OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-21 10:58:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,712 Commits 1 Branch 0 Tags
19bb42eae666a1445f1e362ffb8e308ab98ba946
Commit Graph

1166 Commits

Author SHA1 Message Date
github-actions[bot]
19bb42eae6 Assigned RUSTSEC-2022-0044 to markdown (#1330) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 20:21:17 +10:00
Dylan Anthony
f3a8bd7e5b List markdown as unmaintained (#1191) 
* List `markdown` as unmaintained

The `markdown` crate is, naturally, the first one that comes up if you're searching crates.io for "markdown". Unfortunately, that particular crate has not received any updates since November of 2020 despite several known issues with open PRs. I opened https://github.com/johannhof/markdown.rs/issues/48 to request an update on maintenance status nearing a month ago and have no heard anything back.
 2022-08-08 20:20:28 +10:00
pinkforest(she/her)
3b3160baec Fix async-graphql patched (#1326) 2022-08-06 16:41:24 +10:00
pinkforest(she/her)
bd30502590 Move tower-http out from year 2021 (#1319) 
* Move tower-http out from year 2021

* Yank tower-http 2021
 2022-08-05 00:07:54 +02:00
github-actions[bot]
cfdc01461d Assigned RUSTSEC-2022-0043 to tower-http (#1321) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-05 00:07:43 +02:00
pinkforest(she/her)
2827f80af4 Add tower-http 2022 version (#1320) 2022-08-05 00:06:52 +02:00
github-actions[bot]
0db59724bf Assigned RUSTSEC-2022-0042 to rustdecimal (#1318) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-04 23:10:46 +02:00
pinkforest(she/her)
4f53bcba87 Add malicious crate rustdecimal (#1317) 2022-08-04 23:09:40 +02:00
Sergey "Shnatsel" Davidoff
259257927a Revert "Add advisory rustdecimal (#1312)" (#1313) 
This reverts commit 52cb9759dc.
 2022-08-04 22:29:06 +02:00
pinkforest(she/her)
52cb9759dc Add advisory rustdecimal (#1312) 2022-08-04 22:20:29 +02:00
Tony Arcieri
36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
 2022-08-04 13:52:46 -06:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00
pinkforest(she/her)
3ee71b8734 Add Crossbeam AtomicCell<*64> Soundness #1203 (#1304) 
* Add Crossbeam AtomicCell<*64> Soundness #1203
* Address @amousset feedback
 2022-08-04 23:55:01 +10:00
github-actions[bot]
e0c209077f Assigned RUSTSEC-2022-0040 to owning_ref (#1301) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-02 21:47:23 +02:00
Sergey "Shnatsel" Davidoff
ff384c3d46 Initial advisory for owning_ref unsoundness (#1188) 
* Initial advisory for owning_ref unsoundness

* move owning_ref advisory to a subfolder where it belongs

* Add OwningRef::map is unsound to owning_ref

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-02 21:41:46 +02:00
github-actions[bot]
d8dd62801c Assigned RUSTSEC-2021-0136 to sass-rs (#1300) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:19:28 +10:00
Christopher Durham
9b48cb22a1 sass-rs is deprecated (#1228) 
* sass-rs is deprecated

* Fix format
 2022-08-03 04:18:05 +10:00
github-actions[bot]
a36ba66817 Assigned RUSTSEC-2022-0039 to odbc (#1299) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:15:56 +10:00
Bruno Bigras
0387267821 Add unmaintained advisory for odbc (#1151) 
fix #1044
 2022-08-03 04:13:42 +10:00
github-actions[bot]
ec93834e77 Assigned RUSTSEC-2022-0037 to async-graphql, RUSTSEC-2022-0038 to juniper (#1298) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:59:55 +10:00
Dirkjan Ochtman
259863da4f Add advisories for async-graphql/juniper denial of service issues (#1290) 
* Add advisory for async-graphql DoS issue

* Add advisory for juniper DoS issue
 2022-08-03 03:58:29 +10:00
github-actions[bot]
e4ac884b59 Assigned RUSTSEC-2022-0036 to r2d2_odbc (#1297) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:34:36 +10:00
pinkforest(she/her)
c568a8a3bc Fix r2d2_odbc name (#1296) 
* Fix r2d2_odbc name
 2022-08-03 03:32:03 +10:00
Bruno Bigras
d8e134f108 Add unmaintained advisory for r2d2-odbc (#1150) 
fix #1097
 2022-08-03 03:14:56 +10:00
github-actions[bot]
6a31ac7433 Assigned RUSTSEC-2020-0163 to term_size (#1295) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 00:03:23 +10:00
LingMan
b0fc002bcd Add unmaintained advisory for term_size (#1275) 2022-08-03 00:01:14 +10:00
Evan Richter
fdbc12eb9f fix typo in advisory date (#1294) 2022-08-01 18:35:31 -04:00
github-actions[bot]
2618960a7f Assigned RUSTSEC-2022-0035 to websocket (#1293) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-01 21:21:57 +02:00
Vitaly Shukela
7d36edf537 Add advisory for websocket (#1291) 
* Add advisory for websocket

