OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 23:36:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
305 Commits 1 Branch 0 Tags
01ac6725d549dbc7873250fe2a55e54d528fe945
Commit Graph

305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
74ebe212dc Upgrade to rustsec crate v0.13.0-alpha1; add linter 
Upgrades the `rustsec` crate to the latest alpha release and uses the
new `rustsec::advisory::Linter` functionality to lint advisories
currently in the database.

Several of them are using invalid keys and need to be updated.
 2019-09-09 11:39:11 -07:00
Tony Arcieri
a1cd9fc432 Merge pull request #156 from RustSec/RUSTSEC-2019-0020 
Assign RUSTSEC-2019-0020 to generator
 2019-09-07 08:16:17 -07:00
Tony Arcieri
df689834c7 Assign RUSTSEC-2019-0020 to generator 
Original PR: https://github.com/RustSec/advisory-db/pull/150
 2019-09-07 08:08:16 -07:00
Xudong Huang
3461fe2601 Add advisory for generator (#150) 2019-09-07 07:42:52 -07:00
Tony Arcieri
43aea6cc49 Merge pull request #153 from RustSec/RUSTSEC-2019-0019 
Assign RUSTSEC-2019-0019 to blake2
 2019-09-06 16:52:52 -07:00
Tony Arcieri
66fe537fdc Assign RUSTSEC-2019-0019 to blake2 
Original PR: https://github.com/RustSec/advisory-db/pull/151
 2019-09-06 13:45:25 -07:00
Tony Arcieri
06b81b58ab Merge pull request #151 from RustSec/broken-blake2-impls 
Add advisory for broken `blake2` impls
 2019-09-06 12:03:31 -07:00
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
21a1767752 Merge pull request #148 from RustSec/RUSTSEC-2019-0018 
Assign RUSTSEC-2019-0018 to renderdoc
 2019-09-02 19:44:46 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Tony Arcieri
bbb7ff55c3 Merge pull request #147 from ebkalderon/add-renderdoc-ub-vuln 
Undefined behavior in renderdoc crate
 2019-09-02 19:36:19 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
6de62b1002 Merge branch 'master' into add-renderdoc-ub-vuln 2019-09-03 01:14:08 +08:00
Tony Arcieri
6e03d3c0b7 Merge pull request #146 from RustSec/rust-lang-vulns 
File standard libary/core vulns (closes RustSec/cargo-audit#46)
 2019-09-02 10:12:18 -07:00
Tony Arcieri
58db1ee63a File standard libary/core vulns (closes RustSec/cargo-audit#46) 
Files vulnerabilities in the standard library originally reported at:

https://groups.google.com/forum/#!forum/rustlang-security-announcements

Or otherwise collected at:

https://github.com/RustSec/cargo-audit/issues/46

The `rustsec` crate doesn't presently consume these, but I'd like to add
support ASAP.
 2019-09-02 09:54:05 -07:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
706203ce01 Merge pull request #145 from RustSec/support-toml 
support.toml: Initial file
 2019-09-01 17:16:07 -07:00
Tony Arcieri
a20aa8d0c8 support.toml: Initial file 
Adds an initial file indicating what version of the `rustsec` the
advisory database is compatible with. This is designed for use with
the corresponding feature in the `rustsec` crate:

https://github.com/RustSec/rustsec-crate/pull/76
 2019-09-01 17:04:28 -07:00
Tony Arcieri
2de10f5bce Merge pull request #144 from RustSec/RUSTSEC-2019-0017 
Assign RUSTSEC-2019-0017 to once_cell
 2019-09-01 13:34:18 -07:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
decd2c5c78 Merge pull request #142 from RustSec/RUSTSEC-2019-0016 
Assign RUSTSEC-2019-0016 to chttp
 2019-09-01 13:19:05 -07:00
Tony Arcieri
5b742bbc54 Assign RUSTSEC-2019-0016 to chttp 
Original PR: https://github.com/RustSec/advisory-db/pull/139
 2019-09-01 13:06:15 -07:00
Tony Arcieri
434b26a7e4 Merge pull request #139 from sagebind/sagebind-patch-1 
Add advisory for use-after-free in chttp 0.1.1, 0.1.2
 2019-09-01 13:04:31 -07:00
Tony Arcieri
8ed9e62129 Merge branch 'master' into sagebind-patch-1 2019-09-01 12:56:31 -07:00
Tony Arcieri
8476922c1c Merge pull request #141 from RustSec/RUSTSEC-2019-0015 
Assign RUSTSEC-2019-0015 to compact_arena
 2019-09-01 12:51:23 -07:00
Tony Arcieri
603012cd96 Assign RUSTSEC-2019-0015 to compact_arena 
Original PR: https://github.com/RustSec/advisory-db/pull/137
 2019-09-01 12:46:55 -07:00
Tony Arcieri
8bd5aa94aa Merge pull request #140 from RustSec/RUSTSEC-2019-0014 
Assign RUSTSEC-2019-0014 to image
 2019-09-01 12:44:28 -07:00
Tony Arcieri
c21ebf3341 Assign RUSTSEC-2019-0014 to image 
Original PR: https://github.com/RustSec/advisory-db/pull/135
 2019-09-01 12:37:49 -07:00
Stephen M. Coakley
439853f667 Create RUSTSEC-0000-0000.toml 2019-09-01 13:45:03 -05:00
llogiq
7b363b785a add out-of-bounds memory access in compact_arena < 0.4.0 (#137) 2019-09-01 10:54:20 -07:00
HeroicKatora
c8c41f939a Add hdr decoder use-after-free advisory (#135) 2019-09-01 10:46:14 -07:00
Tony Arcieri
f758dea601 Merge pull request #136 from RustSec/alex-patch-1 
Tell people to delete comments in the example advisory
 2019-08-31 12:56:09 -07:00
Alex Gaynor
de8a052d3e Tell people to delete comments in the example advisory 2019-08-31 15:27:07 -04:00
Tony Arcieri
07da5c8ed5 Merge pull request #133 from RustSec/RUSTSEC-2019-0013 
Assign RUSTSEC-2019-0013 to spin
 2019-08-28 10:36:26 -07:00
Tony Arcieri
44dc01298e Assign RUSTSEC-2019-0013 to spin 
Original PR: https://github.com/RustSec/advisory-db/pull/132
 2019-08-28 10:11:01 -07:00
Tony Arcieri
50a678280c Merge pull request #132 from 64/master 
Report vulnerability in spin crate's RwLock impl
 2019-08-28 10:09:24 -07:00
Matt Taylor
5568479c48 Clarify that users of Once are not affected 2019-08-28 06:37:10 +01:00
Matt Taylor
3c55761403 Report vulnerability in spin crate's RwLock impl 2019-08-27 20:09:09 +01:00
Tony Arcieri
f9de4aed5b Merge pull request #129 from RalfJung/memoffset 
actually memoffset also had an uninit-drop vuln
 2019-07-20 10:24:42 -07:00
Ralf Jung
9ec1ad0a9c typo 2019-07-20 13:45:36 +02:00
Ralf Jung
7e3423c7ec actually memoffset also had an uninit-drop vuln, and that affects all versions ever published 2019-07-20 12:56:59 +02:00
Tony Arcieri
ce7e93d4a9 Merge pull request #128 from RustSec/RUSTSEC-2019-0012 
Assign RUSTSEC-2019-0012 to smallvec
 2019-07-19 14:18:21 -07:00
Tony Arcieri
3a175b7b37 Assign RUSTSEC-2019-0012 to smallvec 
Original PR: https://github.com/RustSec/advisory-db/pull/127/
 2019-07-19 14:12:22 -07:00
Tony Arcieri
587ac0152c Merge pull request #127 from Shnatsel/patch-1 
Add advisory for smallvec issue #149
 2019-07-19 13:47:20 -07:00
Sergey "Shnatsel" Davidoff
150700481b Update RUSTSEC-0000-0000.toml 2019-07-19 21:45:40 +02:00
Sergey "Shnatsel" Davidoff
3b810f1c13 Add advisory for smallvec issue #149 2019-07-19 21:35:39 +02:00
Tony Arcieri
b8451d4f7f Merge pull request #126 from RustSec/RUSTSEC-2019-0011 
Assign RUSTSEC-2019-0011 to memoffset
 2019-07-17 10:02:13 -07:00
Tony Arcieri
4d673eedf4 Assign RUSTSEC-2019-0011 to memoffset 
Original PR: https://github.com/RustSec/advisory-db/pull/124
 2019-07-17 09:50:31 -07:00