OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 07:46:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,670 Commits 1 Branch 0 Tags
36df8a4efc6f2da4ccc7ced0d431136f473b2001
Commit Graph

1670 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
36df8a4efc Assigned RUSTSEC-2022-0034 to pkcs11 (#1283) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-07-25 11:19:15 -06:00
Ionuț Mihalcea
48214447df Add advisory for pkcs11 (#1282) 
Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
 2022-07-23 08:29:34 -06:00
github-actions[bot]
2718c2db84 Assigned RUSTSEC-2022-0033 to openssl-src (#1279) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:48:56 +02:00
Alexis Mousset
d820cf991c Add advisory for openssl CVE-2022-2274 (#1276) 2022-07-05 14:44:40 +02:00
github-actions[bot]
1c17612a36 Assigned RUSTSEC-2022-0032 to openssl-src (#1278) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:44:23 +02:00
Alexis Mousset
6f8de93f84 Add advisory for openssl CVE-2022-2097 (#1277) 2022-07-05 14:33:40 +02:00
github-actions[bot]
b4ed922847 Assigned RUSTSEC-2022-0031 to rulex (#1274) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 22:01:26 +02:00
Evan Richter
d0e82ff0d7 rulex advisory for string indexing panic (#1272) 2022-06-26 21:48:57 +02:00
github-actions[bot]
03ab8e5349 Assigned RUSTSEC-2022-0030 to rulex (#1273) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 21:44:13 +02:00
Evan Richter
c188be71e2 rulex advisory for stack overflow (#1271) 2022-06-26 21:42:00 +02:00
8573
7381319981 Copyedit RUSTSEC-2021-0122 (#1269) 
Apply some copyedits to the text introduced by #1268.  Add a missing
comma; inflect "be" better; and use normal quotation marks rather than
backticks around the word "safe", referring to Safe Rust, as, unlike
`unsafe`, "safe" is not Rust syntax.
 2022-06-25 14:06:03 +02:00
Andrew Lamb
9e0c88bd78 Clarify flatbuffers RUSTSEC-2021-0122.md (#1268) 
It may be hard for non Rust experts to understand what the implications of "is `unsafe` but not marked as such" means

I propose adding some more supporting information
 2022-06-24 16:17:18 +02:00
Sergey "Shnatsel" Davidoff
49fb6c0b94 Revert "Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263)" (#1264) 
This reverts commit 7cbdcd8500.
 2022-06-20 14:19:49 +02:00
pinkforest(she/her)
7cbdcd8500 Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263) 
* Fix advisory openssl-src 111 stream patched

* not a semver

* make 111 affected
 2022-06-17 13:15:51 +02:00
github-actions[bot]
f10f232879 Assigned RUSTSEC-2022-0029 to crossbeam (#1261) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-08 01:12:13 +02:00
Sergey "Shnatsel" Davidoff
e8ef9ea980 Add patched version to im RUSTSEC-2020-0096 (#1259) 2022-06-08 01:10:26 +02:00
Ben Kimock
6a769d1d24 Report data race/memory corruption in crossbeam 0.2 (#1260) 2022-06-08 01:10:09 +02:00
Tony Arcieri
f79eb4bad9 Revert "Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242)" (#1258) 
This reverts commit a47cd63007.

The advisory was withdrawn based on discussions around whether read-only
environment variable access constitutes a vulnerability.

However, per the `time` crate's author @jhpratt, the crate also modifies
the environment and therefore the advisory should *not* be withdrawn:

