OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
555 Commits 1 Branch 0 Tags
49fcc50d2b596defa5a1fc2cfaef4ebafddf46f2
Commit Graph

260 Commits

Author SHA1 Message Date
Yechan Bae
49fcc50d2b Reflect PR feedback and describe what might happen 2020-06-30 17:21:28 -04:00
Yechan Bae
8149410e8d Fix toml format error 2020-06-29 01:40:06 -04:00
Yechan Bae
7c96397ea1 Security advisory for AtheMathmo/rulinalg#201 2020-06-28 01:48:42 -04:00
Tony Arcieri
5049594b75 Add unmaintained crate advisory for block-cipher-trait (RUSTSEC-2020-0018) (#310) 
* Add unmaintained crate advisory for `block-cipher-trait`

It's been renamed to `block-cipher`. See:

https://github.com/RustCrypto/traits/pull/139

* Assign RUSTSEC-2020-0018 to block-cipher-trait
 2020-06-10 11:22:55 -07:00
Tony Arcieri
8587ec259a Assign RUSTSEC-2020-0017 to internment (#309) 
Original PR: https://github.com/RustSec/advisory-db/pull/306
 2020-06-07 08:19:36 -07:00
Jeremy Fitzhardinge
0f5a2dc239 Add advisory for internment (#306) 
`internment` 0.3.12 has a race condition in ArcIntern::drop which can
result in use-after-free.
 2020-06-07 07:55:58 -07:00
Tony Arcieri
7d4ce9ae4f Assign RUSTSEC-2018-0017 to tempdir 
Original PR: https://github.com/RustSec/advisory-db/pull/295
 2020-05-17 08:58:19 -07:00
Tony Arcieri
4853671ffa Merge pull request #295 from oherrala/tempdir 
tempdir crate has been deprecated since 2018-02-13
 2020-05-17 08:54:35 -07:00
Tony Arcieri
1639be6561 Assign RUSTSEC-2020-0016 to net2 
Original PR: https://github.com/RustSec/advisory-db/pull/296
 2020-05-17 08:52:19 -07:00
Ossi Herrala
a3c68605c7 net2 crate has been deprecated; use socket2 instead 
Fixes #285
 2020-05-13 10:45:41 +03:00
Ossi Herrala
25f622bacf tempdir crate has been deprecated since 2018-02-13. 2020-05-13 10:18:39 +03:00
Tony Arcieri
e44e26f397 Assign RUSTSEC-2020-0015 to openssl-src 
Original PR: https://github.com/RustSec/advisory-db/pull/277/files
 2020-05-04 16:39:42 -07:00
Tony Arcieri
f2feb205c6 Merge pull request #277 from lzutao/cve-openssl 
warn about CVE-2020-1967
 2020-05-04 16:38:10 -07:00
Manish Goregaokar
2b2b57668d RUSTSEC-2020-0011: make obsolete 2020-04-25 20:47:58 -07:00
Christopher Durham
c63704f56b RUSTSEC-2020-0011: make wording more objective 2020-04-25 15:10:50 -04:00
Tony Arcieri
63ca3a7793 RUSTSEC-2020-0011: mark as informational 
See discussion on https://github.com/RustSec/advisory-db/issues/275#issuecomment-619241211
 2020-04-25 12:00:31 -07:00
Lzu Tao
cff4f820ac warn about CVE-2020-1967 2020-04-25 15:38:14 +00:00
Tony Arcieri
183f65dfd1 Assign RUSTSEC-2020-0014 to rusqlite 
Original PR: https://github.com/RustSec/advisory-db/pull/267
 2020-04-24 12:40:14 -07:00
Tony Arcieri
dea12f0602 Merge pull request #267 from thomcc/rusqlite 
Add advisory for rusqlite
 2020-04-24 12:39:27 -07:00
Tony Arcieri
2d87929fc8 Assign RUSTSEC-2020-0013 to fake-static 
Original PR: https://github.com/RustSec/advisory-db/pull/270
 2020-04-24 12:37:27 -07:00
Tony Arcieri
79a4b2fe7f Merge pull request #270 from eduardosm/fake-static 
Add advisory for fake-static
 2020-04-24 12:36:49 -07:00
Tony Arcieri
a4b88992e9 Assign RUSTSEC-2020-0012 to os_str_bytes 
Original PR: https://github.com/RustSec/advisory-db/pull/269
 2020-04-24 12:35:29 -07:00
Tony Arcieri
e64a5618c6 Merge pull request #269 from eduardosm/os_str_bytes 
Add advisory for os_str_bytes
 2020-04-24 12:34:37 -07:00
Tony Arcieri
2a0ed62cd1 Assign RUSTSEC-2020-0011 to plutonium 
Original PR: https://github.com/RustSec/advisory-db/pull/268
 2020-04-24 12:30:55 -07:00
Eduardo Sánchez Muñoz
6e85444c98 Add advisory for fake-static 2020-04-24 12:57:07 +02:00
Naja Melan
ab1840c2be Try an empty array for patched versions. 
Co-Authored-By: Tony Arcieri <bascule@gmail.com>
 2020-04-24 06:05:59 +00:00
Eduardo Sánchez Muñoz
16a2f4c592 Add advisory for os_str_bytes 2020-04-24 00:23:27 +02:00
Naja Melan
b761cd7428 Advisory for plutonium. 2020-04-23 23:26:08 +02:00
Thom Chiovoloni
f8c59e28af Add advisory for rusqlite 2020-04-23 10:29:27 -07:00
Tony Arcieri
7a2a72d069 Assign RUSTSEC-2017-0007 to lz4-compress 
Original PR: https://github.com/RustSec/advisory-db/pull/264
 2020-04-16 17:23:59 -07:00
Sergey "Shnatsel" Davidoff
6282ddf273 change advisory number to pass the linter 2020-04-17 02:07:56 +02:00
Sergey "Shnatsel" Davidoff
bbcceb735f Mark lz4-compress as unmaintained 2020-04-17 02:04:58 +02:00
Tony Arcieri
c427489358 Assign RUSTSEC-2020-0010 to tiberius 
Original PR: https://github.com/RustSec/advisory-db/pull/262
 2020-04-16 08:59:42 -07:00
Tony Arcieri
cce1d47240 Add tiberius unmaintained advisory 2020-04-16 08:46:03 -07:00
Tony Arcieri
577308d91b Assign RUSTSEC-2020-0009 to flatbuffers 
Original PR: https://github.com/RustSec/advisory-db/pull/259
 2020-04-14 07:48:53 -07:00
Eduardo Sánchez Muñoz
4399b9e310 Improve advisory for flatbuffers. 2020-04-11 16:09:15 +02:00
Eduardo Sánchez Muñoz
cbeef93cf0 Add advisory for flatbuffers 2020-04-11 13:25:30 +02:00
Pavlos Poulakis
c22f80eb55 Add unaffected field to RUSTSEC-2020-0008. 2020-04-01 13:28:48 +01:00
Eliza Weisman
9889ed0831 Fix patched version for RUSTSEC-2020-0008 
The vulnerability description for advisory RUSTSEC-2020-0008, "Flaw in
hyper allows request smuggling by sending a body in GET requests", lists
an incorrect patched version. The advisory states that the vulnerability
was fixed in `hyper` 0.12.35, but `hyper`'s changelog [shows][1] that 
the patch (hyperium/hyper@23fc8b0) was published in 0.12.34. I believe
that this means that `cargo audit` will incorrectly report patched 
versions as vulnerable.

