OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 09:10:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,726 Commits 1 Branch 0 Tags
3ee42e2f72b278f85baa54b22ff8211c8a1fff22
Commit Graph

1177 Commits

Author SHA1 Message Date
github-actions[bot]
3ee42e2f72 Assigned RUSTSEC-2022-0047 to oqs (#1345) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:57:37 +02:00
Thom Wiggers
e6ddcfcd98 oqs: PQC signature scheme Rainbow level I parameterset broken (#1337) 2022-08-11 15:54:17 +02:00
Thom Wiggers
cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340) 
* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose
 2022-08-11 15:45:48 +02:00
github-actions[bot]
db3a09a691 Assigned RUSTSEC-2022-0046 to rocksdb (#1344) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:30:57 +02:00
Niklas Fiekas
94e8af7c0c Add out-of-bounds read advisory for rocksdb (#1237) 2022-08-11 15:30:02 +02:00
github-actions[bot]
0846a34539 Assigned RUSTSEC-2021-0137 to sodiumoxide (#1342) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-10 14:01:59 +10:00
pinkforest(she/her)
8c0fc9759b Add sodiumoxide unmaintained (#1334) 
* Add sodiumoxide unmaintained

* dryoc url

* Add Awesome Rust Cryptography

* Address @tarcieri feedback :thumbsUp:

* Add singatory and ring

* Add Ed25519 libs
 2022-08-10 14:01:23 +10:00
github-actions[bot]
8c261ff246 Assigned RUSTSEC-2022-0045 to oqs (#1339) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-09 12:26:05 +02:00
Thom Wiggers
6629c1333a oqs: SIKE and SIDH are insecure (#1338) 2022-08-09 12:24:53 +02:00
github-actions[bot]
744a565d54 Assigned RUSTSEC-2018-0022 to temporary (#1331) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 21:03:27 +10:00
5225225
bacc597558 Add advisory for temporary (#1196) 
Thanks @5225225
 2022-08-08 21:02:14 +10:00
github-actions[bot]
19bb42eae6 Assigned RUSTSEC-2022-0044 to markdown (#1330) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 20:21:17 +10:00
Dylan Anthony
f3a8bd7e5b List markdown as unmaintained (#1191) 
* List `markdown` as unmaintained

The `markdown` crate is, naturally, the first one that comes up if you're searching crates.io for "markdown". Unfortunately, that particular crate has not received any updates since November of 2020 despite several known issues with open PRs. I opened https://github.com/johannhof/markdown.rs/issues/48 to request an update on maintenance status nearing a month ago and have no heard anything back.
 2022-08-08 20:20:28 +10:00
pinkforest(she/her)
3b3160baec Fix async-graphql patched (#1326) 2022-08-06 16:41:24 +10:00
pinkforest(she/her)
bd30502590 Move tower-http out from year 2021 (#1319) 
* Move tower-http out from year 2021

* Yank tower-http 2021
 2022-08-05 00:07:54 +02:00
github-actions[bot]
cfdc01461d Assigned RUSTSEC-2022-0043 to tower-http (#1321) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-05 00:07:43 +02:00
pinkforest(she/her)
2827f80af4 Add tower-http 2022 version (#1320) 2022-08-05 00:06:52 +02:00
github-actions[bot]
0db59724bf Assigned RUSTSEC-2022-0042 to rustdecimal (#1318) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-04 23:10:46 +02:00
pinkforest(she/her)
4f53bcba87 Add malicious crate rustdecimal (#1317) 2022-08-04 23:09:40 +02:00
Sergey "Shnatsel" Davidoff
259257927a Revert "Add advisory rustdecimal (#1312)" (#1313) 
This reverts commit 52cb9759dc.
 2022-08-04 22:29:06 +02:00
pinkforest(she/her)
52cb9759dc Add advisory rustdecimal (#1312) 2022-08-04 22:20:29 +02:00
Tony Arcieri
36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
 2022-08-04 13:52:46 -06:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00
pinkforest(she/her)
3ee71b8734 Add Crossbeam AtomicCell<*64> Soundness #1203 (#1304) 
* Add Crossbeam AtomicCell<*64> Soundness #1203
* Address @amousset feedback
 2022-08-04 23:55:01 +10:00
github-actions[bot]
e0c209077f Assigned RUSTSEC-2022-0040 to owning_ref (#1301) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-02 21:47:23 +02:00
Sergey "Shnatsel" Davidoff
ff384c3d46 Initial advisory for owning_ref unsoundness (#1188) 
* Initial advisory for owning_ref unsoundness

