OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,462 Commits 1 Branch 0 Tags
0f2bc2d6eefd4b1ba4fcef3caae4965dee8ed71e
Commit Graph

940 Commits

Author SHA1 Message Date
Tony Arcieri
0f2bc2d6ee Add unmaintained crate advisory for cosmos_sdk (#1010) 
It has been renamed to `cosmrs`:

https://github.com/cosmos/cosmos-rust/tree/main/cosmrs
 2021-08-25 08:47:17 -06:00
github-actions[bot]
1be9534293 Assigned RUSTSEC-2021-0098 to openssl-src (#1009) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-08-24 17:53:35 +02:00
Alexis Mousset
10b6f1e350 add cve-2021-3712 for openssl-src (#1007) 2021-08-24 17:52:03 +02:00
github-actions[bot]
ceea398762 Assigned RUSTSEC-2021-0097 to openssl-src (#1008) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-24 09:37:57 -06:00
Alexis Mousset
100b12d997 add cve-2021-3711 for openssl-src (#1006) 2021-08-24 09:36:20 -06:00
github-actions[bot]
9f1d4c902c Assigned RUSTSEC-2021-0096 to spirv_headers (#1005) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-23 08:34:15 -06:00
Jasper Bekkers
2f117ce3f1 spirv_headers is deprecated (#982) 
* spirv_headers is deprecated

* Update crates/spirv_headers/RUSTSEC-0000-0000

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* Rename RUSTSEC-0000-0000 to RUSTSEC-0000-0000.md

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-23 08:17:39 -06:00
Marijn Suijten
d711272311 ash: RUSTSEC-2021-0090 has been patched in 0.33.1 (#1004) 
https://github.com/MaikKlein/ash/issues/354 was fixed in https://github.com/MaikKlein/ash/pull/470.
 2021-08-23 15:04:28 +03:00
Sergey "Shnatsel" Davidoff
45f9665f13 Fix CVE alias CVE-2020-35920 (#1003) 
* drop wrong alias in net2 advisory

* add CVE-2020-35920 alias to the proper crate
 2021-08-23 13:51:39 +03:00
Niklas Fiekas
101d914e04 RUSTSEC-2021-0089 has been patched in raw-cpuid 9.1.1 (#1002) 2021-08-22 12:43:52 +03:00
github-actions[bot]
b6a20c1ba3 Assigned RUSTSEC-2021-0095 to mopa (#1001) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:48:14 -06:00
kotauskas
59cdbf2173 mopa is technically unsound (#927) 
* Added the mopa vulnerability

* Update crates/mopa/RUSTSEC-0000-0000.md

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-21 19:46:55 -06:00
github-actions[bot]
4b01805939 Assigned RUSTSEC-2021-0094 to rdiff (#1000) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:46:40 -06:00
Ammar Askar
89842247a4 Add advisory for out-of-bounds read in rdiff (#862) 
* Add advisory for out-of-bounds read in rdiff

* Update crates/rdiff/RUSTSEC-0000-0000.md

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-21 19:44:58 -06:00
github-actions[bot]
14af874fad Assigned RUSTSEC-2021-0093 to crossbeam-deque (#999) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:44:22 -06:00
Taiki Endo
670b28875f Add advisory for data race in crossbeam-deque (#970) 2021-08-21 19:43:00 -06:00
github-actions[bot]
8d3e99a38a Assigned RUSTSEC-2021-0092 to messagepack-rs (#998) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:41:04 -06:00
Ammar Askar
460ac8be0d Add advisory for uninitialized exposure in messagepack-rs (#835) 2021-08-21 19:39:40 -06:00
github-actions[bot]
cf6f9d252e Assigned RUSTSEC-2021-0091 to gfx-auxil (#997) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:39:27 -06:00
Youngsuk Kim
22325889a4 gfx-auxil: Read on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() ) (#681) 
* Report 0101-gfx-auxil to RustSec

* add 'informational = unsound'
 2021-08-21 19:38:06 -06:00
github-actions[bot]
2645debec2 Assigned RUSTSEC-2021-0090 to ash (#996) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:37:52 -06:00
Youngsuk Kim
690cf95635 ash: Reading on uninitialized memory may cause UB ( util::read_spv() ) (#680) 
* Report 0098-ash to RustSec

