OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 09:36:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
371 Commits 1 Branch 0 Tags
3afc9e6afc59ee4d98fdff370cfd6651b01921ae
Commit Graph

371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
pyfisch
3afc9e6afc Flaw in CBOR deserializer allows stack overflow 2019-10-10 11:43:01 +02:00
Tony Arcieri
0b637794de Merge pull request #187 from RustSec/RUSTSEC-2019-0024 
RUSTSEC-2019-0024: Test advisory for `rustsec-example-crate` (closes #158)
 2019-10-08 18:24:00 -07:00
Tony Arcieri
14f7fd3faa RUSTSEC-2019-0024: Test advisory for rustsec-example-crate 
This is a test advisory useful for verifying RustSec tooling and
vulnerability detection pipelines are working correctly. Aside from
the fact that it is filed against an example crate, it is otherwise
considered by the Advisory Database itself to be a normal security
advisory.

It's filed against `rustsec-example-crate`, an otherwise completely
empty crate with no functionality or code, which has two releases:

- v0.0.1: *vulnerable* according to this advisory
- v1.0.0: *patched* by this advisory

(Technically there is a third release, v0.0.0, which is yanked, but
otherwise identical to the v0.0.1 release)
 2019-10-08 18:11:30 -07:00
Tony Arcieri
27eb3df93e Merge pull request #183 from RustSec/unmaintained-crates/cassandra 
Add unmaintained crate informational advisory: cassandra
 2019-10-08 11:31:20 -07:00
Tony Arcieri
f7581dc887 Assign RUSTSEC-2016-0006 (informational) to cassandra 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/183
 2019-10-08 11:13:07 -07:00
Tony Arcieri
c48b077ec0 Add unmaintained crate informational advisory: cassandra 
No releases since 2016 and no responses from the author about its
maintenance status:

https://github.com/tupshin/cassandra-rs/issues/52

Recommending `cassandra-cpp`, a maintained fork, as a successor:

https://github.com/Metaswitch/cassandra-rs
 2019-10-08 11:12:02 -07:00
Tony Arcieri
9a304ea2c6 Merge pull request #181 from RustSec/unmaintained-crates/rust-crypto 
Add unmaintained crate informational advisory: rust-crypto
 2019-10-08 11:11:06 -07:00
Tony Arcieri
3bcb5ab774 Assign RUSTSEC-2016-0005 (informational) to rust-crypto 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/181
 2019-10-08 10:48:35 -07:00
Tony Arcieri
24df24afec Add unmaintained crate informational advisory: rust-crypto 
No releases since May 2016, no commits since September 2016, with
62 open issues and 37 open PRs.

Author is unresponsive:

https://github.com/DaGenix/rust-crypto/issues/440

Advisory includes a large list of maintained "successor" crates:
`rust-crypto` was a kitchen sink of functionality, so the advisory
contains a list of potential successor crates each with an
algorithm-by-algorithm breakdown of what they support.
 2019-10-08 10:45:01 -07:00
Tony Arcieri
32810e4a91 Merge pull request #182 from RustSec/unmaintained-crates/term 
Add unmaintained crate informational advisory: term
 2019-10-08 10:43:34 -07:00
Tony Arcieri
1092f100f6 Assign RUSTSEC-2018-0015 (informational) to term 
Marking as looking for a new maintainer per:

https://github.com/RustSec/advisory-db/pull/182
 2019-10-08 10:28:47 -07:00
Tony Arcieri
422e3d6514 Add unmaintained crate informational advisory: term 
The author of `term`, @Stebalien, has opened the following GitHub issue
looking for a new maintainer:

https://github.com/Stebalien/term/issues/93

Ideally we can help find one by increasing visibility on this issue.
Otherwise this advisory includes a list of possible alternatives.
 2019-10-08 10:22:23 -07:00
Tony Arcieri
a833c927a8 Merge pull request #186 from RustSec/informational/patched-versions 
Add `patched_versions` to informational advisories
 2019-10-08 07:46:07 -07:00
Tony Arcieri
5b35b71cf7 Add patched_versions to informational advisories 
Its absence breaks older versions of cargo-audit:

    $ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
    error: error loading advisory database: couldn't parse data: missing field `patched_versions` for key `advisory`
    Exited with code 1
 2019-10-08 07:34:43 -07:00
Tony Arcieri
7d1aeeab96 Merge pull request #179 from RustSec/unmaintained-crates/chan 
Add unmaintained crate informational advisory: chan
 2019-10-07 22:16:20 -07:00
Tony Arcieri
a5392f2d08 Assign RUSTSEC-2018-0014 (informational) to chan 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/179
 2019-10-07 22:04:07 -07:00
Tony Arcieri
4d66c1daa0 Add unmaintained crate informational advisory: chan 
Officially deprecated by its author @BurntSushi:

0a5c0d4ad4
 2019-10-07 22:02:21 -07:00
Tony Arcieri
d9a4116eb3 Merge pull request #185 from RustSec/readme/update-build-badge 
README.md: Update build badge
 2019-10-07 21:59:02 -07:00
Tony Arcieri
e949ed8762 README.md: Update build badge 
Using GitHub actions now
 2019-10-07 21:44:57 -07:00
Tony Arcieri
4323de0de1 Merge pull request #180 from RustSec/unmaintained-crates/libusb 
Add unmaintained crate informational advisory: libusb
 2019-10-07 21:36:56 -07:00
Tony Arcieri
590d83fbb6 Assign RUSTSEC-2016-0004 (informational) to libusb 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/180
 2019-10-07 21:23:07 -07:00
Tony Arcieri
b47fff1658 Add unmaintained crate informational advisory: libusb 
No releases since 2016 and no responses from the author about its
maintenance status; with several open PRs and issues:

https://github.com/dcuddeback/libusb-rs/issues/33

Recommending `rusb`, a maintained fork, as a successor:

https://github.com/a1ien/rusb
 2019-10-07 21:22:45 -07:00
Tony Arcieri
e2bfe15a4d Merge pull request #184 from RustSec/github-actions 
Switch to GitHub Actions
 2019-10-07 21:14:56 -07:00
Tony Arcieri
a6400213ca Switch to GitHub Actions 2019-10-07 21:04:16 -07:00
Tony Arcieri
d031744073 Merge pull request #178 from vks/backticks 
Use backticks for escaped characters
 2019-10-07 08:27:20 -07:00
Vinzent Steinberg
2dda7f38b8 Use backticks for escaped characters 2019-10-07 17:05:39 +02:00
Tony Arcieri
5e28b2dfe5 Merge pull request #177 from vks/fix-escapes 
Fix escapes in hyper advisory
 2019-10-07 06:42:01 -07:00
Vinzent Steinberg
5233609919 Fix escapes in hyper advisory 
Fixes #159.
 2019-10-07 15:30:55 +02:00
Tony Arcieri
b6a88434ed Merge pull request #176 from vks/patch-1 
Fix typo
 2019-10-07 06:17:41 -07:00
Vinzent Steinberg
64cec608d3 Fix typo 2019-10-07 15:08:59 +02:00
Tony Arcieri
7d15b28550 Merge pull request #175 from RustSec/CVE-2018-1000810/typo 
CVE-2018-1000810: fix typo
 2019-10-02 12:45:23 -07:00
Tony Arcieri
e82ba1fe35 CVE-2018-1000810: fix typo 2019-10-02 12:19:53 -07:00
Tony Arcieri
2659dc69f7 Merge pull request #174 from RustSec/CVE-2019-16760/fixups 
CVE-2019-16760: update advisory title
 2019-10-02 12:15:04 -07:00
Tony Arcieri
daf03936dd CVE-2019-16760: update advisory title 
Matches the advisory title used for:

https://github.com/rust-lang/rust/security/advisories/GHSA-phjm-8x66-qw4r

Also adds `GHSA-phjm-8x66-qw4r` as an alias
 2019-10-02 12:10:00 -07:00
Tony Arcieri
a4f1c446c9 Merge pull request #172 from RustSec/RUSTSEC-2017-0006 
Assign RUSTSEC-2017-0006 to rmpv
 2019-10-01 08:22:54 -07:00
Tony Arcieri
ca7b554f5b Assign RUSTSEC-2017-0006 to rmpv 
Original PR: https://github.com/RustSec/advisory-db/pull/171
 2019-10-01 08:11:47 -07:00
Tony Arcieri
7da816e509 Merge pull request #171 from dbrgn/rmpv 
Add advisory for DoS vulnerability in rmpv
 2019-10-01 08:06:54 -07:00
Danilo Bargen
57a8cb1eae Add advisory for DoS vulnerability in rmpv 2019-10-01 10:15:06 +02:00
Tony Arcieri
a3b79c053f Merge pull request #170 from RustSec/CVE-2019-16760 
Add CVE-2019-16760: Security advisory for Cargo (2019-09-30)
 2019-09-30 10:10:52 -07:00
Tony Arcieri
a90bcef811 .travis.yml: Don't install rustsec-admin if it's already installed 2019-09-30 09:36:56 -07:00
Tony Arcieri
84423b8605 Add CVE-2019-16760: Security advisory for Cargo (2019-09-30) 
Original announcement: https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ
 2019-09-30 09:24:50 -07:00
Tony Arcieri
5beb8d4305 Merge pull request #169 from RustSec/rustsec-admin 
.travis.yml: Lint with the `rustsec-admin` crate
 2019-09-24 02:52:00 -07:00
Tony Arcieri
f40c350e71 .travis.yml: Lint with the rustsec-admin crate 
https://github.com/RustSec/rustsec-admin
 2019-09-24 02:32:18 -07:00
Tony Arcieri
cd175d416a Merge pull request #167 from RustSec/move-linter-out-of-repo 
Move linter to the `RustSec/rustsec-crate` repo
 2019-09-23 14:54:50 -07:00
Tony Arcieri
a86a4d5783 Move linter to the RustSec/rustsec-crate repo 
The linter has been extracted from this repo into a combined CLI utility
which is available here:

https://github.com/RustSec/rustsec-crate/tree/master/cli
 2019-09-23 14:35:14 -07:00
Tony Arcieri
206598bb68 Merge pull request #166 from RustSec/rustsec/v0.13 
Upgrade to `rustsec` v0.13 final release
 2019-09-23 08:39:21 -07:00
Tony Arcieri
e3c507bdf3 Upgrade to rustsec v0.13 final release 2019-09-23 08:31:33 -07:00
Tony Arcieri
62cf33df70 Merge pull request #165 from RustSec/rustsec/v0.13.0-alpha4 
Upgrade to `rustsec` v0.13.0-alpha4
 2019-09-22 17:14:06 -07:00
Tony Arcieri
3595024657 Upgrade to rustsec v0.13.0-alpha4 2019-09-22 16:56:16 -07:00
Tony Arcieri
5b69b1de70 Merge pull request #164 from RustSec/RUSTSEC-2019-0022/fix-date 
RUSTSEC-2019-0022: Fix date
 2019-09-18 11:56:32 -06:00