OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 10:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
527 Commits 1 Branch 0 Tags
183f65dfd1ca02b2564ccc9df14718c636620642
Commit Graph

243 Commits

Author SHA1 Message Date
Tony Arcieri
183f65dfd1 Assign RUSTSEC-2020-0014 to rusqlite 
Original PR: https://github.com/RustSec/advisory-db/pull/267
 2020-04-24 12:40:14 -07:00
Tony Arcieri
dea12f0602 Merge pull request #267 from thomcc/rusqlite 
Add advisory for rusqlite
 2020-04-24 12:39:27 -07:00
Tony Arcieri
2d87929fc8 Assign RUSTSEC-2020-0013 to fake-static 
Original PR: https://github.com/RustSec/advisory-db/pull/270
 2020-04-24 12:37:27 -07:00
Tony Arcieri
79a4b2fe7f Merge pull request #270 from eduardosm/fake-static 
Add advisory for fake-static
 2020-04-24 12:36:49 -07:00
Tony Arcieri
a4b88992e9 Assign RUSTSEC-2020-0012 to os_str_bytes 
Original PR: https://github.com/RustSec/advisory-db/pull/269
 2020-04-24 12:35:29 -07:00
Tony Arcieri
e64a5618c6 Merge pull request #269 from eduardosm/os_str_bytes 
Add advisory for os_str_bytes
 2020-04-24 12:34:37 -07:00
Tony Arcieri
2a0ed62cd1 Assign RUSTSEC-2020-0011 to plutonium 
Original PR: https://github.com/RustSec/advisory-db/pull/268
 2020-04-24 12:30:55 -07:00
Eduardo Sánchez Muñoz
6e85444c98 Add advisory for fake-static 2020-04-24 12:57:07 +02:00
Naja Melan
ab1840c2be Try an empty array for patched versions. 
Co-Authored-By: Tony Arcieri <bascule@gmail.com>
 2020-04-24 06:05:59 +00:00
Eduardo Sánchez Muñoz
16a2f4c592 Add advisory for os_str_bytes 2020-04-24 00:23:27 +02:00
Naja Melan
b761cd7428 Advisory for plutonium. 2020-04-23 23:26:08 +02:00
Thom Chiovoloni
f8c59e28af Add advisory for rusqlite 2020-04-23 10:29:27 -07:00
Tony Arcieri
7a2a72d069 Assign RUSTSEC-2017-0007 to lz4-compress 
Original PR: https://github.com/RustSec/advisory-db/pull/264
 2020-04-16 17:23:59 -07:00
Sergey "Shnatsel" Davidoff
6282ddf273 change advisory number to pass the linter 2020-04-17 02:07:56 +02:00
Sergey "Shnatsel" Davidoff
bbcceb735f Mark lz4-compress as unmaintained 2020-04-17 02:04:58 +02:00
Tony Arcieri
c427489358 Assign RUSTSEC-2020-0010 to tiberius 
Original PR: https://github.com/RustSec/advisory-db/pull/262
 2020-04-16 08:59:42 -07:00
Tony Arcieri
cce1d47240 Add tiberius unmaintained advisory 2020-04-16 08:46:03 -07:00
Tony Arcieri
577308d91b Assign RUSTSEC-2020-0009 to flatbuffers 
Original PR: https://github.com/RustSec/advisory-db/pull/259
 2020-04-14 07:48:53 -07:00
Eduardo Sánchez Muñoz
4399b9e310 Improve advisory for flatbuffers. 2020-04-11 16:09:15 +02:00
Eduardo Sánchez Muñoz
cbeef93cf0 Add advisory for flatbuffers 2020-04-11 13:25:30 +02:00
Pavlos Poulakis
c22f80eb55 Add unaffected field to RUSTSEC-2020-0008. 2020-04-01 13:28:48 +01:00
Eliza Weisman
9889ed0831 Fix patched version for RUSTSEC-2020-0008 
The vulnerability description for advisory RUSTSEC-2020-0008, "Flaw in
hyper allows request smuggling by sending a body in GET requests", lists
an incorrect patched version. The advisory states that the vulnerability
was fixed in `hyper` 0.12.35, but `hyper`'s changelog [shows][1] that 
the patch (hyperium/hyper@23fc8b0) was published in 0.12.34. I believe
that this means that `cargo audit` will incorrectly report patched 
versions as vulnerable.

This PR corrects the listed version.

