OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
102 Commits 1 Branch 0 Tags
2f2af6807cfcfd1bc5a38f04f52d1a8f6a42bd8a
Commit Graph

102 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
2f2af6807c Merge pull request #52 from RustSec/rustsec-0-9 
Upgrade to "rustsec" crate v0.9.0
 2018-07-26 20:47:41 -07:00
Tony Arcieri
7d9d0973cc Upgrade to "rustsec" crate v0.9.0 2018-07-26 20:42:51 -07:00
Tony Arcieri
31502e1ce6 Merge pull request #51 from RustSec/add-new-advisories-to-advisories-toml 
Advisories.toml: Add RUSTSEC-2016-0001 and RUSTSEC-2016-0002
 2018-07-24 16:55:11 -07:00
Tony Arcieri
32103ed82b Advisories.toml: Add RUSTSEC-2016-0001 and RUSTSEC-2016-0002 
Adds the newly merged (but oldest chronological!) advisories into
the `Advisories.toml` file (which can go away pending #29)
 2018-07-24 16:49:01 -07:00
Tony Arcieri
773685e2fb Merge pull request #50 from RustSec/keywords 
Keywords
 2018-07-24 16:07:10 -07:00
Tony Arcieri
2d9a2632a7 Keywords 
Documents the new `keywords` attribute and adds keywords to all current
advisories. These can be consumed by the web UI.
 2018-07-24 16:02:35 -07:00
Tony Arcieri
ac0e00251b Merge pull request #49 from RustSec/affected-platforms 
Affected Platforms
 2018-07-24 15:58:57 -07:00
Tony Arcieri
2632340526 Affected Platforms 
Documents the use of the `affected_platforms` attribute in advisories,
and adds it to a relevant advisory.
 2018-07-24 15:53:43 -07:00
Tony Arcieri
20d789b68d Merge pull request #48 from RustSec/cleanups 
Documentation cleanups
 2018-07-24 15:42:18 -07:00
Tony Arcieri
ad872b63b2 README.md: Move title/description up in advisory example 2018-07-24 15:36:23 -07:00
Tony Arcieri
0a4f0ee960 CONTRIBUTING.md: Fix link 2018-07-24 15:35:07 -07:00
Tony Arcieri
085b3a4eb6 Merge pull request #47 from RustSec/rustsec-0-8 
Upgrade to rustsec 0.8
 2018-07-24 15:34:04 -07:00
Tony Arcieri
f7e514c0c8 Upgrade to rustsec 0.8 
Adds support for `affected_platforms` and `keywords` attributes on
security advisories.
 2018-07-24 15:28:57 -07:00
Tony Arcieri
c791a95146 Merge pull request #18 from RustSec/hyper-hostname-verification 
Advisory: hyper HTTPS MitM due to lack of hostname verification
 2018-07-24 12:39:00 -07:00
Tony Arcieri
07219b8d17 Assign RUSTSEC-2016-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/18
 2018-07-24 12:33:49 -07:00
Tony Arcieri
8678a77455 Advisory: hyper HTTPS MitM due to lack of hostname verification 2018-07-24 12:03:59 -07:00
Tony Arcieri
68c1d72384 Merge pull request #19 from RustSec/rust-openssl-hostname-verification 
Advisory: rust-openssl hostname verification
 2018-07-24 11:05:31 -07:00
Tony Arcieri
09e3a9eb76 Assign RUSTSEC-2016-0001 to openssl 
Original PR:

https://github.com/RustSec/advisory-db/pull/19
 2018-07-24 10:48:20 -07:00
Tony Arcieri
72a4178ca1 Advisory: openssl <0.9.0 may be vulnerable to MitM due to weak defaults 2018-07-24 10:47:29 -07:00
Tony Arcieri
607d038c42 Merge pull request #46 from RustSec/readme-template-fixups 
README.md: Fixups for TOML template
 2018-07-24 08:20:29 -07:00
Tony Arcieri
9c2f9c39a7 README.md: Fixups for TOML template 
Add `id` field, cleanup comments, mandatory/optional notes, and ordering
 2018-07-24 08:07:28 -07:00
Tony Arcieri
ad30725335 Merge pull request #45 from RustSec/readme-cleanups 
README.md: Better highlight cargo-audit and cleanup copy
 2018-07-23 17:31:28 -07:00
Tony Arcieri
992eff3473 README.md: Better highlight cargo-audit and cleanup copy 2018-07-23 17:26:14 -07:00
Tony Arcieri
278cd5b7ce Merge pull request #44 from RustSec/readme-vuln-reporting 
README.md: Add vuln reporting instructions
 2018-07-23 16:42:13 -07:00
Tony Arcieri
5afa669831 README.md: Add vuln reporting instructions 2018-07-23 16:35:33 -07:00
Tony Arcieri
50686ad52d Merge pull request #43 from RustSec/contributing 
CONTRIBUTING.md: Vulnerability reporting instructions and criteria
 2018-07-23 14:10:50 -07:00
Tony Arcieri
2505020c63 CONTRIBUTING.md: Vulnerability reporting instructions and criteria 
This is long overdue! (see #25) It provides basic instructions for
filing advisories against the database, and also some guidelines
for what types of vulnerabilities qualify.
 2018-07-23 13:44:47 -07:00
Tony Arcieri
bb7ef0697c Merge pull request #42 from RustSec/convert-check-to-bin 
Convert CI check process to use a bin instead of testing a lib
 2018-07-23 12:36:02 -07:00
Tony Arcieri
b139f2db89 Convert CI check process to use a bin instead of testing a lib 
This allows us to add some additional commands to the Rust-based part of
this crate.
 2018-07-23 12:28:10 -07:00
Tony Arcieri
187c9feef5 Merge pull request #41 from RustSec/readme-gitter-badge 
README.md: Add gitter badge
 2018-07-23 11:42:35 -07:00
Tony Arcieri
2777a29883 README.md: Add gitter badge 2018-07-23 11:34:22 -07:00
Tony Arcieri
ffbf3cf971 Merge pull request #40 from RustSec/rustsec-0-7 
Update 'rustsec' crate to 0.7
 2018-07-22 17:59:28 -07:00
Tony Arcieri
f5d0ea12a2 Update 'rustsec' crate to 0.7 2018-07-22 17:51:45 -07:00
Tony Arcieri
5920a40e72 Merge pull request #39 from RustSec/rustsec-0-7-0-alpha3 
Update to 'rustsec' crate v0.7.0-alpha3
 2018-07-22 13:38:25 -07:00
Tony Arcieri
f9af1317ac Update to 'rustsec' crate v0.7.0-alpha3 
Testing the alpha crate on the live repository prior to a final release
 2018-07-22 13:29:03 -07:00
Tony Arcieri
cd58ff39f8 Merge pull request #38 from RustSec/remove-dwf-tag-in-favor-of-aliases 
Rename "dwf" TOML tag to "aliases" (closes #36)
 2018-07-21 20:12:38 -07:00
Tony Arcieri
cb81d3ceaa Rename "dwf" TOML tag to "aliases" (closes #36) 
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
 2018-07-21 19:47:30 -07:00
Tony Arcieri
cf97bdac6e Merge pull request #37 from RustSec/add-ids-to-all-advisories 
crates: Add 'id' attribute to all advisories
 2018-07-21 15:31:29 -07:00
Tony Arcieri
79fd13ac6f crates: Add 'id' attribute to all advisories 
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
 2018-07-21 15:22:39 -07:00
Tony Arcieri
953f4ca263 Merge pull request #35 from mbrubeck/smallvec 
More patched versions released for smallvec
 2018-07-20 10:38:02 -07:00
Matt Brubeck
194883b71e More patched versions released for smallvec 2018-07-20 10:31:28 -07:00
Tony Arcieri
f5cba30107 Merge pull request #33 from RustSec/maintained-badge 
README.md: Add a 'maintained' shield from shields.io
 2018-07-19 20:26:04 -07:00
Tony Arcieri
2c7428eeaf README.md: Add a 'maintained' shield from shields.io 2018-07-19 20:01:05 -07:00
Tony Arcieri
5036eee5ae Merge pull request #32 from RustSec/code-of-conduct 
Adopt the Contributor Covenant (version 1.4)
 2018-07-19 19:41:37 -07:00
Tony Arcieri
faf18b8d1d Adopt the Contributor Covenant (version 1.4) 
https://www.contributor-covenant.org/
 2018-07-19 19:34:09 -07:00
Tony Arcieri
81d7c1feda Merge pull request #31 from RustSec/fix-rustsec-2018-0002 
Advisories.toml: Fix RUSTSEC-2018-0002
 2018-07-19 19:31:25 -07:00
Tony Arcieri
0a1d62c88d Advisories.toml: Fix RUSTSEC-2018-0002 
`RUSTSEC-2018-0002` was previously assigned to `tar`, but never added to
`Advisories.toml`.

The merge workflow for this could definitely use some
improvements/automation.
 2018-07-19 19:26:08 -07:00
Tony Arcieri
7855ffa911 Assign RUSTSEC-2018-0003 to smallvec 
Original PR:

https://github.com/RustSec/advisory-db/pull/30
 2018-07-19 19:20:54 -07:00
Tony Arcieri
569e6ad8b0 Merge pull request #30 from mbrubeck/smallvec 
Advisory: Possible double free in SmallVec::insert_many
 2018-07-19 19:00:02 -07:00
Matt Brubeck
fd11c62bc5 Advisory: Possible double free in SmallVec::insert_many 
For details, see:

* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
 2018-07-19 15:00:38 -07:00