OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,635 Commits 1 Branch 0 Tags
30e1ac3cd559b348b797532a4a0d7fe20741d4e5
Commit Graph

1635 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Malobre
30e1ac3cd5 Create RUSTSEC-0000-0000.md (#1236) 2022-05-11 21:41:08 +02:00
github-actions[bot]
eb8c788bc0 Assigned RUSTSEC-2022-0022 to hyper (#1235) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 20:45:40 +02:00
Ralf Jung
6b7b129aef add hyper advisory (#1232) 2022-05-10 20:42:51 +02:00
github-actions[bot]
e78650dfe3 Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 17:20:48 +02:00
Ralf Jung
bf2e0598f5 add crossbeam advisories for incorrect (unsound) zeroed memory (#1231) 
* add crossbeam queue advisory

* also add crossbeam-channel issue
 2022-05-10 17:04:04 +02:00
github-actions[bot]
7975ad680c Assigned RUSTSEC-2022-0018 to totp-rs (#1230) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-09 20:08:13 +02:00
Cléo Rebert
fa5b6696cf Possible timing attack in totp-rs (#1229) 
* Create RUSTSEC-0000-0000.md

* Fix [affected.functions]
 2022-05-09 20:03:01 +02:00
Tony Arcieri
2875efb2f1 HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192) 
Initial guide on policy around what RustSec considers to be an
unmaintained crate as well as the policy for filing an advisory
 2022-05-01 14:16:16 -06:00
github-actions[bot]
83c13d8c0a Assigned RUSTSEC-2022-0017 to array-macro (#1225) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-04-27 21:05:18 +02:00
Konrad Borowski
c29b239a56 Add advisory for using impure constants in array-macro (#1224) 2022-04-27 19:55:44 +02:00
dylni
b2ba503c74 Add patch version for fruity (#1223) 2022-04-19 02:03:30 +02:00
Sergey "Shnatsel" Davidoff
00a1687a13 Update RUSTSEC-2020-0071.md (#1222) 2022-04-18 03:32:20 +02:00
Nikhil Benesch
ce150ef8cb RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220) 
As far as I can tell, v0.10.0+ was not affected by this bug [0]. The commit which
fixes the unsoundness landed in main before v0.10.0 was released.

[0]: 9d4342c5ff
 2022-04-05 17:24:42 +02:00
github-actions[bot]
fdc6858e60 Assigned RUSTSEC-2022-0016 to wasmtime (#1218) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-03-31 18:54:54 -04:00
Nick Fitzgerald
e6248efe2a Add CVE-2022-24791 for Wasmtime (#1217) 
* Add CVE-2022-24791 for Wasmtime

* Update CVE-2022-24791

* Update crates/wasmtime/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2022-03-31 18:41:14 -04:00
github-actions[bot]
1aca83f114 Assigned RUSTSEC-2022-0015 to pty (#1215) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-22 08:52:42 -06:00
Arne Beer
64335d3028 Add unmaintained advisory for pty (#1213) 2022-03-22 08:37:21 -06:00
github-actions[bot]
67704dcc47 Assigned RUSTSEC-2022-0014 to openssl-src (#1211) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-16 10:05:15 -04:00
Alexis Mousset
fe9edcce36 Add CVE-2022-0778 for openssl-src (#1210) 2022-03-16 08:00:11 -06:00
github-actions[bot]
81e4691173 Assigned RUSTSEC-2022-0013 to regex (#1208) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-08 08:14:30 -07:00
Pietro Albini
33aa20762e add cve-2022-24713 (#1207) 2022-03-08 08:09:59 -07:00
Sergey "Shnatsel" Davidoff
a4120c1dce mark RUSTSEC-2021-0019 fixed, add references (#1206) 
* Add references URLs to RUSTSEC-2021-0019

* update links to rust-x-bindings/ instead of rtbo/ which 404

* Fixed in v1.0
 2022-03-06 12:11:48 +01:00
Sergey "Shnatsel" Davidoff
5bf3891522 RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200) 
The author of `recursive_referene` has reached out to me and clarified that it does not serve the same use cases as `rental`
 2022-03-06 12:02:04 +01:00
github-actions[bot]
d5b3ecf4b5 Assigned RUSTSEC-2022-0012 to arrow2 (#1205) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-03-04 19:17:34 +01:00
Jorge Leitao
7b3eed6924 Added advisory for arrow2::ffi::Ffi_ArrowArray double free (#1204) 
* Added advisory for Arrow2 FFI_ArrowArray

