OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
240 Commits 1 Branch 0 Tags
09936b6d4b01cf34d00a9217f5e7edcde1f5cd0c
Commit Graph

99 Commits

Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
2cbddfd81d Drop comments from new smallvec advisory 2019-07-02 22:55:15 +02:00
Sergey "Shnatsel" Davidoff
7af1eac5b1 Rename tentative advisory to please CI 2019-06-30 20:11:34 +02:00
Sergey "Shnatsel" Davidoff
144eb01eef Add advisory for SmallVec issues #148 2019-06-30 20:04:20 +02:00
Tony Arcieri
f0a801979c Assign RUSTSEC-2019-0008 to simd-json 
Original PR: https://github.com/RustSec/advisory-db/pull/116
 2019-06-24 13:20:43 -07:00
Heinz N. Gies
8134840ade Remove comments and fix spelling 2019-06-24 21:11:55 +02:00
Heinz N. Gies
f65960fb51 Add advisory for segfault bug in simd-json.rs 2019-06-24 21:11:55 +02:00
Tony Arcieri
602f9252e1 Assign RUSTSEC-2019-0007 to asn1_der 
Original PR: https://github.com/RustSec/advisory-db/pull/113
 2019-06-24 09:48:05 -07:00
Tony Arcieri
67edcf34e4 Merge branch 'master' into master 2019-06-24 09:32:01 -07:00
c74d
63fbe9df35 RUSTSEC-2019-0006: Use -0005's format vuln wording 
As filed, advisory RUSTSEC-2019-0006 simply notes that certain
functions in the covered crate create a "format vulnerability". This
patch, following up on [an exchange of comments on GitHub][1], edits
advisory RUSTSEC-2019-0006 to summarize the risk introduced by a
format vulnerability, copying the wording of the associated advisory
RUSTSEC-2019-0005.

[1]: <https://github.com/RustSec/advisory-db/pull/107#pullrequestreview-250212575>
 2019-06-23 00:41:31 +00:00
KizzyCode
2bc9806042 Removed comments 2019-06-22 00:17:25 +02:00
KizzyCode
6117c44711 Removed erroneous unaffected versions 2019-06-22 00:05:04 +02:00
KizzyCode
90d22af332 Create RUSTSEC-0000-0000.toml 
Added vulnerability TOML for https://github.com/KizzyCode/asn1_der/issues/1
 2019-06-21 23:54:40 +02:00
Tony Arcieri
047a068ba7 Reassign ncurses vuln from RUSTSEC-2019-0004 => 0006 
RUSTSEC-2019-0004 is already assigned to a `libp2p-core` vulnerability.