This PR corrects the listed version.

[1]: https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v01234-2019-09-04
 2020-03-31 10:41:53 -07:00
Tony Arcieri
6053e3a05f Assign RUSTSEC-2020-0008 to hyper 
Original PR: https://github.com/RustSec/advisory-db/pull/255
 2020-03-31 10:07:02 -07:00
Demi M. Obenour
91eed85346 Note that another vulnerability is needed for RCE 
Also make some trivial changes to pass the linter.
 2020-03-30 18:59:14 -04:00
Demi M. Obenour
8b6786f78c Merge branch 'master' into smuggling 2020-03-30 18:38:47 -04:00
Tony Arcieri
4de36fe70a Assign RUSTSEC-2020-0007 to bitvec 
Original PR: https://github.com/RustSec/advisory-db/pull/253
 2020-03-30 12:45:16 -07:00
Alexander Payne
70389f6a25 Report memory management error in bitvec 
See myrrlyn/bitvec#55
 2020-03-27 16:10:15 -06:00
Tony Arcieri
ab9cad4eba Assign RUSTSEC-2020-0006 to bumpalo 
Original PR: https://github.com/RustSec/advisory-db/pull/251
 2020-03-24 14:21:56 -07:00
Nick Fitzgerald
2a32306fa8 bumpalo: Report memory exposure bug in realloc 2020-03-24 14:12:17 -07:00
Tony Arcieri
da46c54637 Assign RUSTSEC-2020-0005 to cbox 
Original PR: https://github.com/RustSec/advisory-db/pull/246
 2020-03-23 09:25:44 -07:00
Tony Arcieri
d99e1f9c94 Merge branch 'master' into cbox 2020-03-23 09:09:25 -07:00
Paul Hummer
ca7a01db12 fix: update patched version for 2019-0028 
This patch updates the `RUSTSEC-2019-0028` advisory to show a patched
version is available. The patch was added [in PR 5554](https://github.com/google/flatbuffers/pull/5554),
and released with version `0.6.1`.
 2020-03-19 15:46:22 -06:00
Eduardo Sánchez Muñoz
ce9b3be5b3 Add advisory for cbox 2020-03-19 20:23:50 +01:00