OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
904 Commits 1 Branch 0 Tags
47061ba3104e3b4fa7ca114cbc24ebc51e90525c
Commit Graph

515 Commits

Author SHA1 Message Date
Yechan Bae
47061ba310 Report 0025-im to RustSec 2021-01-18 15:50:10 -05:00
JOE1994
efb79effca report double drop issue in glsl-layout 2021-01-18 15:41:35 -05:00
Shnatsel
47d589b0bd Assigned RUSTSEC-2021-0004 to lazy-init 2021-01-18 19:54:50 +00:00
Sergey "Shnatsel" Davidoff
6703edaf88 apply review changes 2021-01-18 20:51:26 +01:00
Niklas Fiekas
6ea698b85d lazy-init: Missing Send bound for Lazy (khuey/lazy-init#9) 2021-01-17 21:41:50 +01:00
Yechan Bae
b08a98acc7 Fix typo in http CVE number (#564) 2021-01-15 07:32:15 -08:00
Jeffrey Robinson
14b29c77eb Typo in RUSTSEC-2020-0013 (#562) 
Minor typo.
 2021-01-14 09:57:27 -08:00
Matt Brubeck
7feb037b84 RUSTSEC-2020-0017.md (use-after-free in internment) is fixed (#554) 
The vulnerability in this report was fixed in internment 0.4.0.  For details, see
https://github.com/droundy/internment/issues/11#issuecomment-758862385.
 2021-01-12 11:05:27 -08:00
Shnatsel
519862dda6 Assigned RUSTSEC-2021-0003 to smallvec 2021-01-08 18:14:52 +00:00
Matt Brubeck
dfe84fd15f smallvec: Buffer overflow in insert_many 2021-01-08 09:57:23 -08:00
Sergey "Shnatsel" Davidoff
aa3b156442 do not suggest pretty_assertions as an alternative 
because it depends on `difference`
 2021-01-07 05:01:36 +01:00
Shnatsel
87208edb17 Assigned RUSTSEC-2020-0094 to reffers, RUSTSEC-2020-0095 to difference 2021-01-06 16:13:10 +00:00
Sergey "Shnatsel" Davidoff
9ff73c540d Merge pull request #538 from brightly-salty/difference 
Create advisory for difference
 2021-01-06 17:12:25 +01:00
Youngsuk Kim
89a73839e7 add advisory for data race in reffers (#533) 2021-01-06 08:10:43 -08:00
github-actions[bot]
31d74c5408 Assigned RUSTSEC-2021-0002 to interfaces2 (#549) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-01-06 08:07:19 -08:00
Sergey "Shnatsel" Davidoff
76a2a25ecc Merge pull request #545 from dalance/add_interfaces2 
Add advisory for interfaces2
 2021-01-06 17:06:05 +01:00
github-actions[bot]
4ef9441cbd Assigned RUSTSEC-2021-0001 to mdbook (#548) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-01-04 09:50:29 -08:00
Yechan Bae
846dfb93a3 Update CVE numbers (#542) 2021-01-04 09:02:59 -08:00
Pietro Albini
71c5fdb926 add CVE-2020-26297 to mdbook <= 0.4.4 (#546) 2021-01-04 07:55:43 -08:00
dalance
14a3b0cead Add advisory for interfaces2 2021-01-04 18:34:12 +09:00
Yechan Bae
79832ae026 Add CVE number for RUSTSEC-2020-0091 (#541) 2020-12-30 18:47:09 -05:00
brightly-salty
ae31f73141 Create advisory for difference 2020-12-20 20:32:18 -06:00
Shnatsel
06a9a03d3b Assigned RUSTSEC-2020-0093 to async-h1 2020-12-18 16:21:43 +00:00
Sergey "Shnatsel" Davidoff
ce0f9692ff drop commented-out fields 2020-12-18 17:21:04 +01:00
Jacob Rothstein
f8b4364f88 maybe appease linter? 2020-12-17 17:57:48 -08:00
Jacob Rothstein
fbb1d34eeb File an advisory for async-h1 < 2.3.0 2020-12-17 17:50:01 -08:00
github-actions[bot]
ac20d3a702 Assigned RUSTSEC-2020-0092 to concread (#535) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2020-12-17 14:42:35 -05:00
Youngsuk Kim
56276f96a6 Add advisory for data race in concread (#532) 2020-12-17 14:39:03 -05:00
github-actions[bot]
f64c4fc8bb Assigned RUSTSEC-2020-0091 to arc-swap (#531) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-11 10:31:21 -08:00
Michal 'vorner' Vaner
80d45a8d18 Dangling reference in arc_swap::access::Map (#530) 2020-12-11 10:09:15 -08:00
Lyndon Brown
4e0c71a0d6 Fix wrong url (#529) 
Mistake from fb2a1a6c47
 2020-12-11 06:38:51 -08:00
github-actions[bot]
189213fa5e Assigned RUSTSEC-2020-0090 to thex (#527) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:44:25 -08:00
Ammar Askar
f71bc5a6d3 Add advisory for data race in thex (#523) 2020-12-09 07:41:23 -08:00
github-actions[bot]
a043a90d0c Assigned RUSTSEC-2020-0089 to nanorand (#526) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:33:38 -08:00
aspen
e90491ebc6 Add nanorand 0.5.0 RNG weakness (#525) 2020-12-09 07:32:30 -08:00
tarcieri
955ad994f1 Assigned RUSTSEC-2020-0088 to magnetic 2020-12-07 17:34:10 +00:00
Yechan Bae
bd3cb8dd83 Report 0050-magnetic to RustSec (#519) 2020-12-07 09:33:32 -08:00
github-actions[bot]
f17cd12f02 Assigned RUSTSEC-2020-0087 to try-mutex (#521) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:33:02 -08:00
Yechan Bae
639d1b1be1 Report 0047-try-mutex to RustSec (#517) 2020-12-07 09:27:27 -08:00
github-actions[bot]
ed9dba3262 Assigned RUSTSEC-2020-0083 to safe_app, RUSTSEC-2020-0084 to safe_authenticator, RUSTSEC-2020-0085 to safe_vault, RUSTSEC-2020-0086 to safe_core (#520) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:22:02 -08:00
Stephen Coyle
61d315ae6f Renamed crates (#518) 
- `safe_core` has been renamed to `sn_client`
- `safe_app` has been superseded by `sn_client`
- `safe_authenticator` has been superseded by `sn_client`.
- `safe_vault` has been renamed to `sn_node`.
 2020-12-07 09:17:30 -08:00
Matt Brubeck
dec05d79ab Minor changes to wording of RUSTSEC-2020-0082 (#516) 
This clarifies that UB can happen during unwinding, and not only after
catching a panic.
 2020-12-06 15:25:23 -05:00
Shnatsel
65c6ad732d Assigned RUSTSEC-2020-0082 to ordered-float 2020-12-06 20:11:29 +00:00
Matt Brubeck
1b49d499c4 ordered_float:NotNan may contain NaN after unwinding in assignment operators 
After using an assignment operators such as `NotNan::add_assign`,
`NotNan::mul_assign`, etc., it was possible for the resulting `NotNan`
value to contain a `NaN`.  This could cause undefined behavior in safe
code, because the safe `NotNan::cmp` method contains internal unsafe
code that assumes the value is never `NaN`.  (It could also cause
undefined behavior in third-party unsafe code that makes the same
assumption, as well as logic errors in safe code.)

