OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 23:08:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,071 Commits 1 Branch 0 Tags
3338fcfb59cea5fcd7d2a4e7fe24cbc7cb778003
Commit Graph

2071 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
3338fcfb59 Assigned RUSTSEC-2023-0070 to self_cell (#1820) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-11-11 14:59:01 +00:00
Lukas Bergdoll
0c128ba5cc Add Insufficient covariance check makes self_cell unsound (#1818) 2023-11-11 14:48:23 +00:00
Paolo Barbolini
0f4e16f7cd Add patched version to RUSTSEC-2023-0029 (#1817) 2023-11-08 10:57:41 +01:00
github-actions[bot]
378e212597 Assigned RUSTSEC-2023-0069 to sudo-rs (#1816) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-11-06 12:48:19 +00:00
Meet Patel
6887c29bff sudo-rs: Path Traversal vulnerability (#1814) 2023-11-06 12:47:10 +00:00
Michael Kedar
088ec034cf Remove CVE-2020-25575 from RUSTSEC-2019-0030 aliases (#1815) 
RUSTSEC-2019-0030 doesn't seem to have anything to do with CVE-2020-25575
 2023-11-02 13:03:48 +00:00
Alexander Kjäll
0c251c3c9a add CVE alias to RUSTSEC-2023-0066 (#1811) 2023-10-28 16:16:37 +00:00
github-actions[bot]
57d5993efb Assigned RUSTSEC-2023-0068 to cocoon (#1810) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-10-23 19:38:27 -06:00
Alexander Fadeev
0da5ced09c cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805) 2023-10-23 19:36:07 -06:00
Noam Ta Shma
71d80e811f Updating information about replacements (#1803) 2023-10-14 21:21:18 +00:00
github-actions[bot]
58c33af7fa Assigned RUSTSEC-2023-0067 to fehler (#1801) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-10-14 09:01:02 -06:00
SandaruKasa
184d6c72af fehler is unmaintained (#1800) 2023-10-14 08:50:37 -06:00
github-actions[bot]
da470caa84 Assigned RUSTSEC-2023-0066 to pleaser (#1799) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-10-03 13:53:18 +00:00
Alexander Kjäll
59c41cbaa6 Document the privilege-escalation vulnerability in pleaser. (#1798) 
* Document the privilege-escalation vulnerability in pleaser. Note that the reproducer doesn't work out of the box on a modern kernel, as the ioctl TIOCSTI is disabled by default nowadays

* reviewer feedback: Include a description on how to check if you are vulnerable, fix a typo

* Revert "reviewer feedback: Include a description on how to check if you are vulnerable, fix a typo"

This reverts commit 94a4a83bd3ea0518cd2bc8a670fac1b0405da7ad.

* Fix typo

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-10-03 13:52:15 +00:00
Brian Smith
46754ce937 Update webpki RUSTSEC-2023-0052 advisory. (#1797) 2023-09-30 16:13:23 -04:00
github-actions[bot]
4c60d39456 Assigned RUSTSEC-2023-0065 to tungstenite (#1796) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-29 12:03:03 +00:00
Dirkjan Ochtman
2a2c8a0f01 Create advisory for tungstenite DoS (#1795) 
* Create advisory for tungstenite DoS

* drop empty `keywords` key

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-09-29 12:00:45 +00:00
Max Ammann
9b6403d856 Add patch version (#1794) 2023-09-28 14:31:43 +00:00
Kornel
b2af5ad856 Update info about CVE-2023-5129 (#1793) 2023-09-26 15:50:50 +02:00
Sergey "Shnatsel" Davidoff
8c5609f192 Bump rustsec-admin to 0.8.8 (#1791) 2023-09-25 18:00:04 +00:00
github-actions[bot]
7b510556ab Assigned RUSTSEC-2023-0064 to gix-transport (#1790) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-25 12:04:51 +00:00
Sebastian Thiel
851e5c9638 Add notice to gix-transport crate (#1789) 
* Add vulnerability for gix-transport crate

Reproducer with `gix` (CLI) v0.29

* `gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'`
    - This will launch a calculator on OSX.

Fixed in `gix` (CLI) v0.30.

See https://secure.phabricator.com/T12961 for more details.

This issue was discovered by @vin01 whom I thank for their diligence!

