OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 02:25:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,399 Commits 1 Branch 0 Tags
4792a373b12231bb9a15cb57f52810d233b13d34
Commit Graph

1399 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
4792a373b1 Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-09 06:07:19 +02:00
Pratyush Mishra
674daf6fae ark_r1cs_std::mul_by_inverse generated unsound constraints in versions below 0.3.1 (#961) 
* `ark_r1cs_std::mul_by_inverse` was unsound in versions below `0.3.1`

* Fix category

* Add link to PR
 2021-07-09 06:06:05 +02:00
Sergey "Shnatsel" Davidoff
730c1e815a Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960) 
This reverts commit a9c31a6e25.
 2021-07-08 21:09:27 +02:00
github-actions[bot]
2d60adf54f Assigned RUSTSEC-2021-0074 to ammonia (#959) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 20:48:05 +02:00
Michael Howell
3533e434a6 Add rust-ammonia/ammonia#142 (#956) 
* Add rust-ammonia/ammonia#142

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md
 2021-07-08 20:46:50 +02:00
Sergey "Shnatsel" Davidoff
a9c31a6e25 Hotfix #957 until we figure out what to do with it (#958) 2021-07-08 20:34:15 +02:00
github-actions[bot]
7629432184 Assigned RUSTSEC-2021-0073 to prost-types (#955) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 19:27:50 +02:00
Lucio Franco
1889bffd67 prost-types: Timestamp conversion overflow (#954) 2021-07-08 19:25:47 +02:00
Sergey "Shnatsel" Davidoff
cbeaf18e2b Made RUSTSEC-2021-0072 not affect tokio 2.0 and later 2021-07-08 01:26:08 +02:00
github-actions[bot]
01ac699fd5 Assigned RUSTSEC-2021-0072 to tokio (#952) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 01:09:42 +02:00
Alice Ryhl
6f2157cba4 Add advisory for race condition in Tokio (#951) 
* Add RUSTSEC for tokio#3929

* Update version range

* Wrap with code fences

* Add advisory information

* Add unaffected

* Don't use tilde in version specification

it's not yet supported by rustsec v0.24

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-07-08 01:08:31 +02:00
Yechan Bae
afbc0dc9e1 Update five std CVEs (#946) 2021-07-06 12:36:13 -06:00
Tony Arcieri
23d8630fbe Bump rustsec-admin to v0.5.1 (#949) 2021-07-03 13:02:47 -06:00
Sergey "Shnatsel" Davidoff
34e9832a80 OSV export: fix handling of advisories without an ID (#948) 
* OSV export: fix handling of advisories without an ID

* job will fail without -f flag on rm
 2021-07-02 17:48:46 +02:00
Sergey "Shnatsel" Davidoff
9f3eb562a2 Add OSV export CI job (#947) 2021-07-02 17:22:13 +02:00
Sergey "Shnatsel" Davidoff
d5a60f2737 Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945) 2021-07-02 01:39:03 +02:00
Sergey "Shnatsel" Davidoff
84e3fb3121 Add withdrawn field (#942) 
* Add `withdrawn` field to advisories, recording the yank date

* Synthetic signed commit for testing

* Add `withdrawn` field to lubpulse-binding advisory forgotten on the first pass
 2021-06-30 00:08:30 +02:00
Tony Arcieri
1684325bb6 Bump rustsec-admin to v0.5.0 (#944) 2021-06-30 00:01:00 +02:00
Chojan Shang
220bc71988 Add patched version for flatbuffers RUSTSEC-2020-0009 (#943) 
Signed-off-by: Chojan Shang <psiace@outlook.com>
 2021-06-23 23:24:04 +02:00
David Marshall
cd87335b46 Update RUSTSEC-2021-0049.md (#941) 
https://nvd.nist.gov/vuln/detail/CVE-2021-29940
 2021-06-16 23:05:39 +02:00
github-actions[bot]
0d2022a191 Assigned RUSTSEC-2021-0071 to grep-cli (#940) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-06-15 00:43:22 +02:00
Andrew Gallant
ec6dbf077c crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939) 
* crates/grep-cli: add advisory for arbitrary binary execution on Windows

Ref https://github.com/BurntSushi/ripgrep/issues/1773

* drop commented out field

* crates/grep-cli: add more details about mitigation

Instead of dancing around it, we just say it: the main issue is that
std::process::Command will resolve relative binary names with respect to
the CWD first, because it just uses the Windows API for this.

More specifically, we call out the two particular mitigations that are
now in place.