https://github.com/rustsec/advisory-db/pull/1242#issuecomment-1144903688
 2022-06-02 08:37:44 -06:00
github-actions[bot]
29281434b7 Assigned RUSTSEC-2022-0028 to neon (#1257) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-05-23 16:11:11 -04:00
K.J. Valencik
b3bf55706f Use after free in Neon externally allocated JavaScript buffers (#1256) 2022-05-23 16:05:22 -04:00
Tony Arcieri
ef71758448 README.md: maintained as of Q2 2022 2022-05-23 08:11:59 -06:00
Tony Arcieri
c1d94fd681 Bump rustsec-admin to v0.7.0 (#1255) 
Release notes: https://github.com/rustsec/rustsec/pull/575
 2022-05-23 07:50:54 -06:00
Ralf Jung
b4d8786707 fix hyper patched version number (#1250) 2022-05-20 13:16:20 +02:00
Alexis Mousset
0abe74330b Fix category of RUSTSEC-2022-0025 (#1249) 2022-05-19 22:32:59 +02:00
github-actions[bot]
bdc5813f40 Assigned RUSTSEC-2022-0027 to openssl-src (#1248) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:41:25 +02:00
Alexis Mousset
c9177664c2 Add advisory for openssl CVE-2022-1343 (#1243) 2022-05-19 19:39:38 +02:00
github-actions[bot]
52b29cd771 Assigned RUSTSEC-2022-0026 to openssl-src (#1247) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:39:22 +02:00
Alexis Mousset
999edf8809 Add advisory for openssl CVE-2022-1434 (#1244) 2022-05-19 19:37:32 +02:00
github-actions[bot]
4e24c897b5 Assigned RUSTSEC-2022-0025 to openssl-src (#1246) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:37:21 +02:00
Alexis Mousset
e1e8e92e89 Add advisory for openssl CVE-2022-1473 (#1245) 2022-05-19 19:35:53 +02:00
David Knaack
a47cd63007 Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242) 2022-05-13 12:27:52 -06:00
Tony Arcieri
ca1383b258 Withdraw RUSTSEC-2020-0159: unsound localtime_r call in chrono (#1241) 
Per rustsec/advisory-db#1190, it would be good to move to a policy where
we don't file advisories against crates which perform unsynchronized
reads from the process environment, and instead focus only on crates
which modify the process environment in an unsynchronized manner.
 2022-05-12 09:45:54 -06:00
github-actions[bot]
ba96a13792 Assigned RUSTSEC-2022-0024 to double-checked-cell (#1240) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 23:13:02 +02:00
Niklas Fiekas
0653c8f324 Self-report double-checked-cell as unmaintained (#1239) 2022-05-11 23:05:53 +02:00
github-actions[bot]
7b009b96f7 Assigned RUSTSEC-2022-0023 to static_type_map (#1238) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 21:44:11 +02:00
Malobre
30e1ac3cd5 Create RUSTSEC-0000-0000.md (#1236) 2022-05-11 21:41:08 +02:00
github-actions[bot]
eb8c788bc0 Assigned RUSTSEC-2022-0022 to hyper (#1235) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 20:45:40 +02:00
Ralf Jung
6b7b129aef add hyper advisory (#1232) 2022-05-10 20:42:51 +02:00
github-actions[bot]
e78650dfe3 Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 17:20:48 +02:00
Ralf Jung
bf2e0598f5 add crossbeam advisories for incorrect (unsound) zeroed memory (#1231) 
* add crossbeam queue advisory

* also add crossbeam-channel issue
 2022-05-10 17:04:04 +02:00
github-actions[bot]
7975ad680c Assigned RUSTSEC-2022-0018 to totp-rs (#1230) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-09 20:08:13 +02:00
Cléo Rebert
fa5b6696cf Possible timing attack in totp-rs (#1229) 
* Create RUSTSEC-0000-0000.md

* Fix [affected.functions]
 2022-05-09 20:03:01 +02:00
Tony Arcieri
2875efb2f1 HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192) 
Initial guide on policy around what RustSec considers to be an
unmaintained crate as well as the policy for filing an advisory
 2022-05-01 14:16:16 -06:00
github-actions[bot]
83c13d8c0a Assigned RUSTSEC-2022-0017 to array-macro (#1225) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-04-27 21:05:18 +02:00
Konrad Borowski
c29b239a56 Add advisory for using impure constants in array-macro (#1224) 2022-04-27 19:55:44 +02:00
dylni
b2ba503c74 Add patch version for fruity (#1223) 2022-04-19 02:03:30 +02:00
Sergey "Shnatsel" Davidoff
00a1687a13 Update RUSTSEC-2020-0071.md (#1222) 2022-04-18 03:32:20 +02:00
Nikhil Benesch
ce150ef8cb RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220) 
As far as I can tell, v0.10.0+ was not affected by this bug [0]. The commit which
fixes the unsoundness landed in main before v0.10.0 was released.

[0]: 9d4342c5ff
 2022-04-05 17:24:42 +02:00
github-actions[bot]
fdc6858e60 Assigned RUSTSEC-2022-0016 to wasmtime (#1218) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-03-31 18:54:54 -04:00
Nick Fitzgerald
e6248efe2a Add CVE-2022-24791 for Wasmtime (#1217) 
* Add CVE-2022-24791 for Wasmtime

* Update CVE-2022-24791

* Update crates/wasmtime/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2022-03-31 18:41:14 -04:00