This was mitigated starting in version 0.4.0, by panicking if the
assigned value is NaN.  However, in affected versions from 0.4.0 onward,
code that continued after using unwinding to catch this panic could
still observe the invalid value and trigger undefined behavior.

The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring
that the assignment operators panic without modifying the operand, if
the result would be `NaN`.

Fix details:

https://github.com/reem/rust-ordered-float/pull/20
https://github.com/reem/rust-ordered-float/pull/71
 2020-12-06 12:07:22 -08:00
Shnatsel
af8dc79e89 Assigned RUSTSEC-2020-0081 to mio 2020-12-02 23:54:17 +00:00
Linus Färnstrand
3d7ea41f31 Add unaffected field for older mio 2020-12-03 00:51:55 +01:00
Linus Färnstrand
5f0bbd36c1 Add advisory on mio SocketAddr casting 2020-12-03 00:46:32 +01:00
Shnatsel
548b170bba Assigned RUSTSEC-2020-0080 to miow 2020-12-02 23:44:19 +00:00
Linus Färnstrand
6484507a67 Add advisory on miow SocketAddr casting 2020-12-03 00:41:13 +01:00
Shnatsel
7fb2641888 Assigned RUSTSEC-2020-0079 to socket2 2020-12-02 23:37:25 +00:00