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-06-15 00:42:25 +02:00
Sergey "Shnatsel" Davidoff
86ed56812a Add GHSA mentions to aliases field. This is becoming more important with OSV enabling interop between databases (#937) 2021-06-08 21:07:22 -04:00
Brad Gibson
958120be0a Update RUSTSEC-2020-0043.md (#934) 
Version of `parity-ws` containing fix now correctly reads `>=0.10.0', not '>0.10.0' (0.10.0 is the latest as of this writing and contains the fix).
 2021-06-07 23:06:52 +02:00
github-actions[bot]
9984f61e56 Assigned RUSTSEC-2021-0070 to nalgebra (#932) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-06-06 13:52:19 -04:00
Austin Hartzheim
46e657b29c Add advisory for nalgebra VecStorage/MatrixVec (#931) 2021-06-06 19:42:06 +02:00
Sergey "Shnatsel" Davidoff
40afced5fb Remove range overlaps, fix some range specifications (#930) 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
 2021-06-04 23:26:23 +02:00
Sergey "Shnatsel" Davidoff
3e51834f36 Make ranges in trust-dns-proto advisory non-overlapping (#929) 2021-06-04 18:38:56 +02:00
github-actions[bot]
aa04921a0e Assigned RUSTSEC-2021-0069 to lettre (#925) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2021-05-22 14:13:18 -04:00
Alexis Mousset
86e2c66460 Add lettre smtp vulnerability (#924) 2021-05-22 14:10:33 -04:00
github-actions[bot]
a845d0a94d Assigned RUSTSEC-2021-0068 to iced-x86 (#923) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-22 08:33:11 -07:00
Tony Arcieri
36bf272ac0 iced-x86: fix lint (#922) 2021-05-22 08:30:07 -07:00
Lander Brandt
23334c682b Add advisory for iced-x86 soundness bug (#914) 
* Add advisory for iced-x86 soundness bug

* Fix template format
 2021-05-22 08:20:37 -07:00
github-actions[bot]
256e923a29 Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-22 17:15:33 +02:00
Alex Gaynor
1c03843321 fixes #915 - remove duplicate word (#916) 2021-05-22 08:06:48 -07:00
Chris Fallin
c8a2c774a3 Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918) 2021-05-22 08:03:45 -07:00
Tony Arcieri
60b9a9e9c3 Bump rustsec-admin to v0.4.3 (#919) 2021-05-22 08:02:36 -07:00
Wei Tang
7e4cbf6107 evm-core: fix crate name (#911) 2021-05-11 18:59:58 -07:00
github-actions[bot]
26467a96c4 Assigned RUSTSEC-2021-0066 to evm (#910) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-11 23:27:39 +02:00
Wei Tang
a7ffa73f48 Add security advisory for evm crate related to memory over-allocation (#909) 2021-05-11 23:23:09 +02:00
Sergey "Shnatsel" Davidoff
bd8a0f6700 Add patched version for kekbit RUSTSEC-2020-0129 (#908) 2021-05-10 10:49:18 +02:00
github-actions[bot]
5b4c4f4d16 Assigned RUSTSEC-2021-0065 to anymap (#907) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-07 17:26:35 -07:00
Erick Tryzelaar
658266f614 anymap is unmaintained (#906) 
It appears that the anymap has been abandoned, and the most recent
released version contains a soundness bug that has been fixed upstream,
but never published to crates.io
 2021-05-07 17:19:04 -07:00
github-actions[bot]
444f649224 Assigned RUSTSEC-2021-0064 to cpuid-bool (#905) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-06 16:45:32 -07:00
Tony Arcieri
01a4733782 Add unmaintained crate advisory for cpuid-bool (#904) 
It has been renamed to `cpufeatures`. See:

https://github.com/RustCrypto/utils/pull/381
 2021-05-06 16:41:05 -07:00
github-actions[bot]
9279d5f03b Assigned RUSTSEC-2021-0063 to comrak (#903) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-04 10:46:29 +02:00
Asherah Connor
e8a9c4346b Add advisory for another comrak XSS (#902) 
Thanks to Sam Sanoop (snoopysecurity) for reporting.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
 2021-05-04 10:45:50 +02:00
Tony Arcieri
f26e762f20 aes* crates: add crate names to advisory titles (#901) 
The previous titles accidentally ommitted the crate names, making them
confusing during reporting.
 2021-05-03 18:28:43 -07:00
github-actions[bot]
106fe13cb4 Assigned RUSTSEC-2021-0062 to miscreant (#900) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 12:05:09 -07:00
Tony Arcieri
fe57ea233a Add unmaintained crate advisory for miscreant (#899) 2021-05-03 12:03:33 -07:00