OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
434 Commits 1 Branch 0 Tags
3aa5df1bbcd710ce6abd4e682e008f445af21472
Commit Graph

434 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
3aa5df1bbc Merge pull request #223 from RustSec/RUSTSEC-2020-0002 
Assign RUSTSEC-2020-0002 to prost
 2020-01-16 13:50:07 -08:00
Tony Arcieri
a5b6099b9d Assign RUSTSEC-2020-0002 to prost 
Original PR: https://github.com/RustSec/advisory-db/pull/222
 2020-01-16 12:52:00 -08:00
Tony Arcieri
35c829803e Merge pull request #222 from dbrgn/prost-stackoverflow 
Add advisory for prost stack overflow
 2020-01-16 12:50:53 -08:00
Danilo Bargen
7a0d254bbe fixup! Add advisory for prost stack overflow 2020-01-16 20:23:41 +01:00
Danilo Bargen
57f553ee45 Add advisory for prost stack overflow 2020-01-16 20:22:21 +01:00
Tony Arcieri
4d051434f0 Merge pull request #221 from roy-work/roy/fix-http-affected-ranges 
Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20
 2020-01-09 14:56:31 -05:00
Roy Wellington Ⅳ
200651cff2 Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 
I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: https://github.com/hyperium/http/issues/352
In that bug, the fixing PR was https://github.com/hyperium/http/pull/360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: 81ceb611cf

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http #354 and http #355.

For the first: the issue: https://github.com/hyperium/http/issues/354
In that bug, the fixing PR was https://github.com/hyperium/http/pull/357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: 82d53dbdfd

For the second: the issue: https://github.com/hyperium/http/issues/355
In that bug, the fixing PR was https://github.com/hyperium/http/pull/362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: 8ffe094df1
 2020-01-09 12:20:27 -05:00
Tony Arcieri
289948245e Merge pull request #220 from RustSec/RUSTSEC-2019-0034 
Assign RUSTSEC-2019-0034 to http
 2020-01-09 12:09:54 -05:00
Tony Arcieri
526892a193 Assign RUSTSEC-2019-0034 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/218
 2020-01-09 11:24:52 -05:00
Tony Arcieri
2aad27e243 Merge pull request #218 from Qwaz/http2 
Add advisory for hyperium/http/issues/354,355
 2020-01-09 11:20:19 -05:00
Tony Arcieri
52e0b4e186 Merge branch 'master' into http2 2020-01-09 10:49:26 -05:00
Tony Arcieri
f35bd92631 Merge pull request #219 from RustSec/RUSTSEC-2019-0033 
Assign RUSTSEC-2019-0033 to http
 2020-01-09 10:49:07 -05:00
Tony Arcieri
0e59ecb72d Assign RUSTSEC-2019-0033 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/217
 2020-01-09 10:37:55 -05:00
Tony Arcieri
8c9c29bbb7 Merge pull request #217 from Qwaz/http1 
Add advisory for hyperium/http/issues/352
 2020-01-09 10:27:46 -05:00
Yechan Bae
ba2df66b30 hyperium/http/issues/354,355 2020-01-09 00:48:06 -05:00
Yechan Bae
36b8de692c hyperium/http/issues/352 2020-01-09 00:45:59 -05:00
Tony Arcieri
891a872b73 Merge pull request #216 from RustSec/RUSTSEC-2020-0001 
Assign RUSTSEC-2020-0001 to trust-dns-server
 2020-01-07 13:17:58 -05:00
Tony Arcieri
e043405eab Assign RUSTSEC-2020-0001 to trust-dns-server 
Original PR: https://github.com/RustSec/advisory-db/pull/215
 2020-01-07 12:57:20 -05:00
Tony Arcieri
628f821b2d Merge pull request #215 from bluejekyll/master 
trust-dns-server additionals processing overflows stack
 2020-01-07 12:55:49 -05:00
Benjamin Fry
1af3b6eea6 trust-dns-server additions processing overflows stack 2020-01-06 13:12:19 -08:00
Tony Arcieri
4a7d05d5d8 Merge pull request #214 from RustSec/readme/bump-maintained-date 
README.md: Bump maintained date to Q1 2020
 2020-01-03 14:06:13 -05:00
Tony Arcieri
b1c200fb52 README.md: Bump maintained date to Q1 2020 2020-01-03 13:49:23 -05:00
Tony Arcieri
5ca94a4b4a Merge pull request #213 from RustSec/RUSTSEC-2019-0031/add-conquer-once 
RUSTSEC-2019-0031: add `conquer-once` as an alternative to `spin`
 2020-01-03 13:48:13 -05:00
Tony Arcieri
694f07e241 RUSTSEC-2019-0031: add conquer-once as an alternative to spin 
https://github.com/oliver-giersch/conquer-once
 2020-01-03 13:32:51 -05:00
Tony Arcieri
d96db2b3d6 Merge pull request #211 from basvandijk/RUSTSEC-2019-0023-string-interner-0.6.4 
string-interner-0.6.4 also fixes RUSTSEC-2019-0023
 2019-12-21 08:30:20 -08:00
Bas van Dijk
158c986aa4 string-interner-0.6.4 also fixes RUSTSEC-2019-0023 
The fix https://github.com/Robbepop/string-interner/pull/10
released in 0.7.1 was also backported to the 0.6 release line in
https://github.com/Robbepop/string-interner/pull/14 and released in 0.6.4.
 2019-12-21 11:43:05 +01:00
Tony Arcieri
7bc1753de3 Merge pull request #209 from RustSec/RUSTSEC-2019-0032 
Assign RUSTSEC-2019-0032 to crust
 2019-12-17 07:43:10 -08:00
Tony Arcieri
c2c2e8e1a7 Assign RUSTSEC-2019-0032 to crust 
Original PR: https://github.com/RustSec/advisory-db/pull/204
 2019-12-17 07:32:36 -08:00
Tony Arcieri
63f1b5f0cd Merge pull request #208 from RustSec/RUSTSEC-2019-0031/spin 
Assign RUSTSEC-2019-0031 to spin
 2019-12-17 07:08:45 -08:00
Tony Arcieri
91b9e060e2 Assign RUSTSEC-2019-0031 to spin 
Unmaintained per its author:

