OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 08:40:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
305 Commits 1 Branch 0 Tags
01ac6725d549dbc7873250fe2a55e54d528fe945
Commit Graph

132 Commits

Author SHA1 Message Date
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
df689834c7 Assign RUSTSEC-2019-0020 to generator 
Original PR: https://github.com/RustSec/advisory-db/pull/150
 2019-09-07 08:08:16 -07:00
Xudong Huang
3461fe2601 Add advisory for generator (#150) 2019-09-07 07:42:52 -07:00
Tony Arcieri
66fe537fdc Assign RUSTSEC-2019-0019 to blake2 
Original PR: https://github.com/RustSec/advisory-db/pull/151
 2019-09-06 13:45:25 -07:00
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
5b742bbc54 Assign RUSTSEC-2019-0016 to chttp 
Original PR: https://github.com/RustSec/advisory-db/pull/139
 2019-09-01 13:06:15 -07:00
Tony Arcieri
8ed9e62129 Merge branch 'master' into sagebind-patch-1 2019-09-01 12:56:31 -07:00
Tony Arcieri
603012cd96 Assign RUSTSEC-2019-0015 to compact_arena 
Original PR: https://github.com/RustSec/advisory-db/pull/137
 2019-09-01 12:46:55 -07:00
Tony Arcieri
c21ebf3341 Assign RUSTSEC-2019-0014 to image 
Original PR: https://github.com/RustSec/advisory-db/pull/135
 2019-09-01 12:37:49 -07:00
Stephen M. Coakley
439853f667 Create RUSTSEC-0000-0000.toml 2019-09-01 13:45:03 -05:00
llogiq
7b363b785a add out-of-bounds memory access in compact_arena < 0.4.0 (#137) 2019-09-01 10:54:20 -07:00
HeroicKatora
c8c41f939a Add hdr decoder use-after-free advisory (#135) 2019-09-01 10:46:14 -07:00
Tony Arcieri
44dc01298e Assign RUSTSEC-2019-0013 to spin 
Original PR: https://github.com/RustSec/advisory-db/pull/132
 2019-08-28 10:11:01 -07:00
Matt Taylor
5568479c48 Clarify that users of Once are not affected 2019-08-28 06:37:10 +01:00
Matt Taylor
3c55761403 Report vulnerability in spin crate's RwLock impl 2019-08-27 20:09:09 +01:00
Ralf Jung
9ec1ad0a9c typo 2019-07-20 13:45:36 +02:00
Ralf Jung
7e3423c7ec actually memoffset also had an uninit-drop vuln, and that affects all versions ever published 2019-07-20 12:56:59 +02:00
Tony Arcieri
3a175b7b37 Assign RUSTSEC-2019-0012 to smallvec 
Original PR: https://github.com/RustSec/advisory-db/pull/127/
 2019-07-19 14:12:22 -07:00
Sergey "Shnatsel" Davidoff
150700481b Update RUSTSEC-0000-0000.toml 2019-07-19 21:45:40 +02:00
Sergey "Shnatsel" Davidoff
3b810f1c13 Add advisory for smallvec issue #149 2019-07-19 21:35:39 +02:00
Tony Arcieri
4d673eedf4 Assign RUSTSEC-2019-0011 to memoffset 
Original PR: https://github.com/RustSec/advisory-db/pull/124
 2019-07-17 09:50:31 -07:00
Ralf Jung
148b3d2dd0 add memoffset issue 2019-07-16 15:51:12 +02:00
Tony Arcieri
8b88d66355 Assign RUSTSEC-2019-0010 to libflate 
Original PR: https://github.com/RustSec/advisory-db/pull/122
 2019-07-07 11:25:05 -07:00
Sergey "Shnatsel" Davidoff
ab8ae78368 Merge branch 'master' into libflate-advisory 2019-07-07 18:45:59 +02:00
Sergey "Shnatsel" Davidoff
5eacb752b4 improve summary 2019-07-07 18:45:21 +02:00
Sergey "Shnatsel" Davidoff
6714149494 Add advisory for libflate 2019-07-07 18:43:49 +02:00
Tony Arcieri
985c55342a RUSTSEC-2019-0008: fix link to disclosure PR 2019-07-03 07:37:05 -07:00
Tony Arcieri
a20910b79f Assign RUSTSEC-2019-0009 to smallvec 
Original PR: https://github.com/RustSec/advisory-db/pull/119
 2019-07-03 06:57:06 -07:00
Sergey "Shnatsel" Davidoff
2cbddfd81d Drop comments from new smallvec advisory 2019-07-02 22:55:15 +02:00
Sergey "Shnatsel" Davidoff
7af1eac5b1 Rename tentative advisory to please CI 2019-06-30 20:11:34 +02:00
Sergey "Shnatsel" Davidoff
144eb01eef Add advisory for SmallVec issues #148 2019-06-30 20:04:20 +02:00
Tony Arcieri
f0a801979c Assign RUSTSEC-2019-0008 to simd-json 
Original PR: https://github.com/RustSec/advisory-db/pull/116
 2019-06-24 13:20:43 -07:00
Heinz N. Gies
8134840ade Remove comments and fix spelling 2019-06-24 21:11:55 +02:00
Heinz N. Gies
f65960fb51 Add advisory for segfault bug in simd-json.rs 2019-06-24 21:11:55 +02:00
Tony Arcieri
602f9252e1 Assign RUSTSEC-2019-0007 to asn1_der 
Original PR: https://github.com/RustSec/advisory-db/pull/113
 2019-06-24 09:48:05 -07:00
Tony Arcieri
67edcf34e4 Merge branch 'master' into master 2019-06-24 09:32:01 -07:00
c74d
63fbe9df35 RUSTSEC-2019-0006: Use -0005's format vuln wording 
As filed, advisory RUSTSEC-2019-0006 simply notes that certain
functions in the covered crate create a "format vulnerability". This
patch, following up on [an exchange of comments on GitHub][1], edits
advisory RUSTSEC-2019-0006 to summarize the risk introduced by a
format vulnerability, copying the wording of the associated advisory
RUSTSEC-2019-0005.

[1]: <https://github.com/RustSec/advisory-db/pull/107#pullrequestreview-250212575>
 2019-06-23 00:41:31 +00:00
KizzyCode
2bc9806042 Removed comments 2019-06-22 00:17:25 +02:00
KizzyCode
6117c44711 Removed erroneous unaffected versions 2019-06-22 00:05:04 +02:00
KizzyCode
90d22af332 Create RUSTSEC-0000-0000.toml 
Added vulnerability TOML for https://github.com/KizzyCode/asn1_der/issues/1
 2019-06-21 23:54:40 +02:00
Tony Arcieri
047a068ba7 Reassign ncurses vuln from RUSTSEC-2019-0004 => 0006 
RUSTSEC-2019-0004 is already assigned to a `libp2p-core` vulnerability.

Apparently we don't have tests to catch this? Unfortunate.
 2019-06-18 09:51:54 -07:00
Tony Arcieri
c4397fd8dc Assign RUSTSEC-2019-0005 to pancurses 
Original PR: https://github.com/RustSec/advisory-db/pull/108
 2019-06-18 09:28:49 -07:00
Tony Arcieri
759a11fa8c Assign RUSTSEC-2019-0004 to ncurses 
Original PR: https://github.com/RustSec/advisory-db/pull/107
 2019-06-18 09:27:56 -07:00
Tony Arcieri
5522c6c9b9 Merge branch 'master' into curses-funcs 2019-06-18 09:13:44 -07:00
Thom Chiovoloni
7e9fe78ade Add advisory for pancurses 2019-06-15 13:15:48 -07:00