OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 07:46:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,854 Commits 1 Branch 0 Tags
45a4e9ee37c0e71b4e1e845c0125a662cd096aba
Commit Graph

1854 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
J3rry
45a4e9ee37 Mark v9 patched (#1533) 
* Patch has been made

Refer : 18847c50e5

* Cosmetic fix

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-01-18 22:04:14 +11:00
Jonathan Schwender
432ee92275 Add patched info for RUSTSEC-2022-0079 (elf_rs) (#1534) 
The issue was confirmed to be fixed in v0.3.0 by the person who reported the issue:
https://github.com/vincenthouyi/elf_rs/issues/11#issuecomment-1384624749
 2023-01-18 21:44:23 +11:00
github-actions[bot]
3c72c41322 Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-01-16 20:26:23 +11:00
pinkforest(she/her)
1942335c87 Add parity-util-mem unmaintained (#1528) 2023-01-16 20:24:43 +11:00
github-actions[bot]
bdcf1d329d Assigned RUSTSEC-2021-0146 to twoway (#1529) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-01-15 20:38:43 +11:00
Michał Fita
e1daf6daf9 Add unmaintained twoway (#1435) 
* Deprecation of `twoway` crate

* Address review comments

* Fix lint

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-01-15 20:37:34 +11:00
github-actions[bot]
c5a6230304 Assigned RUSTSEC-2022-0079 to elf_rs (#1527) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-01-15 19:32:04 +11:00
atulkharerivos
c9f4b7f987 Add advisory for elf_rs crate (#1450) 
* Add advisory for elf_rs crate

This adds an advisory for the elf_rs crate.

* Update crates/elf_rs/RUSTSEC-0000-0000.md

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-01-15 19:31:21 +11:00
Meet
39cefc91b1 Update RUSTSEC-2021-0088.md (#1512) 
* Update RUSTSEC-2021-0088.md

Patch has been made refer : https://github.com/jblondin/csv-sniffer/pull/2/

* Update crates/csv-sniffer/RUSTSEC-2021-0088.md

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>

* Update crates/csv-sniffer/RUSTSEC-2021-0088.md

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-01-15 19:14:23 +11:00
github-actions[bot]
e653dbe4cb Assigned RUSTSEC-2022-0078 to bumpalo (#1526) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-01-14 15:39:48 -05:00
David Cook
d69627fe05 Add advisory for bumpalo Vec iterator unsoundness (#1525) 2023-01-14 15:39:14 -05:00
github-actions[bot]
3b705ed68b Assigned RUSTSEC-2022-0077 to claim (#1523) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-01-14 12:10:40 +11:00
Anders Evensen
33b2dd9f49 Report claim as unmaintained. (#1521) 
* Report claim as unmaintained.

* Fix template

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-01-14 12:09:05 +11:00
Luke Parker
7022e53486 Update RUSTSEC-2022-0075.md (#1522) 
* Update RUSTSEC-2022-0075.md

https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf specifies 1.0.2 as patched.

* Correct 1.0 range

* Adjust SemVer lottery

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-01-14 11:56:30 +11:00
Meet
23e305a6bd Update RUSTSEC-2021-0086.md (#1513) 
* Update RUSTSEC-2021-0086.md

The issue is fixed refer : https://github.com/sunrise-choir/flumedb-rs/pull/12

* Update crates/flumedb/RUSTSEC-2021-0086.md

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>

* Update crates/flumedb/RUSTSEC-2021-0086.md

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-01-14 11:30:14 +11:00
Sergey "Shnatsel" Davidoff
25424addbf Yank git2 advisory; reportedly not an issue, pending further investigation (#1520) 
* Yank git2 advisory; reportedly not an issue, pending further investigation

* fix
 2023-01-13 00:13:43 +01:00
github-actions[bot]
96c5b9c888 Assigned RUSTSEC-2023-0002 to git2 (#1519) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-01-12 22:50:29 +01:00
Ian Jackson
6196462c99 Make a RUSTSEC advisory for CVE-2022-46176 (git2-rs, cargo) (#1518) 
* Make a RUSTSEC advisory for CVE-2022-46176 (git2-rs, cargo)

* Fix crate-name

* In fact you can get the cert but only its hash, etc.