https://github.com/mvdnes/spin-rs/commit/7516c80
 2019-12-17 06:42:04 -08:00
Tony Arcieri
159a7a3b55 Merge pull request #204 from simlay/crust-archived 
Added RUSTSEC advisory for crust as an archived/unmaintained.
 2019-11-21 16:38:17 -08:00
Sebastian Imlay
366505b01b Added RUSTSEC advisory for crust as an unmaintained. 2019-11-21 16:08:53 -08:00
Tony Arcieri
6957957ea1 Merge pull request #203 from omarabid/patch-1 
fix typo in Readme
 2019-11-13 06:36:44 +01:00
Abid Omar
7f4c2e1863 fix typo in Readme 2019-11-11 21:04:03 +01:00
Tony Arcieri
f9cd955852 Merge pull request #202 from RustSec/RUSTSEC-2019-0030 
Assign RUSTSEC-2019-0030 to streebog
 2019-11-07 08:33:52 -08:00
Tony Arcieri
c762d41313 Assign RUSTSEC-2019-0030 to streebog 
Original PR: https://github.com/RustSec/advisory-db/pull/201
 2019-11-07 08:16:46 -08:00
Tony Arcieri
cd6c47bc90 Merge pull request #201 from newpavlov/streebog1 
Add an advisory for streebog bug
 2019-11-06 11:41:53 -08:00
newpavlov
34eb710de5 fix description 2019-11-06 19:49:57 +03:00
newpavlov
7786157156 add an advisory for streebog bug 2019-11-06 19:47:35 +03:00
Tony Arcieri
61f0800fb0 Merge pull request #200 from brycx/orion-alternative 
rust-crypto: Add orion as alternative
 2019-11-04 17:16:17 -08:00
brycx
9a3a5743c0 No IETF on XChaCha20 variant 2019-11-04 19:53:43 +01:00
brycx
c8f2bccd72 rust-crypto: Add orion as alternative 2019-11-04 15:49:50 +01:00
Tony Arcieri
edca2c5ae0 Merge pull request #199 from RustSec/chacha20/counter-overflow 
chacha20: Add counter overflow advisory
 2019-10-23 11:07:55 -07:00
Tony Arcieri
ab01fe3e28 Assign RUSTSEC-2019-0029 to chacha20 2019-10-23 10:56:18 -07:00
Tony Arcieri
0f1e1885db chacha20: Add counter overflow advisory 
Upstream issue: https://github.com/RustCrypto/stream-ciphers/pull/64
 2019-10-23 10:37:38 -07:00
Tony Arcieri
b810ef0f6b Merge pull request #197 from nagisa/flatbuffers 
Add a flatbuffers unsound code advisory
 2019-10-23 09:25:10 -07:00
Tony Arcieri
d520ed489c Assign RUSTSEC-2019-0028 to flatbuffers 2019-10-23 09:11:16 -07:00
Simonas Kazlauskas
2a867650cb Add a flatbuffers unsound code advisory 2019-10-20 20:30:18 +03:00
Tony Arcieri
21ec94a22f Merge pull request #196 from kpp/patch-1 
Update RUSTSEC-2019-0026.toml
 2019-10-19 20:35:02 -07:00
Roman Proskuryakov
73c772d878 Update RUSTSEC-2019-0026.toml 2019-10-20 02:04:21 +03:00