* move owning_ref advisory to a subfolder where it belongs

* Add OwningRef::map is unsound to owning_ref

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-02 21:41:46 +02:00
github-actions[bot]
d8dd62801c Assigned RUSTSEC-2021-0136 to sass-rs (#1300) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:19:28 +10:00
Christopher Durham
9b48cb22a1 sass-rs is deprecated (#1228) 
* sass-rs is deprecated

* Fix format
 2022-08-03 04:18:05 +10:00
github-actions[bot]
a36ba66817 Assigned RUSTSEC-2022-0039 to odbc (#1299) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:15:56 +10:00
Bruno Bigras
0387267821 Add unmaintained advisory for odbc (#1151) 
fix #1044
 2022-08-03 04:13:42 +10:00
github-actions[bot]
ec93834e77 Assigned RUSTSEC-2022-0037 to async-graphql, RUSTSEC-2022-0038 to juniper (#1298) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:59:55 +10:00
Dirkjan Ochtman
259863da4f Add advisories for async-graphql/juniper denial of service issues (#1290) 
* Add advisory for async-graphql DoS issue

* Add advisory for juniper DoS issue
 2022-08-03 03:58:29 +10:00
github-actions[bot]
e4ac884b59 Assigned RUSTSEC-2022-0036 to r2d2_odbc (#1297) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:34:36 +10:00
pinkforest(she/her)
c568a8a3bc Fix r2d2_odbc name (#1296) 
* Fix r2d2_odbc name
 2022-08-03 03:32:03 +10:00
Bruno Bigras
d8e134f108 Add unmaintained advisory for r2d2-odbc (#1150) 
fix #1097
 2022-08-03 03:14:56 +10:00
github-actions[bot]
6a31ac7433 Assigned RUSTSEC-2020-0163 to term_size (#1295) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 00:03:23 +10:00
LingMan
b0fc002bcd Add unmaintained advisory for term_size (#1275) 2022-08-03 00:01:14 +10:00
Evan Richter
fdbc12eb9f fix typo in advisory date (#1294) 2022-08-01 18:35:31 -04:00
github-actions[bot]
2618960a7f Assigned RUSTSEC-2022-0035 to websocket (#1293) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-01 21:21:57 +02:00
Vitaly Shukela
7d36edf537 Add advisory for websocket (#1291) 
* Add advisory for websocket

* Update RUSTSEC-0000-0000.md

* Add text to websocket advisory

* Add title to fix CI

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-08-01 21:19:33 +02:00
github-actions[bot]
36df8a4efc Assigned RUSTSEC-2022-0034 to pkcs11 (#1283) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-07-25 11:19:15 -06:00
Ionuț Mihalcea
48214447df Add advisory for pkcs11 (#1282) 
Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
 2022-07-23 08:29:34 -06:00
github-actions[bot]
2718c2db84 Assigned RUSTSEC-2022-0033 to openssl-src (#1279) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:48:56 +02:00
Alexis Mousset
d820cf991c Add advisory for openssl CVE-2022-2274 (#1276) 2022-07-05 14:44:40 +02:00
github-actions[bot]
1c17612a36 Assigned RUSTSEC-2022-0032 to openssl-src (#1278) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:44:23 +02:00
Alexis Mousset
6f8de93f84 Add advisory for openssl CVE-2022-2097 (#1277) 2022-07-05 14:33:40 +02:00
github-actions[bot]
b4ed922847 Assigned RUSTSEC-2022-0031 to rulex (#1274) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 22:01:26 +02:00
Evan Richter
d0e82ff0d7 rulex advisory for string indexing panic (#1272) 2022-06-26 21:48:57 +02:00
github-actions[bot]
03ab8e5349 Assigned RUSTSEC-2022-0030 to rulex (#1273) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 21:44:13 +02:00