OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-06 11:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
297 Commits 1 Branch 0 Tags
6d0db7286ecd544b30e1b7e195ed52d045af816e
Commit Graph

297 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
21a1767752 Merge pull request #148 from RustSec/RUSTSEC-2019-0018 
Assign RUSTSEC-2019-0018 to renderdoc
 2019-09-02 19:44:46 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Tony Arcieri
bbb7ff55c3 Merge pull request #147 from ebkalderon/add-renderdoc-ub-vuln 
Undefined behavior in renderdoc crate
 2019-09-02 19:36:19 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
6de62b1002 Merge branch 'master' into add-renderdoc-ub-vuln 2019-09-03 01:14:08 +08:00
Tony Arcieri
6e03d3c0b7 Merge pull request #146 from RustSec/rust-lang-vulns 
File standard libary/core vulns (closes RustSec/cargo-audit#46)
 2019-09-02 10:12:18 -07:00
Tony Arcieri
58db1ee63a File standard libary/core vulns (closes RustSec/cargo-audit#46) 
Files vulnerabilities in the standard library originally reported at:

https://groups.google.com/forum/#!forum/rustlang-security-announcements

Or otherwise collected at:

https://github.com/RustSec/cargo-audit/issues/46

The `rustsec` crate doesn't presently consume these, but I'd like to add
support ASAP.
 2019-09-02 09:54:05 -07:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
706203ce01 Merge pull request #145 from RustSec/support-toml 
support.toml: Initial file
 2019-09-01 17:16:07 -07:00
Tony Arcieri
a20aa8d0c8 support.toml: Initial file 
Adds an initial file indicating what version of the `rustsec` the
advisory database is compatible with. This is designed for use with
the corresponding feature in the `rustsec` crate:

https://github.com/RustSec/rustsec-crate/pull/76
 2019-09-01 17:04:28 -07:00
Tony Arcieri
2de10f5bce Merge pull request #144 from RustSec/RUSTSEC-2019-0017 
Assign RUSTSEC-2019-0017 to once_cell
 2019-09-01 13:34:18 -07:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
decd2c5c78 Merge pull request #142 from RustSec/RUSTSEC-2019-0016 
Assign RUSTSEC-2019-0016 to chttp
 2019-09-01 13:19:05 -07:00
Tony Arcieri
5b742bbc54 Assign RUSTSEC-2019-0016 to chttp 
Original PR: https://github.com/RustSec/advisory-db/pull/139
 2019-09-01 13:06:15 -07:00
Tony Arcieri
434b26a7e4 Merge pull request #139 from sagebind/sagebind-patch-1 
Add advisory for use-after-free in chttp 0.1.1, 0.1.2
 2019-09-01 13:04:31 -07:00
Tony Arcieri
8ed9e62129 Merge branch 'master' into sagebind-patch-1 2019-09-01 12:56:31 -07:00
Tony Arcieri
8476922c1c Merge pull request #141 from RustSec/RUSTSEC-2019-0015 
Assign RUSTSEC-2019-0015 to compact_arena
 2019-09-01 12:51:23 -07:00
Tony Arcieri
603012cd96 Assign RUSTSEC-2019-0015 to compact_arena 
Original PR: https://github.com/RustSec/advisory-db/pull/137
 2019-09-01 12:46:55 -07:00
Tony Arcieri
8bd5aa94aa Merge pull request #140 from RustSec/RUSTSEC-2019-0014 
Assign RUSTSEC-2019-0014 to image
 2019-09-01 12:44:28 -07:00
Tony Arcieri
c21ebf3341 Assign RUSTSEC-2019-0014 to image 
Original PR: https://github.com/RustSec/advisory-db/pull/135
 2019-09-01 12:37:49 -07:00
Stephen M. Coakley
439853f667 Create RUSTSEC-0000-0000.toml 2019-09-01 13:45:03 -05:00
llogiq
7b363b785a add out-of-bounds memory access in compact_arena < 0.4.0 (#137) 2019-09-01 10:54:20 -07:00
HeroicKatora
c8c41f939a Add hdr decoder use-after-free advisory (#135) 2019-09-01 10:46:14 -07:00
Tony Arcieri
f758dea601 Merge pull request #136 from RustSec/alex-patch-1 
Tell people to delete comments in the example advisory
 2019-08-31 12:56:09 -07:00
Alex Gaynor
de8a052d3e Tell people to delete comments in the example advisory 2019-08-31 15:27:07 -04:00
Tony Arcieri
07da5c8ed5 Merge pull request #133 from RustSec/RUSTSEC-2019-0013 
Assign RUSTSEC-2019-0013 to spin
 2019-08-28 10:36:26 -07:00
Tony Arcieri
44dc01298e Assign RUSTSEC-2019-0013 to spin 
Original PR: https://github.com/RustSec/advisory-db/pull/132
 2019-08-28 10:11:01 -07:00
Tony Arcieri
50a678280c Merge pull request #132 from 64/master 
Report vulnerability in spin crate's RwLock impl
 2019-08-28 10:09:24 -07:00
Matt Taylor
5568479c48 Clarify that users of Once are not affected 2019-08-28 06:37:10 +01:00
Matt Taylor
3c55761403 Report vulnerability in spin crate's RwLock impl 2019-08-27 20:09:09 +01:00
Tony Arcieri
f9de4aed5b Merge pull request #129 from RalfJung/memoffset 
actually memoffset also had an uninit-drop vuln
 2019-07-20 10:24:42 -07:00
Ralf Jung
9ec1ad0a9c typo 2019-07-20 13:45:36 +02:00
Ralf Jung
7e3423c7ec actually memoffset also had an uninit-drop vuln, and that affects all versions ever published 2019-07-20 12:56:59 +02:00
Tony Arcieri
ce7e93d4a9 Merge pull request #128 from RustSec/RUSTSEC-2019-0012 
Assign RUSTSEC-2019-0012 to smallvec
 2019-07-19 14:18:21 -07:00
Tony Arcieri
3a175b7b37 Assign RUSTSEC-2019-0012 to smallvec 
Original PR: https://github.com/RustSec/advisory-db/pull/127/
 2019-07-19 14:12:22 -07:00
Tony Arcieri
587ac0152c Merge pull request #127 from Shnatsel/patch-1 
Add advisory for smallvec issue #149
 2019-07-19 13:47:20 -07:00
Sergey "Shnatsel" Davidoff
150700481b Update RUSTSEC-0000-0000.toml 2019-07-19 21:45:40 +02:00
Sergey "Shnatsel" Davidoff
3b810f1c13 Add advisory for smallvec issue #149 2019-07-19 21:35:39 +02:00
Tony Arcieri
b8451d4f7f Merge pull request #126 from RustSec/RUSTSEC-2019-0011 
Assign RUSTSEC-2019-0011 to memoffset
 2019-07-17 10:02:13 -07:00
Tony Arcieri
4d673eedf4 Assign RUSTSEC-2019-0011 to memoffset 
Original PR: https://github.com/RustSec/advisory-db/pull/124
 2019-07-17 09:50:31 -07:00
Tony Arcieri
32d6ae5022 Merge pull request #124 from RalfJung/memoffset 
add memoffset issue
 2019-07-17 09:43:02 -07:00
Tony Arcieri
d18235728a Merge branch 'master' into memoffset 2019-07-17 08:37:20 -07:00
Tony Arcieri
a081494d7e Merge pull request #125 from RustSec/update-deps 
Update dependencies
 2019-07-16 12:39:44 -07:00
Tony Arcieri
e3b1fc14bc Update dependencies 
- `gumdrop` v0.6
- `rustsec` v0.12
- `crates-io-api` v0.5
 2019-07-16 12:15:09 -07:00
Ralf Jung
148b3d2dd0 add memoffset issue 2019-07-16 15:51:12 +02:00
Tony Arcieri
f7a0482e0f Merge pull request #123 from RustSec/RUSTSEC-2019-0010 
Assign RUSTSEC-2019-0010 to libflate
 2019-07-07 11:34:38 -07:00
Tony Arcieri
8b88d66355 Assign RUSTSEC-2019-0010 to libflate 
Original PR: https://github.com/RustSec/advisory-db/pull/122
 2019-07-07 11:25:05 -07:00
Tony Arcieri
27358aef48 Merge pull request #122 from Shnatsel/libflate-advisory 
Add advisory for libflate
 2019-07-07 10:49:08 -07:00