* add "memory-corruption" category

* Fix version

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-03-04 19:08:01 +01:00
github-actions[bot]
616ecfe7a3 Assigned RUSTSEC-2022-0011 to rust-crypto (#1202) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-01 09:17:42 -07:00
Max Dymond
6ffb74d491 rust-crypto: miscomputation when performing AES encryption (#1201) 2022-03-01 09:15:40 -07:00
Sebastian Klose
0ff38eb722 Update RUSTSEC-2020-0150.md (#1199) 
This CVE has been fixed in version 0.3. Please see https://github.com/sklose/disrustor/issues/1 for details.
 2022-02-21 16:23:42 -05:00
github-actions[bot]
6627556189 Assigned RUSTSEC-2022-0010 to enum-map (#1198) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-18 23:15:59 +01:00
Konrad Borowski
52b96a91c2 Add unsoundness advisory for enum-map (#1197) 
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-18 23:00:29 +01:00
Sergey "Shnatsel" Davidoff
97388358de Suggest maintained alternatives for Rental advisory (#1187) 
* Suggest maintained alternatives for Rental advisory

* move `ouroboros` higher on the list as by far the most popular

* add `escher`; thanks to Nick12 for suggesting
 2022-02-09 15:34:03 +01:00
Thomas Eizinger
9079010767 Update RUSTSEC-2022-0009.md (#1186) 
* Update RUSTSEC-2022-0009.md

We published a semver compatible upgrade that includes the security fix.

* A 0.30.x point release has been issued; include it

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-07 15:18:27 +01:00
github-actions[bot]
17946d71c3 Assigned RUSTSEC-2020-0162 to tokio-proto (#1185) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-07 03:25:36 +01:00
Ben Kimock
ff3a52648c Mark tokio-proto as deprecated (#1184) 
* Mark tokio-proto as deprecated

* Note that the repo is archived
 2022-02-07 03:23:42 +01:00
github-actions[bot]
8f550f1235 Assigned RUSTSEC-2022-0009 to libp2p-core (#1183) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-07 01:53:14 +01:00
Thomas Eizinger
ec4cc26a33 Add entry for libp2p-core vulnerability (#1182) 
* Add entry for libp2p-core vulnerability

* Update crates/libp2p-core/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

* Update crates/libp2p-core/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-07 01:49:19 +01:00
Sergey "Shnatsel" Davidoff
b2a864d3d9 Add patched version to DashMap advisory (#1181) 2022-02-06 18:02:38 +01:00
github-actions[bot]
c9a98f3b36 Assigned RUSTSEC-2022-0008 to windows (#1178) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-04 16:22:53 +01:00
Konrad Borowski
989da55082 Add advisory for windows (#1177) 2022-02-04 16:00:05 +01:00
github-actions[bot]
9da1eb7ef4 Assigned RUSTSEC-2022-0007 to qcell (#1172) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-24 18:41:17 +01:00
Jim Peters
3c8a9dc31d Add qcell crate advisory (#1171) 
Co-authored-by: Jim Peters <jim@uazu.net>
 2022-01-24 18:38:17 +01:00
github-actions[bot]
9839c6ee0f Assigned RUSTSEC-2022-0006 to thread_local (#1170) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-24 15:39:43 +01:00
Ibraheem Ahmed
1ecfb4a345 Add advisory for Amanieu/thread_local-rs#33 (#1169) 
* Create RUSTSEC-0000-0000.md

* Correct folder

* Revert "Correct folder"

This reverts commit 0dbbd24844e040f8ed95f21f91740781a3317136.

* Correct package name

Co-authored-by: Sergey "Shnatsel" Davidoff <sdavydov@google.com>
 2022-01-24 15:36:41 +01:00
github-actions[bot]
0ca65bbdd4 Assigned RUSTSEC-2022-0005 to ftd2xx-embedded-hal (#1168) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-22 19:27:42 +01:00
Alex
e8f33f7e5f Add unmaintained crate advisory for ftd2xx-embedded-hal (#1167) 
Has been renamed to `ftdi-embedded-hal`.
 2022-01-22 19:24:21 +01:00
David Pedersen
190dfb9dc6 Update which tower-http versions are affected by RUSTSEC-2021-0135 (#1166) 2022-01-22 16:22:46 +01:00
github-actions[bot]
5a24458fad Assigned RUSTSEC-2022-0004 to rustc-serialize (#1164) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-21 19:16:26 +01:00
5225225
3e6d7719d5 Add advisory for rustc_serialize (#1140) 2022-01-21 19:13:12 +01:00
github-actions[bot]
258329bae6 Assigned RUSTSEC-2020-0161 to array-macro (#1163) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-21 18:52:31 +01:00
Konrad Borowski
d1235dbbd9 Add advisory for array-macro (#1162) 2022-01-21 18:50:20 +01:00