OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 01:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
56 Commits 1 Branch 0 Tags
0a1d62c88d7e65c14e9a680c962bae4e5a9727a2
Commit Graph

21 Commits

Author SHA1 Message Date
Tony Arcieri
0a1d62c88d Advisories.toml: Fix RUSTSEC-2018-0002 
`RUSTSEC-2018-0002` was previously assigned to `tar`, but never added to
`Advisories.toml`.

The merge workflow for this could definitely use some
improvements/automation.
 2018-07-19 19:26:08 -07:00
Tony Arcieri
7855ffa911 Assign RUSTSEC-2018-0003 to smallvec 
Original PR:

https://github.com/RustSec/advisory-db/pull/30
 2018-07-19 19:20:54 -07:00
Matt Brubeck
fd11c62bc5 Advisory: Possible double free in SmallVec::insert_many 
For details, see:

* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
 2018-07-19 15:00:38 -07:00
Alex Crichton
1e553ef856 Aribtrary filesystem writes in tar 0.4.15 and older 
More details inside!
 2018-06-29 13:19:26 -07:00
Tony Arcieri
3c0458d26b Assign RUSTSEC-2018-0001 to untrusted 
Original PR:

https://github.com/RustSec/advisory-db/pull/24
 2018-06-26 00:13:01 +01:00
Ossi Herrala
f5c8d09051 An integer underflow in untrusted 0.6.1 and older 2018-06-25 21:56:39 +03:00
Corey Farwell
18d848d456 RUSTSEC-2017-0004 is also known as CVE-2017-1000430 2017-12-29 13:49:40 -08:00
Tony Arcieri
ce29282ad4 RUSTSEC-2017-0001 is also known as CVE-2017-1000168 2017-08-24 08:45:54 -07:00
Tony Arcieri
fafc60ceee Assign RUSTSEC-2017-0005 to cookie 
Original PR:

https://github.com/RustSec/advisory-db/pull/22
 2017-05-08 07:56:46 -07:00
Erick Tryzelaar
bfcf9e99c2 Advisory: cookie denial of service 2017-05-07 16:06:21 -07:00
Tony Arcieri
524d876a8a Assign RUSTSEC-2017-0004 to base64 
Original PR:

https://github.com/RustSec/advisory-db/pull/21
 2017-05-04 09:52:29 -07:00
Andrew Ayer
b9a0862f48 Advisory: base64 heap-based buffer overflow 2017-05-03 17:05:46 -07:00
Tony Arcieri
e6b5f1a74f Assign RUSTSEC-2017-0003 to security-framework 
Original PR:

https://github.com/RustSec/advisory-db/pull/16
 2017-03-15 22:34:43 -07:00
Steven Fackler
ffb475d466 Advisory: security-framework hostname verification bypass 2017-03-15 11:47:14 -07:00
Tony Arcieri
e867ef7194 Assign RUSTSEC-2017-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/12
 2017-02-28 09:02:18 -08:00
Sean McArthur
4597f51b45 add advisory for hyper message splitting vulnerability 2017-02-27 15:13:17 -08:00
Tony Arcieri
05af1866b1 Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name" 
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"

This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
 2017-02-26 00:26:22 -08:00
Tony Arcieri
f4dbb0d82c Rename package TOML attribute to crate_name 
The correct name for a Rust package is a "crate", so something with "crate" is
less ambiguous than "package".

However, "crate" itself is a Rust keyword. To avoid clashes in Rust code which
uses this same attribute name, "crate_name" can be used instead unambigously.
 2017-02-25 23:13:36 -08:00
Tony Arcieri
dc3301d1e4 Add date to RUSTSEC-2017-0001 2017-02-25 16:47:52 -08:00
Tony Arcieri
6f3b266664 Assign RUSTSEC-2017-0001 to sodiumoxide 
Original PR:

https://github.com/RustSec/advisory-db/pull/4
 2017-02-25 16:46:26 -08:00
Tony Arcieri
1a18a429fc Advisory: sodiumoxide degenerate public keys 
Fixed in sodiumoxide 0.0.14.

See: https://github.com/dnaq/sodiumoxide/issues/154
 2017-02-25 16:28:44 -08:00