OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 09:10:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,437 Commits 1 Branch 0 Tags
2e4cdf36d0955f8f2c5288c0175dfcec93eac859
Commit Graph

1437 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Youngsuk Kim
2e4cdf36d0 csv-sniffer: reading on uninitialized memory may cause undefined behavior (#666) 
* Report 0092-csv-sniffer to RustSec

* informational = "unsound"
 2021-08-21 19:33:07 -06:00
github-actions[bot]
ec590b08b7 Assigned RUSTSEC-2020-0155 to acc_reader (#993) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:32:53 -06:00
Youngsuk Kim
25838dcf1d acc_reader: API Soundness issue in fill_buf() and read_up_to() (#664) 
* Report 0079-acc_reader to RustSec

* informational = "unsound"
 2021-08-21 19:30:45 -06:00
github-actions[bot]
03144b1978 Assigned RUSTSEC-2020-0154 to buffoon (#992) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:30:23 -06:00
Youngsuk Kim
09e0afc373 buffoon: InputStream::read_exact : Reading into an uninitialized buffer may cause UB (#663) 
* Report 0081-buffoon to RustSec

* informational = "unsound"
 2021-08-21 19:28:07 -06:00
github-actions[bot]
06d14ff7f7 Assigned RUSTSEC-2021-0087 to columnar (#991) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:27:48 -06:00
Youngsuk Kim
72e61b6d12 columnar: Reading on uninitialized buffer may cause UB (#662) 
* Report 0102-columnar to RustSec

* informational = "unsound"
 2021-08-21 19:25:59 -06:00
github-actions[bot]
4a51eedb08 Assigned RUSTSEC-2021-0086 to flumedb (#990) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:25:44 -06:00
Youngsuk Kim
c487b0ceea flumedb: Reading on uninitialized buffer may cause UB ( read_entry() ) (#661) 
* Report 0100-flumedb to RustSec

* informational = "unsound"
 2021-08-21 19:23:49 -06:00
github-actions[bot]
383c6359f5 Assigned RUSTSEC-2021-0085 to binjs_io (#989) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:23:35 -06:00
Youngsuk Kim
9e4db05abc binjs_io: 'Read' on uninitialized memory may cause UB (#660) 
* Report 0088-binjs_io to RustSec

* informational = "unsound"
 2021-08-21 19:20:15 -06:00
github-actions[bot]
9039912764 Assigned RUSTSEC-2021-0084 to bronzedb-protocol (#988) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:20:01 -06:00
Youngsuk Kim
10843f8372 bronzedb-protocol: Read on uninitialized buffer can cause UB (impl of ReadKVExt) (#659) 
* Report 0087-bronzedb-protocol to RustSec

* informational = "unsound"
 2021-08-21 19:18:33 -06:00
Alexis Mousset
e9382c8680 Fix typos in advisories (#976) 2021-08-21 19:18:11 -06:00
github-actions[bot]
7765af95c4 Assigned RUSTSEC-2021-0083 to derive-com-impl (#987) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:17:47 -06:00
apennamen
ef71611e6a Add advisory for potential memory corruption in derive-com-impl (#649) 2021-08-21 19:16:19 -06:00
github-actions[bot]
9c5df457e5 Assigned RUSTSEC-2020-0153 to bite (#986) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:15:34 -06:00
Youngsuk Kim
b4b68c19bc bite: Read on uninitialized memory (#593) 
* bite: Read on uninitialized memory

* informational = "unsound"
 2021-08-21 19:08:46 -06:00
github-actions[bot]
68d6f5afa9 Assigned RUSTSEC-2021-0082 to vec-const (#985) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:08:23 -06:00
Ben Kimock
01c59cafdb Report vec-const as unsound (#981) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-21 19:07:03 -06:00
diwic
f20b53ca89 Patched release of reffers (#984) 
I'm not sure anyone uses this old crate but if they do, at least now they have a fixed version.
 2021-08-21 12:38:49 +03:00
Sergey "Shnatsel" Davidoff
e0fda3fe9b add CVE alias to RUSTSEC-2021-0081(actix-http) (#983) 2021-08-17 22:07:01 +03:00
kpcyrd
67da87fc89 Update RUSTSEC-2021-0080 [affected] version (#980) 2021-08-11 00:54:42 +03:00
Remi Rampin
01bad82da9 Add fix for RUSTSEC-2021-0080 (#979) 2021-08-10 19:52:04 +03:00
github-actions[bot]
e692597283 Assigned RUSTSEC-2021-0081 to actix-http (#978) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-08-10 12:12:52 +03:00
Rob Ede
7a42cb7e08 add advisory for actix-http HRS (#977) 
* add actix-http HRS