* Add credits to researcher who found the issue: vin01

https://github.com/vin01
 2023-09-25 12:03:35 +00:00
github-actions[bot]
81594d9fd5 Assigned RUSTSEC-2023-0063 to quinn-proto (#1788) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-21 11:37:21 +00:00
Dirkjan Ochtman
69e85eff7f Add advisory for quinn-proto DoS issue (#1787) 2023-09-21 11:30:28 +00:00
github-actions[bot]
12719bd23b Assigned RUSTSEC-2023-0062 to bcder (#1783) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-13 17:52:21 +02:00
Martin Hoffmann
3fefc61182 CVE-2023-39914 in bcder. (#1782) 
* CVE-2023-39914 in bcder.

* Improve advisory data.

* Remove comments.

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-09-13 17:46:14 +02:00
github-actions[bot]
19e0777eb7 Assigned RUSTSEC-2023-0060 to libwebp-sys2, RUSTSEC-2023-0061 to libwebp-sys (#1781) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-09-13 10:10:22 -04:00
Kornel
0636c357b3 CVE-2023-4863 in vendored libwebp (#1780) 2023-09-13 10:09:35 -04:00
Fabio Valentini
1b75b995e7 RUSTSEC-2023-0059: add "uzers" fork as alternative for "users" (#1779) 2023-09-12 12:31:49 -06:00
github-actions[bot]
caa8aa3dd0 Assigned RUSTSEC-2023-0059 to users (#1778) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-09-10 20:57:04 -04:00
David Tolnay
88ef232903 Unaligned read in users crate (#1776) 2023-09-10 20:56:33 -04:00
github-actions[bot]
552ac23f93 Assigned RUSTSEC-2023-0058 to inventory (#1777) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-09-10 20:54:53 -04:00
David Tolnay
65f49796ee Inventory 0.1 is unsound (exposure of non-Sync reference) (#1775) 2023-09-10 20:54:03 -04:00
github-actions[bot]
d30ca83160 Assigned RUSTSEC-2023-0057 to inventory (#1774) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-09-10 19:34:00 +02:00
David Tolnay
ca0b8b9614 Inventory 0.1 is unsound (allows std access before init of Rust runtime) (#1773) 2023-09-10 19:31:21 +02:00
Alexis Mousset
0fcce3f7cb Bump rustsec-admin to 0.8.7 (#1772) 2023-09-08 09:30:37 -06:00
Preston Thorpe
370cdc73f5 add additional replacement for ansi_term (#1768) 
* add additional replacement for ansi_term

* move ansiterm to the top of the list

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-09-07 00:52:31 +02:00
github-actions[bot]
d437be8576 Assigned RUSTSEC-2023-0056 to vm-memory (#1767) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-06 19:18:09 +02:00
Patrick Roy
c9fe870edd Import CVE-2023-41051 as RustSec advisory (#1766) 
Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
 2023-09-06 19:17:14 +02:00
dependabot[bot]
53652d63d2 Bump actions/checkout from 3 to 4 (#1765) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-04 16:33:17 +02:00
github-actions[bot]
8ac7d56b75 Assigned RUSTSEC-2023-0055 to lexical (#1764) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-03 20:18:34 +02:00
Sergey "Shnatsel" Davidoff
a6f3295ed6 Add an advisory for lexical (#1763) 
* Add an advisory for lexical

* fix formatting
 2023-09-03 20:17:39 +02:00
Brian Smith
a6c90b9cd0 Update webpki RUSTSEC-2023-0052 advisory. (#1762) 
* Indicate release version that the fix landed in.
* Remove unnecessary noise from the text.
 2023-08-30 18:01:29 -04:00
Alexis Mousset
cbf97de9b7 Add documentation for advisories licenses (#1761) 2023-08-28 15:52:35 +00:00
Alexis Mousset
65e32a757b Sync advisories ids from GitHub (#1760) 2023-08-27 15:52:52 +00:00
Sandro-Alessio Gierens
d401af5af8 Add jzon as alternative recommendation for json (#1759) 
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
 2023-08-25 17:52:15 +00:00
github-actions[bot]
5373b7ebb0 Assigned RUSTSEC-2023-0054 to mail-internals (#1758) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-08-24 10:21:13 +00:00
наб
3f70263445 mail-internals memory corruption (#1741) 2023-08-24 10:20:06 +00:00
Samuel Moelius
5bde16559d README.md: Link to HOWTO_UNMAINTAINED.md (#1754) 
Closes #1748
 2023-08-23 06:14:50 -06:00
github-actions[bot]
214d69f125 Assigned RUSTSEC-2023-0052 to webpki, RUSTSEC-2023-0053 to rustls-webpki (#1753) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-08-22 12:45:02 +00:00