OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 17:46:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
758 Commits 1 Branch 0 Tags
59bee556dd56ebbe139fe951db287e60a97b29bc
Commit Graph

758 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lyndon Brown
59bee556dd Add advisory for use-after-frees fixed in libpulse-binding v1.2.1 (#433) 2020-10-25 12:19:41 -07:00
github-actions[bot]
1e48ac3958 Assigned RUSTSEC-2019-0038 to libpulse-binding (#446) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:19:23 -07:00
Lyndon Brown
681a20408c Add advisory for notable UB fix in libpulse-binding v2.6.0 (#435) 2020-10-25 12:17:51 -07:00
github-actions[bot]
218de91af9 Assigned RUSTSEC-2020-0058 to stream-cipher (#445) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:14:03 -07:00
Tony Arcieri
5c9ebbfa87 Add unmaintained crate advisory for stream-cipher (#444) 
It's been renamed to `cipher`.
 2020-10-25 12:09:41 -07:00
github-actions[bot]
fa616899f0 Assigned RUSTSEC-2020-0057 to block-cipher (#443) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 12:05:32 -07:00
Tony Arcieri
8505c9578f Add unmaintained crate advisory for block-cipher (#442) 
It's been renamed to `cipher`.
 2020-10-25 12:04:19 -07:00
github-actions[bot]
691a7504be Assigned RUSTSEC-2020-0056 to stdweb (#441) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-25 11:57:46 -07:00
Tony Arcieri
acc73d9598 CI: bump rustsec-admin to v0.3.0-pre3 (#440) 
Trying to fix an `assign-id` bug
 2020-10-25 11:49:14 -07:00
Tony Arcieri
6544190137 Add unmaintained crate advisory for stdweb (#439) 
Closes #391
 2020-10-25 11:08:58 -07:00
Tony Arcieri
5751a5f4cc CI: bump rustsec-admin to v0.3.0-pre2 (#438) 
This version has the old TOML advisories fail lint, and also hopefully
fixes automatic ID assignment.
 2020-10-25 10:58:49 -07:00
Tony Arcieri
6e48979dab Add EXAMPLE_ADVISORY.md (#436) 
Adds an example advisory in the V3 format (#414) and updates the schema
information in README.md to reflect that.
 2020-10-22 07:05:44 -07:00
Tony Arcieri
fb2a1a6c47 Rename RUSTSEC-2020-0055 to RUSTSEC-2018-0020 (#437) 
It was accidentally filed under the wrong year.
 2020-10-22 06:49:26 -07:00
Sergey "Shnatsel" Davidoff
7338ca9c70 Addign RUSTSEC-2020-0055 to libpulse-binding 2020-10-22 05:31:42 +02:00
Sergey "Shnatsel" Davidoff
2034787c1e Merge pull request #434 from jnqnfe/b 
Add advisory for possible use-after-free fixed in libpulse-binding v2.5.0
 2020-10-22 05:28:57 +02:00
Lyndon Brown
c128a6bdcd Add advisory for possible use-after-free fixed in libpulse-binding v2.5.0 2020-10-22 03:15:42 +01:00
Sergey "Shnatsel" Davidoff
7d14cb7de8 Merge pull request #428 from taiki-e/rustsec-2020-0052 
Add CVE and GHSA to RUSTSEC-2020-0052
 2020-10-17 01:12:16 +02:00
Tony Arcieri
68af791cc2 Assign RUSTSEC-2020-{0053,0054} to dirs/directories (#431) 
Original PR: https://github.com/RustSec/advisory-db/pull/430/files
 2020-10-16 13:55:50 -07:00
melocene
e36c10d843 dirs and directories crates are unmaintained (#430) 2020-10-16 13:50:54 -07:00
Taiki Endo
7358a10d0d Add CVE and GHSA to RUSTSEC-2020-0052 2020-10-15 04:06:29 +09:00
Egor Larionov
b6bcce2c6b Add patch version for the unsoundness issue in dync (#427) 2020-10-13 07:41:52 -04:00
Sergey "Shnatsel" Davidoff
4da6145a2a Merge pull request #426 from RustSec/RUSTSEC-2020-0052-assign 
Assign RUSTSEC-2020-0052 to crossbeam-channel
 2020-10-11 15:16:57 +02:00
Sergey "Shnatsel" Davidoff
a2bb0aaa00 Assign RUSTSEC-2020-0052 to crossbeam-channel 2020-10-11 15:16:26 +02:00
Sergey "Shnatsel" Davidoff
75a51cb9f4 Merge pull request #425 from taiki-e/crossbeam-533 
Add advisory for UB in crossbeam-channel 0.4.3
 2020-10-11 15:00:30 +02:00
Taiki Endo
c764af890f Remove informational field 2020-10-11 21:55:54 +09:00
Taiki Endo
8b71717eb4 Add categories and informational fields 2020-10-11 17:27:18 +09:00
Taiki Endo
ba83b81ec4 Add advisory for UB in crossbeam-channel 0.4.3 2020-10-11 16:57:44 +09:00
Tony Arcieri
8c4b6b7d43 RUSTSEC-2019-0031: spin is maintained (#424) 
We added `yanked = true` to the advisory, however it doesn't seem to be
having the intended effect (the query for unmaintained crates is
probably failing to exclude the yanked advisories)