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Adjust version ranges to make a hypothetical 4.0.0 patched

* drop nonexistent category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-08-10 12:11:38 +03:00
ZSchoen
541c537a23 added specific affected functions to CVE-2021-29922 (#975) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-09 05:15:56 -07:00
github-actions[bot]
ce76490feb Assigned RUSTSEC-2021-0080 to tar (#974) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 13:16:32 -07:00
kpcyrd
158cd653ca Add directory traversal for tar (#965) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-08 12:53:24 -07:00
github-actions[bot]
82ce1aa716 Assigned RUSTSEC-2021-0079 to hyper (#973) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 12:41:08 -07:00
BlackHoleFox
3a5de9c7b5 Add advisory for hyper Transfer-Encoding header parsing (#968) 2021-08-08 12:39:37 -07:00
github-actions[bot]
255194ae7a Assigned RUSTSEC-2021-0078 to hyper (#972) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 12:39:12 -07:00
BlackHoleFox
0148dead3a Add advisory for hyper Content-Length header parsing (#967) 2021-08-08 12:36:02 -07:00
ZSchoen
a81783c627 added CVE-2021-29922 (#971) 2021-08-08 12:35:13 -07:00
github-actions[bot]
1db7602857 Assigned RUSTSEC-2021-0077 to better-macro (#969) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-07-26 13:46:07 -07:00
Jeremy Fitzhardinge
8af7718d8f better-macro has deliberate RCE in proc-macro (#966) 
It's "Proving A Point" in
https://github.com/raycar5/better-macro/blob/master/doc/hi.md but there's
no guarantee that this will remain benign (or is actually benign right
now). The crate also has no useful functionality.
 2021-07-26 13:39:47 -07:00
github-actions[bot]
e20838a4ff Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-13 15:47:59 +03:00
Martin Pugh
e95d360049 Add advisory for libsecp256k1 (#963) 
* add advisory

* fix formatting
 2021-07-13 15:46:23 +03:00
github-actions[bot]
4792a373b1 Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-09 06:07:19 +02:00
Pratyush Mishra
674daf6fae ark_r1cs_std::mul_by_inverse generated unsound constraints in versions below 0.3.1 (#961) 
* `ark_r1cs_std::mul_by_inverse` was unsound in versions below `0.3.1`

* Fix category

* Add link to PR
 2021-07-09 06:06:05 +02:00
Sergey "Shnatsel" Davidoff
730c1e815a Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960) 
This reverts commit a9c31a6e25.
 2021-07-08 21:09:27 +02:00
github-actions[bot]
2d60adf54f Assigned RUSTSEC-2021-0074 to ammonia (#959) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 20:48:05 +02:00
Michael Howell
3533e434a6 Add rust-ammonia/ammonia#142 (#956) 
* Add rust-ammonia/ammonia#142

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md
 2021-07-08 20:46:50 +02:00
Sergey "Shnatsel" Davidoff
a9c31a6e25 Hotfix #957 until we figure out what to do with it (#958) 2021-07-08 20:34:15 +02:00
github-actions[bot]
7629432184 Assigned RUSTSEC-2021-0073 to prost-types (#955) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 19:27:50 +02:00
Lucio Franco
1889bffd67 prost-types: Timestamp conversion overflow (#954) 2021-07-08 19:25:47 +02:00
Sergey "Shnatsel" Davidoff
cbeaf18e2b Made RUSTSEC-2021-0072 not affect tokio 2.0 and later 2021-07-08 01:26:08 +02:00
github-actions[bot]
01ac699fd5 Assigned RUSTSEC-2021-0072 to tokio (#952) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 01:09:42 +02:00
Alice Ryhl
6f2157cba4 Add advisory for race condition in Tokio (#951) 
* Add RUSTSEC for tokio#3929

* Update version range

* Wrap with code fences

* Add advisory information

* Add unaffected

* Don't use tilde in version specification

it's not yet supported by rustsec v0.24

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-07-08 01:08:31 +02:00
Yechan Bae
afbc0dc9e1 Update five std CVEs (#946) 2021-07-06 12:36:13 -06:00