Apparently we don't have tests to catch this? Unfortunate.
 2019-06-18 09:51:54 -07:00
Tony Arcieri
c4397fd8dc Assign RUSTSEC-2019-0005 to pancurses 
Original PR: https://github.com/RustSec/advisory-db/pull/108
 2019-06-18 09:28:49 -07:00
Tony Arcieri
759a11fa8c Assign RUSTSEC-2019-0004 to ncurses 
Original PR: https://github.com/RustSec/advisory-db/pull/107
 2019-06-18 09:27:56 -07:00
Tony Arcieri
5522c6c9b9 Merge branch 'master' into curses-funcs 2019-06-18 09:13:44 -07:00
Thom Chiovoloni
7e9fe78ade Add advisory for pancurses 2019-06-15 13:15:48 -07:00
Thom Chiovoloni
5466d5badf Add advisory for ncurses 2019-06-15 13:14:05 -07:00
Tony Arcieri
300f36a20d Assign RUSTSEC-2016-0003 to portaudio 
Original PR: https://github.com/RustSec/advisory-db/pull/104
 2019-06-06 17:34:55 -07:00
Jake McGinty
56350b2803 [portaudio] add build script RCE 2019-06-06 16:56:12 +09:00
Andronik Ordian
49bae94718 [protobuf] fix patched versions 2019-05-20 15:45:47 +02:00
Andronik Ordian
4b36267927 [libp2p-core] fix patched versions 2019-05-20 11:38:22 +02:00
Tony Arcieri
c300327fd6 RUSTSEC-2019-0003: Fix date 
Mistakenly logged as 2018
 2019-05-19 16:51:18 -07:00
Ossi Herrala
bfc6f36d20 protobuf 2.6.0 and 1.7.5 released with fix to this issue 2019-05-20 01:29:27 +03:00
Tony Arcieri
58a4d5b2a2 Assign RUSTSEC-2019-0004 to libp2p-core 2019-05-15 13:41:19 -07:00
Tony Arcieri
ec1cf8ffb1 Assign RUSTSEC-2019-0003 to protobuf 2019-05-15 13:40:57 -07:00
Pierre Krieger
924dd24c23 Add libp2p ed25519 signature verification failure 2019-05-15 21:31:10 +02:00
Gerardo Di Giacomo
1a8bf5bc41 fixed key name 2019-05-15 09:30:53 -07:00
Gerardo Di Giacomo
f97b9a0ad3 Update RUSTSEC-0000-0000.toml 2019-05-14 19:44:00 -07:00
Gerardo Di Giacomo
2885752bf5 Add protobuf out-of-memory vulnerability 2019-05-14 19:35:30 -07:00
Tony Arcieri
f14a0d9738 Assign RUSTSEC-2019-0002 to slice-deque 2019-05-07 12:13:52 -07:00
gnzlbg
7412cdbd7f Fix file name 2019-05-07 19:39:14 +02:00
gnzlbg
7de8dba6b5 Add advisory for slice-deque 2019-05-07 19:30:37 +02:00
Tony Arcieri
75a40b530a Assign RUSTSEC-2019-0001 to ammonia 
Original PR: https://github.com/RustSec/advisory-db/pull/93
 2019-05-04 16:39:43 -07:00
Konrad Borowski
aaf99ec45d Add advisory for ammonia 2019-04-28 15:06:27 +02:00
Tony Arcieri
bf5fbb02da Assign RUSTSEC-2018-0013 to safe-transmute 
Original PR: https://github.com/RustSec/advisory-db/pull/89
 2019-03-03 08:15:26 -08:00
nabijaczleweli
b34dcfbeaf Optimisation in the wake of lack of docuemntation 2019-03-02 21:08:30 +01:00
nabijaczleweli
0eb9b4e364 Split affected_paths 2019-03-02 20:39:10 +01:00
nabijaczleweli
103630159d Replace affected_functions with affected_paths 2019-03-02 18:49:14 +01:00
nabijaczleweli
3a073396ba Add safe_transmute vec2vec transmutation bug 
Ref: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
 2019-03-02 17:32:29 +01:00
Tony Arcieri
5ffa5a8861 Assign RUSTSEC-2018-0012 to orion 
Original PR: https://github.com/RustSec/advisory-db/pull/87
 2019-02-13 16:31:27 -08:00
brycx
0ce0b2bb0f Add orion advisory 2019-02-12 09:14:33 +01:00
Tony Arcieri
782efebde9 Revert "Add affected functions to legacy security warnings (#83)" 
This reverts commit 0a981e2b6f.

These now need to use the new `affected_paths` attribute, which has a
different (VersionReq-bucketed) format.
 2019-01-13 17:31:25 -08:00
Moritz Beller
0a981e2b6f Add affected functions to legacy security warnings (#83) 
Add affected functions to advisories

Add `affected_functions` to:

- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
 2018-12-21 06:11:32 -08:00
Tony Arcieri
ff0b4e0703 Assign RUSTSEC-2018-0011 to arrayfire 
Original PR: https://github.com/RustSec/advisory-db/pull/80
 2018-12-18 18:14:37 -08:00
pradeep
e010bc1307 Add memory-corruption keyword to arrayfire rustsec 2018-12-18 23:30:09 +05:30
pradeep
9dd2785e95 Enum repr memory corruption in arrayfire crate 2018-12-18 23:25:30 +05:30
Tony Arcieri
ac8b248cfd Assign RUSTSEC-2018-0010 to openssl 
Original PR: https://github.com/RustSec/advisory-db/pull/77
 2018-12-16 10:08:17 -08:00
Alex Gaynor
dc704601c0 Request RUSTSEC for resolved UAF in OpenSSL 2018-12-10 19:48:20 -05:00
Tony Arcieri
33da41e6aa Assign RUSTSEC-2018-0009 to crossbeam 
Original PR: https://github.com/RustSec/advisory-db/pull/75
 2018-12-09 09:42:17 -08:00