[1]: https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v01234-2019-09-04
 2020-03-31 10:41:53 -07:00
Tony Arcieri
6053e3a05f Assign RUSTSEC-2020-0008 to hyper 
Original PR: https://github.com/RustSec/advisory-db/pull/255
 2020-03-31 10:07:02 -07:00
Demi M. Obenour
91eed85346 Note that another vulnerability is needed for RCE 
Also make some trivial changes to pass the linter.
 2020-03-30 18:59:14 -04:00
Demi M. Obenour
8b6786f78c Merge branch 'master' into smuggling 2020-03-30 18:38:47 -04:00
Tony Arcieri
4de36fe70a Assign RUSTSEC-2020-0007 to bitvec 
Original PR: https://github.com/RustSec/advisory-db/pull/253
 2020-03-30 12:45:16 -07:00
Alexander Payne
70389f6a25 Report memory management error in bitvec 
See myrrlyn/bitvec#55
 2020-03-27 16:10:15 -06:00
Tony Arcieri
ab9cad4eba Assign RUSTSEC-2020-0006 to bumpalo 
Original PR: https://github.com/RustSec/advisory-db/pull/251
 2020-03-24 14:21:56 -07:00
Nick Fitzgerald
2a32306fa8 bumpalo: Report memory exposure bug in realloc 2020-03-24 14:12:17 -07:00
Tony Arcieri
da46c54637 Assign RUSTSEC-2020-0005 to cbox 
Original PR: https://github.com/RustSec/advisory-db/pull/246
 2020-03-23 09:25:44 -07:00
Tony Arcieri
d99e1f9c94 Merge branch 'master' into cbox 2020-03-23 09:09:25 -07:00
Paul Hummer
ca7a01db12 fix: update patched version for 2019-0028 
This patch updates the `RUSTSEC-2019-0028` advisory to show a patched
version is available. The patch was added [in PR 5554](https://github.com/google/flatbuffers/pull/5554),
and released with version `0.6.1`.
 2020-03-19 15:46:22 -06:00
Eduardo Sánchez Muñoz
ce9b3be5b3 Add advisory for cbox 2020-03-19 20:23:50 +01:00
Demi M. Obenour
0d7868ccb9 Add hyper request smuggling vulnerability 2020-03-19 11:41:39 -04:00
Sergey "Shnatsel" Davidoff
7797133c67 Add CVE mapping 2020-03-18 17:15:13 +01:00
Tony Arcieri
1880f0baf8 RUSTSEC-2016-0005: move md-5 crate to legacy algorithms 
https://www.kb.cert.org/vuls/id/836068/
 2020-03-15 15:43:02 -07:00
Steven Troxler
b02ff94044 Add md5 to RustCrypto digest algorithms 
When migrating a codebase off of rust-crypto, I encountered a few uses of the md5 digest, and realized that it was missing from this advisory. Since deprecations are good onboarding tasks for folks new to rust (like me), I figured it would be helpful to explicitly state here that RustCrypto has an `md-5` crate you can use as (almost) a drop-in replacement
 2020-03-14 14:32:08 -07:00
Tony Arcieri
ee50344262 RUSTSEC-2019-0031: add link to spinning_top 2020-03-13 09:05:42 -07:00
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Tony Arcieri
df7657d332 Fix broken/malformatted outbound links 2020-01-27 07:52:31 -08:00
Tony Arcieri
d8e872fd93 Assign RUSTSEC-2020-0004 to lucet-runtime-internals 
Original PR: https://github.com/RustSec/advisory-db/pull/229
 2020-01-27 07:19:15 -08:00
Tony Arcieri
723abd4d2b Merge pull request #229 from jfoote/master 
Add lucet-runtime-internals sigstack allocation vuln advisory
 2020-01-27 07:18:20 -08:00
Tony Arcieri
2b82281e54 Assign RUSTSEC-2020-0003 (informational) to rust_sodium 
Original PR: https://github.com/RustSec/advisory-db/pull/225
 2020-01-27 07:09:23 -08:00
Tony Arcieri
e5eeccda02 Merge branch 'master' into rust_sodium 2020-01-27 06:44:52 -08:00
Jonathan Foote
0271003e2e Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:36:06 -05:00
Jonathan Foote
3f1f71de9b Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:35:58 -05:00
Jonathan Foote
f8ff9cfc6f Add lucet-runtime-internals sigstack allocation vuln advisory 2020-01-24 15:27:56 -05:00
Stephen Coyle
b300fa84d7 Add unmaintained crate informational advisory: rust_sodium 2020-01-21 12:17:20 +00:00
Tony Arcieri
17e82e13d6 Assign RUSTSEC-2018-0016 to quickersort 
Original PR: https://github.com/RustSec/advisory-db/pull/210
 2020-01-20 07:05:35 -08:00
Tony Arcieri
e78d311ee1 Merge pull request #210 from EmbarkStudios/quickersort 
Add advisory for deprecated/unmaintained quickersort
 2020-01-20 06:37:58 -08:00