OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,373 Commits 1 Branch 0 Tags
40afced5fb3168f7cbd652de6cfbe1b5abe44552
Commit Graph

1373 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
40afced5fb Remove range overlaps, fix some range specifications (#930) 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
 2021-06-04 23:26:23 +02:00
Sergey "Shnatsel" Davidoff
3e51834f36 Make ranges in trust-dns-proto advisory non-overlapping (#929) 2021-06-04 18:38:56 +02:00
github-actions[bot]
aa04921a0e Assigned RUSTSEC-2021-0069 to lettre (#925) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2021-05-22 14:13:18 -04:00
Alexis Mousset
86e2c66460 Add lettre smtp vulnerability (#924) 2021-05-22 14:10:33 -04:00
github-actions[bot]
a845d0a94d Assigned RUSTSEC-2021-0068 to iced-x86 (#923) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-22 08:33:11 -07:00
Tony Arcieri
36bf272ac0 iced-x86: fix lint (#922) 2021-05-22 08:30:07 -07:00
Lander Brandt
23334c682b Add advisory for iced-x86 soundness bug (#914) 
* Add advisory for iced-x86 soundness bug

* Fix template format
 2021-05-22 08:20:37 -07:00
github-actions[bot]
256e923a29 Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-22 17:15:33 +02:00
Alex Gaynor
1c03843321 fixes #915 - remove duplicate word (#916) 2021-05-22 08:06:48 -07:00
Chris Fallin
c8a2c774a3 Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918) 2021-05-22 08:03:45 -07:00
Tony Arcieri
60b9a9e9c3 Bump rustsec-admin to v0.4.3 (#919) 2021-05-22 08:02:36 -07:00
Wei Tang
7e4cbf6107 evm-core: fix crate name (#911) 2021-05-11 18:59:58 -07:00
github-actions[bot]
26467a96c4 Assigned RUSTSEC-2021-0066 to evm (#910) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-11 23:27:39 +02:00
Wei Tang
a7ffa73f48 Add security advisory for evm crate related to memory over-allocation (#909) 2021-05-11 23:23:09 +02:00
Sergey "Shnatsel" Davidoff
bd8a0f6700 Add patched version for kekbit RUSTSEC-2020-0129 (#908) 2021-05-10 10:49:18 +02:00
github-actions[bot]
5b4c4f4d16 Assigned RUSTSEC-2021-0065 to anymap (#907) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-07 17:26:35 -07:00
Erick Tryzelaar
658266f614 anymap is unmaintained (#906) 
It appears that the anymap has been abandoned, and the most recent
released version contains a soundness bug that has been fixed upstream,
but never published to crates.io
 2021-05-07 17:19:04 -07:00
github-actions[bot]
444f649224 Assigned RUSTSEC-2021-0064 to cpuid-bool (#905) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-06 16:45:32 -07:00
Tony Arcieri
01a4733782 Add unmaintained crate advisory for cpuid-bool (#904) 
It has been renamed to `cpufeatures`. See:

https://github.com/RustCrypto/utils/pull/381
 2021-05-06 16:41:05 -07:00
github-actions[bot]
9279d5f03b Assigned RUSTSEC-2021-0063 to comrak (#903) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-04 10:46:29 +02:00
Asherah Connor
e8a9c4346b Add advisory for another comrak XSS (#902) 
Thanks to Sam Sanoop (snoopysecurity) for reporting.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
 2021-05-04 10:45:50 +02:00
Tony Arcieri
f26e762f20 aes* crates: add crate names to advisory titles (#901) 
The previous titles accidentally ommitted the crate names, making them
confusing during reporting.
 2021-05-03 18:28:43 -07:00
github-actions[bot]
106fe13cb4 Assigned RUSTSEC-2021-0062 to miscreant (#900) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 12:05:09 -07:00
Tony Arcieri
fe57ea233a Add unmaintained crate advisory for miscreant (#899) 2021-05-03 12:03:33 -07:00
github-actions[bot]
14077ced71 Assigned RUSTSEC-2021-0061 to aes-ctr (#898) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:33:31 -07:00
Tony Arcieri
acc093457e Add unmaintained crate advisory for aes-ctr (#897) 2021-05-03 11:31:13 -07:00
github-actions[bot]
50c50ed33a Assigned RUSTSEC-2021-0060 to aes-soft (#896) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:19:17 -07:00
Tony Arcieri
91df546267 Add unmaintained crate advisory for aes-soft (#895) 2021-05-03 11:17:47 -07:00
github-actions[bot]
55c7b80657 Assigned RUSTSEC-2021-0059 to aesni (#894) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:14:14 -07:00
Tony Arcieri
0d0acd8f42 Add unmaintained crate advisory for aesni (#893) 2021-05-03 11:13:16 -07:00
Tony Arcieri
c91631243e Bump rustsec-admin to v0.4.2 (#892) 
This includes an atom feed generator:

https://github.com/RustSec/rustsec-admin/pull/142
 2021-05-03 08:26:22 -07:00
github-actions[bot]
c8f399d86d Assigned RUSTSEC-2021-0058 to openssl-src (#890) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 14:15:00 +02:00
Alexis Mousset
eed48b9a15 Add CVE-2021-23841 for openssl-src (#888) 2021-05-01 14:11:36 +02:00
github-actions[bot]
d2a673c64c Assigned RUSTSEC-2021-0057 to openssl-src (#889) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 14:09:23 +02:00
Alexis Mousset
35792564ac Add CVE-2021-23840 for openssl-src (#887) 2021-05-01 14:08:48 +02:00
github-actions[bot]
d824e5d5c0 Assigned RUSTSEC-2021-0056 to openssl-src (#886) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 10:50:50 +02:00
Alexis Mousset
ee38ef509c Add CVE-2021-3450 for openssl-src (#883) 2021-05-01 10:32:22 +02:00
github-actions[bot]
e4e343b7b0 Assigned RUSTSEC-2021-0055 to openssl-src (#884) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 10:32:12 +02:00
Alexis Mousset
43778319e4 Add CVE-2021-3449 for openssl-src (#882) 2021-05-01 10:30:25 +02:00
Tony Arcieri
3dcdf93d52 Bump rustsec-admin to v0.4.1 (#881) 
This includes improvements to the web site generator:

https://github.com/RustSec/rustsec-admin/pull/133
 2021-04-30 10:28:12 -07:00
github-actions[bot]
db03320a5d Assigned RUSTSEC-2021-0054 to rkyv (#878) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-04-29 11:54:36 +02:00
David Koloski
7086fa22a3 Report rkyv vulnerability (issue rkyv#113) (#877) 
* Report rkyv vulnerability (issue rkyv#113)

* fix category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-04-29 10:40:04 +02:00
Pablo Sichert
5b3dcb83b4 Yank advisories for once-again maintained dirs/directories crates (#876) 2021-04-19 09:31:05 -07:00
Richard Bradfield
60455ec8b1 Mark patched tiny-http version for 2020-0031 (#875) 
* Mark patched tiny-http version for 2020-0031

A backport of the fix for 2020-0031 has been applied to the 0.6.x
branch, starting at 0.6.3, subsequent 0.6 versions are no longer
vulnerable.

* Fix version specification

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-04-16 13:27:30 +02:00
github-actions[bot]
caa2ef87e9 Assigned RUSTSEC-2021-0053 to algorithmica (#874) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-04-15 10:46:46 -07:00
Sergey "Shnatsel" Davidoff
0e059ec673 Merge pull request #873 from RustSec/master 
Mirror algorithmica advisory to `main`
 2021-04-15 18:55:02 +02:00
Sergey "Shnatsel" Davidoff
c9b5bbd2f4 Merge pull request #872 from JOE1994/0163-algorithmica 
algorithmica: 'merge_sort::merge()' crashes with double-free for `T: Drop`
 2021-04-15 18:17:02 +02:00
JOE1994
4b7ea77407 Report 0163-algorithmica to RustSec 2021-04-15 12:00:46 -04:00
Yechan Bae
22b59ea8a3 Add std CVE (#869) 2021-04-13 14:22:28 -07:00
Yechan Bae
ce4db769c2 Update CVE numbers (#870) 2021-04-13 14:10:09 -07:00