* Add 'informational = unsound'
 2021-08-21 19:36:30 -06:00
github-actions[bot]
7bf5619877 Assigned RUSTSEC-2021-0089 to raw-cpuid (#995) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:36:17 -06:00
Niklas Fiekas
7d12d9524b raw-cpuid: Optional Deserialize implementations lacking validation (#671) 2021-08-21 19:34:59 -06:00
github-actions[bot]
e6e533abfa Assigned RUSTSEC-2021-0088 to csv-sniffer (#994) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:34:42 -06:00
Youngsuk Kim
2e4cdf36d0 csv-sniffer: reading on uninitialized memory may cause undefined behavior (#666) 
* Report 0092-csv-sniffer to RustSec

* informational = "unsound"
 2021-08-21 19:33:07 -06:00
github-actions[bot]
ec590b08b7 Assigned RUSTSEC-2020-0155 to acc_reader (#993) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:32:53 -06:00
Youngsuk Kim
25838dcf1d acc_reader: API Soundness issue in fill_buf() and read_up_to() (#664) 
* Report 0079-acc_reader to RustSec

* informational = "unsound"
 2021-08-21 19:30:45 -06:00
github-actions[bot]
03144b1978 Assigned RUSTSEC-2020-0154 to buffoon (#992) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:30:23 -06:00
Youngsuk Kim
09e0afc373 buffoon: InputStream::read_exact : Reading into an uninitialized buffer may cause UB (#663) 
* Report 0081-buffoon to RustSec

* informational = "unsound"
 2021-08-21 19:28:07 -06:00
github-actions[bot]
06d14ff7f7 Assigned RUSTSEC-2021-0087 to columnar (#991) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:27:48 -06:00
Youngsuk Kim
72e61b6d12 columnar: Reading on uninitialized buffer may cause UB (#662) 
* Report 0102-columnar to RustSec

* informational = "unsound"
 2021-08-21 19:25:59 -06:00
github-actions[bot]
4a51eedb08 Assigned RUSTSEC-2021-0086 to flumedb (#990) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:25:44 -06:00
Youngsuk Kim
c487b0ceea flumedb: Reading on uninitialized buffer may cause UB ( read_entry() ) (#661) 
* Report 0100-flumedb to RustSec

* informational = "unsound"
 2021-08-21 19:23:49 -06:00
github-actions[bot]
383c6359f5 Assigned RUSTSEC-2021-0085 to binjs_io (#989) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:23:35 -06:00
Youngsuk Kim
9e4db05abc binjs_io: 'Read' on uninitialized memory may cause UB (#660) 
* Report 0088-binjs_io to RustSec

* informational = "unsound"
 2021-08-21 19:20:15 -06:00
github-actions[bot]
9039912764 Assigned RUSTSEC-2021-0084 to bronzedb-protocol (#988) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:20:01 -06:00
Youngsuk Kim
10843f8372 bronzedb-protocol: Read on uninitialized buffer can cause UB (impl of ReadKVExt) (#659) 
* Report 0087-bronzedb-protocol to RustSec

* informational = "unsound"
 2021-08-21 19:18:33 -06:00
Alexis Mousset
e9382c8680 Fix typos in advisories (#976) 2021-08-21 19:18:11 -06:00
github-actions[bot]
7765af95c4 Assigned RUSTSEC-2021-0083 to derive-com-impl (#987) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:17:47 -06:00
apennamen
ef71611e6a Add advisory for potential memory corruption in derive-com-impl (#649) 2021-08-21 19:16:19 -06:00
github-actions[bot]
9c5df457e5 Assigned RUSTSEC-2020-0153 to bite (#986) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:15:34 -06:00
Youngsuk Kim
b4b68c19bc bite: Read on uninitialized memory (#593) 
* bite: Read on uninitialized memory

* informational = "unsound"
 2021-08-21 19:08:46 -06:00
github-actions[bot]
68d6f5afa9 Assigned RUSTSEC-2021-0082 to vec-const (#985) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:08:23 -06:00
Ben Kimock
01c59cafdb Report vec-const as unsound (#981) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-21 19:07:03 -06:00
diwic
f20b53ca89 Patched release of reffers (#984) 
I'm not sure anyone uses this old crate but if they do, at least now they have a fixed version.
 2021-08-21 12:38:49 +03:00
Sergey "Shnatsel" Davidoff
e0fda3fe9b add CVE alias to RUSTSEC-2021-0081(actix-http) (#983) 2021-08-17 22:07:01 +03:00
kpcyrd
67da87fc89 Update RUSTSEC-2021-0080 [affected] version (#980) 2021-08-11 00:54:42 +03:00
Remi Rampin
01bad82da9 Add fix for RUSTSEC-2021-0080 (#979) 2021-08-10 19:52:04 +03:00
github-actions[bot]
e692597283 Assigned RUSTSEC-2021-0081 to actix-http (#978) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-08-10 12:12:52 +03:00