory-db/pull/253
 2020-03-30 12:45:16 -07:00