This is another workaround which makes the `unaffected` requirement
match all versions. Hopefully this means that `spin` will stop being
reported as unmaintained.
 2020-10-10 07:19:19 -07:00
Sergey "Shnatsel" Davidoff
bd86384ca5 Merge pull request #423 from zesterer/master 
Yanked spin unmaintained advisory
 2020-10-08 13:31:14 +02:00
Joshua Barretto
279da1f813 Yanked spin unmaintained advisory 2020-10-08 12:24:25 +01:00
Sergey "Shnatsel" Davidoff
7450b9f82f Merge pull request #422 from ammaraskar/patch-1 
Add patched version for atom crate.
 2020-10-06 16:30:39 +02:00
Ammar Askar
6034646f24 Add patched version for atom crate. 2020-10-06 10:28:04 -04:00
Tony Arcieri
777546f938 CI: use rustsec-admin v0.3.0-pre in assign-ids step (#421) 2020-10-02 10:56:11 -07:00
Tony Arcieri
ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
 2020-10-01 18:29:11 -07:00
Tony Arcieri
2770460f9c RUSTSEC-2020-0011: rename obsolete to yanked (#419) 
This field name has changed
 2020-10-01 13:56:35 -07:00
Tony Arcieri
7af8522208 Assign RUSTSEC-2019-0037 to pnet (#418) 
Original PR: https://github.com/RustSec/advisory-db/pull/335
 2020-10-01 08:30:38 -07:00
Vladimir
7c95e1b1a1 libpnet (#335) 
Co-authored-by: 0xd34b33f <0xd34b33f@users.noreply.github.com>
 2020-10-01 08:21:28 -07:00
github-actions[bot]
b136b74460 Assigned RUSTSEC-2020-0051 to rustsec (#416) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-01 08:21:08 -07:00
Tony Arcieri
bfa9e12685 Add rustsec crate advisory for breaking changes to advisory format (#415) 
In theory this advisory should trigger this feature of `cargo-audit`
which checks for advisories filed against the `rustsec` crate:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

After merging, I will test with an older `cargo-audit` version to see if
it has the intended effect.
 2020-10-01 08:19:41 -07:00
Sergey "Shnatsel" Davidoff
707e364a4a Merge pull request #412 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0050 to dync
 2020-09-27 21:10:40 +02:00
github-actions[bot]
a1f39cc8c9 Assigned RUSTSEC-2020-0050 to dync 2020-09-27 19:10:29 +00:00
Sergey "Shnatsel" Davidoff
b5a4582a26 Merge pull request #411 from ammaraskar/0018-dync 
Add misaligned-access soundness issue for dync crate
 2020-09-27 21:09:51 +02:00
Ammar Askar
7f5deb94c0 Add misaligned-access soundness issue for dync crate 2020-09-27 11:59:16 -07:00
Sergey "Shnatsel" Davidoff
cdbb09428a Merge pull request #410 from RustSec/assign-ids 
Assigned RUSTSEC-2018-0019 to actix-web
 2020-09-26 22:38:22 +02:00
github-actions[bot]
fe2503798e Assigned RUSTSEC-2018-0019 to actix-web 2020-09-26 20:38:10 +00:00
Sergey "Shnatsel" Davidoff
c6d6a43c6d Merge pull request #409 from RustSec/old-actix 
Add advisory for very old, unsound actix-web
 2020-09-26 22:37:35 +02:00
Sergey "Shnatsel" Davidoff
2522178d5b Add advisory for very old, unsound Actix 2020-09-26 22:12:12 +02:00
Sergey "Shnatsel" Davidoff
2c3b462fbb Merge pull request #408 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0049 to actix-codec
 2020-09-26 21:52:05 +02:00
github-actions[bot]
cc3f69c160 Assigned RUSTSEC-2020-0049 to actix-codec 2020-09-26 19:51:53 +00:00
Sergey "Shnatsel" Davidoff
0ef27ed422 Merge pull request #407 from RustSec/actix-codec-pin 
Advisory for unsound pinning in actix-codec
 2020-09-26 21:51:21 +02:00