* drop empty and commented fields, set crypto-failure category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-01-12 22:49:50 +01:00
github-actions[bot]
0f3a69cc60 Assigned RUSTSEC-2022-0076 to wasmtime (#1517) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-01-12 14:14:43 +01:00
pinkforest(she/her)
0d7190c22f Add CVE-2022-39392 (#1508) 2023-01-12 14:14:04 +01:00
github-actions[bot]
ca75eecb36 Assigned RUSTSEC-2022-0075 to wasmtime (#1516) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-01-12 14:13:49 +01:00
pinkforest(she/her)
f1e7c48600 Add wasmtime CVE-2022-39393 (#1509) 2023-01-12 14:12:31 +01:00
Alexis Mousset
4b4ba5b43b Update to rustsec-admin 0.8.5 (#1515) 2023-01-11 21:14:31 +01:00
pinkforest(she/her)
9e3a6922d5 Add License CC-BY 4.0 Import exemption (#1507) 2023-01-09 09:57:05 -07:00
github-actions[bot]
e1e7758c17 Assigned RUSTSEC-2023-0001 to tokio (#1511) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-01-09 15:15:04 +01:00
pinkforest(she/her)
7b0c697520 Add tokio CVE-2023-22466 (#1510) 
* Add tokio CVE-2023-22466

* Syntax

* Syntax

* Syntax
 2023-01-09 15:08:18 +01:00
github-actions[bot]
6d5b76eb3b Assigned RUSTSEC-2022-0074 to prettytable-rs (#1505) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-12-27 21:48:04 +11:00
davidyo
9db09cf3a8 Add unsound prettytable-rs (#1503) 
* Add unsound infoirmation to prettytable-rs

* Minor fix

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-12-27 21:47:27 +11:00
github-actions[bot]
487a60b7a5 Assigned RUSTSEC-2022-0073 to alloc-cortex-m (#1502) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-12-23 11:46:57 -05:00
Alex Martens
09ad54e872 Add unmaintained crate advisory for alloc-cortex-m (#1496) 
Has been renamed to `embedded-alloc`.
 2022-12-23 11:45:47 -05:00
Alex Gaynor
012643a050 update GHA syntax for deprecation (#1501) 
see https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2022-12-23 15:14:02 +01:00
github-actions[bot]
2b64ec8831 Assigned RUSTSEC-2022-0072 to hyper-staticfile (#1500) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-12-23 08:57:25 -05:00
Stéphan Kochen
23543c1ad1 Add open redirect issue in hyper-staticfile (#1499) 2022-12-23 08:56:26 -05:00
github-actions[bot]
2addcf1133 Assigned RUSTSEC-2022-0071 to rusoto_credential (#1495) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-12-18 23:08:00 +11:00
iliana etaoin
7cf8350894 Add unmaintained rusoto_credential (#1494) 
Rusoto has been deprecated for a while; this is a more formalized notice
of such. `rusoto_credential` is the most fundamental crate in the tree.
 2022-12-18 23:05:06 +11:00
github-actions[bot]
0a2faeb871 Assigned RUSTSEC-2022-0070 to secp256k1 (#1481) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-12-07 23:29:52 +01:00
Martin Habovštiak
3be728db50 Add soundness bug in secp256k1 API (#1480) 
* Add soundness bug in `secp256k1` API

Summary: Unsound API in `secp256k1` allows use-after-free and invalid
deallocation from safe code. This was fixed and backported to multiple
versions.

* Set `date` to the date of the original disclosure

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-12-07 23:28:57 +01:00
github-actions[bot]
b80f8edaa7 Assigned RUSTSEC-2022-0069 to hyper-staticfile (#1478) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-11-30 23:21:18 +01:00
Stéphan Kochen
b899cefba0 Add hyper-staticfile file disclosure on Windows (#1475) 
* Add hyper-staticfile file disclosure on Windows

* Fix version specification

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-11-30 23:20:13 +01:00
github-actions[bot]
3ce39c743d Assigned RUSTSEC-2022-0068 to capnp (#1477) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-11-30 23:16:39 +01:00
David Renshaw
42b34df60b add capnp bug: CVE-2022-46149 (#1476) 
* add capnp bug: CVE-2022-46149

* change canonical URL, add references and aliases

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-11-30 23:15:35 +01:00
Brandon Dyer
a66a3049c9 Patched slock (#1472) 2022-11-27 14:35:30 +01:00
github-actions[bot]
d339676e47 Assigned RUSTSEC-2021-0145 to atty (#1470) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-11-22 19:51:39 +11:00
niluxv
610c537916 Add atty potential unsoundness (unaligned read) advisory (#1462) 
Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-11-22 19:42:13 +11:00
Alexis Mousset
92a6db9442 Update to cargo-admin 0.8.4 (#1469) 2022-11-19 17:56:18 +01:00
github-actions[bot]
0608c47076 Assigned RUSTSEC-2022-0067 to lzf (#1466) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-11-07 16:39:46 +11:00
Jan-Erik Rediger
c7e3a0aadd Add lzf use-of-uninitialized-value advisory (#1465) 
Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Ben Kimock <kimockb@gmail.com>
 2022-11-07 16:38:48 +11:00
Sergey "Shnatsel" Davidoff
e3e6897754 Update RUSTSEC-2019-0024.md (#1464) 2022-11-05 18:45:24 +01:00
Sergey "Shnatsel" Davidoff
513609341f Update CODE_OF_CONDUCT.md (#1463) 2022-11-05 01:23:27 +01:00
Sergey "Shnatsel" Davidoff
fba5b61dfc Bump rustsec-admin to 0.8.3 (#1460) 2022-11-03 22:16:21 +01:00