* Update RUSTSEC-0000-0000.md

* Add text to websocket advisory

* Add title to fix CI

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-08-01 21:19:33 +02:00
github-actions[bot]
36df8a4efc Assigned RUSTSEC-2022-0034 to pkcs11 (#1283) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-07-25 11:19:15 -06:00
Ionuț Mihalcea
48214447df Add advisory for pkcs11 (#1282) 
Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
 2022-07-23 08:29:34 -06:00
github-actions[bot]
2718c2db84 Assigned RUSTSEC-2022-0033 to openssl-src (#1279) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:48:56 +02:00
Alexis Mousset
d820cf991c Add advisory for openssl CVE-2022-2274 (#1276) 2022-07-05 14:44:40 +02:00
github-actions[bot]
1c17612a36 Assigned RUSTSEC-2022-0032 to openssl-src (#1278) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:44:23 +02:00
Alexis Mousset
6f8de93f84 Add advisory for openssl CVE-2022-2097 (#1277) 2022-07-05 14:33:40 +02:00
github-actions[bot]
b4ed922847 Assigned RUSTSEC-2022-0031 to rulex (#1274) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 22:01:26 +02:00
Evan Richter
d0e82ff0d7 rulex advisory for string indexing panic (#1272) 2022-06-26 21:48:57 +02:00
github-actions[bot]
03ab8e5349 Assigned RUSTSEC-2022-0030 to rulex (#1273) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 21:44:13 +02:00
Evan Richter
c188be71e2 rulex advisory for stack overflow (#1271) 2022-06-26 21:42:00 +02:00
8573
7381319981 Copyedit RUSTSEC-2021-0122 (#1269) 
Apply some copyedits to the text introduced by #1268.  Add a missing
comma; inflect "be" better; and use normal quotation marks rather than
backticks around the word "safe", referring to Safe Rust, as, unlike
`unsafe`, "safe" is not Rust syntax.
 2022-06-25 14:06:03 +02:00
Andrew Lamb
9e0c88bd78 Clarify flatbuffers RUSTSEC-2021-0122.md (#1268) 
It may be hard for non Rust experts to understand what the implications of "is `unsafe` but not marked as such" means

I propose adding some more supporting information
 2022-06-24 16:17:18 +02:00
Sergey "Shnatsel" Davidoff
49fb6c0b94 Revert "Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263)" (#1264) 
This reverts commit 7cbdcd8500.
 2022-06-20 14:19:49 +02:00
pinkforest(she/her)
7cbdcd8500 Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263) 
* Fix advisory openssl-src 111 stream patched

* not a semver

* make 111 affected
 2022-06-17 13:15:51 +02:00
github-actions[bot]
f10f232879 Assigned RUSTSEC-2022-0029 to crossbeam (#1261) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-08 01:12:13 +02:00
Sergey "Shnatsel" Davidoff
e8ef9ea980 Add patched version to im RUSTSEC-2020-0096 (#1259) 2022-06-08 01:10:26 +02:00
Ben Kimock
6a769d1d24 Report data race/memory corruption in crossbeam 0.2 (#1260) 2022-06-08 01:10:09 +02:00
Tony Arcieri
f79eb4bad9 Revert "Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242)" (#1258) 
This reverts commit a47cd63007.

The advisory was withdrawn based on discussions around whether read-only
environment variable access constitutes a vulnerability.

However, per the `time` crate's author @jhpratt, the crate also modifies
the environment and therefore the advisory should *not* be withdrawn:

https://github.com/rustsec/advisory-db/pull/1242#issuecomment-1144903688
 2022-06-02 08:37:44 -06:00
github-actions[bot]
29281434b7 Assigned RUSTSEC-2022-0028 to neon (#1257) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-05-23 16:11:11 -04:00
K.J. Valencik
b3bf55706f Use after free in Neon externally allocated JavaScript buffers (#1256) 2022-05-23 16:05:22 -04:00