OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
84 Commits 1 Branch 0 Tags
72a4178ca1ea7fb1fc6376b47ea7ea74661be4d3
Commit Graph

84 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
72a4178ca1 Advisory: openssl <0.9.0 may be vulnerable to MitM due to weak defaults 2018-07-24 10:47:29 -07:00
Tony Arcieri
607d038c42 Merge pull request #46 from RustSec/readme-template-fixups 
README.md: Fixups for TOML template
 2018-07-24 08:20:29 -07:00
Tony Arcieri
9c2f9c39a7 README.md: Fixups for TOML template 
Add `id` field, cleanup comments, mandatory/optional notes, and ordering
 2018-07-24 08:07:28 -07:00
Tony Arcieri
ad30725335 Merge pull request #45 from RustSec/readme-cleanups 
README.md: Better highlight cargo-audit and cleanup copy
 2018-07-23 17:31:28 -07:00
Tony Arcieri
992eff3473 README.md: Better highlight cargo-audit and cleanup copy 2018-07-23 17:26:14 -07:00
Tony Arcieri
278cd5b7ce Merge pull request #44 from RustSec/readme-vuln-reporting 
README.md: Add vuln reporting instructions
 2018-07-23 16:42:13 -07:00
Tony Arcieri
5afa669831 README.md: Add vuln reporting instructions 2018-07-23 16:35:33 -07:00
Tony Arcieri
50686ad52d Merge pull request #43 from RustSec/contributing 
CONTRIBUTING.md: Vulnerability reporting instructions and criteria
 2018-07-23 14:10:50 -07:00
Tony Arcieri
2505020c63 CONTRIBUTING.md: Vulnerability reporting instructions and criteria 
This is long overdue! (see #25) It provides basic instructions for
filing advisories against the database, and also some guidelines
for what types of vulnerabilities qualify.
 2018-07-23 13:44:47 -07:00
Tony Arcieri
bb7ef0697c Merge pull request #42 from RustSec/convert-check-to-bin 
Convert CI check process to use a bin instead of testing a lib
 2018-07-23 12:36:02 -07:00
Tony Arcieri
b139f2db89 Convert CI check process to use a bin instead of testing a lib 
This allows us to add some additional commands to the Rust-based part of
this crate.
 2018-07-23 12:28:10 -07:00
Tony Arcieri
187c9feef5 Merge pull request #41 from RustSec/readme-gitter-badge 
README.md: Add gitter badge
 2018-07-23 11:42:35 -07:00
Tony Arcieri
2777a29883 README.md: Add gitter badge 2018-07-23 11:34:22 -07:00
Tony Arcieri
ffbf3cf971 Merge pull request #40 from RustSec/rustsec-0-7 
Update 'rustsec' crate to 0.7
 2018-07-22 17:59:28 -07:00
Tony Arcieri
f5d0ea12a2 Update 'rustsec' crate to 0.7 2018-07-22 17:51:45 -07:00
Tony Arcieri
5920a40e72 Merge pull request #39 from RustSec/rustsec-0-7-0-alpha3 
Update to 'rustsec' crate v0.7.0-alpha3
 2018-07-22 13:38:25 -07:00
Tony Arcieri
f9af1317ac Update to 'rustsec' crate v0.7.0-alpha3 
Testing the alpha crate on the live repository prior to a final release
 2018-07-22 13:29:03 -07:00
Tony Arcieri
cd58ff39f8 Merge pull request #38 from RustSec/remove-dwf-tag-in-favor-of-aliases 
Rename "dwf" TOML tag to "aliases" (closes #36)
 2018-07-21 20:12:38 -07:00
Tony Arcieri
cb81d3ceaa Rename "dwf" TOML tag to "aliases" (closes #36) 
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
 2018-07-21 19:47:30 -07:00
Tony Arcieri
cf97bdac6e Merge pull request #37 from RustSec/add-ids-to-all-advisories 
crates: Add 'id' attribute to all advisories
 2018-07-21 15:31:29 -07:00
Tony Arcieri
79fd13ac6f crates: Add 'id' attribute to all advisories 
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
 2018-07-21 15:22:39 -07:00
Tony Arcieri
953f4ca263 Merge pull request #35 from mbrubeck/smallvec 
More patched versions released for smallvec
 2018-07-20 10:38:02 -07:00
Matt Brubeck
194883b71e More patched versions released for smallvec 2018-07-20 10:31:28 -07:00
Tony Arcieri
f5cba30107 Merge pull request #33 from RustSec/maintained-badge 
README.md: Add a 'maintained' shield from shields.io
 2018-07-19 20:26:04 -07:00
Tony Arcieri
2c7428eeaf README.md: Add a 'maintained' shield from shields.io 2018-07-19 20:01:05 -07:00
Tony Arcieri
5036eee5ae Merge pull request #32 from RustSec/code-of-conduct 
Adopt the Contributor Covenant (version 1.4)
 2018-07-19 19:41:37 -07:00
Tony Arcieri
faf18b8d1d Adopt the Contributor Covenant (version 1.4) 
https://www.contributor-covenant.org/
 2018-07-19 19:34:09 -07:00
Tony Arcieri
81d7c1feda Merge pull request #31 from RustSec/fix-rustsec-2018-0002 
Advisories.toml: Fix RUSTSEC-2018-0002
 2018-07-19 19:31:25 -07:00
Tony Arcieri
0a1d62c88d Advisories.toml: Fix RUSTSEC-2018-0002 
`RUSTSEC-2018-0002` was previously assigned to `tar`, but never added to
`Advisories.toml`.

The merge workflow for this could definitely use some
improvements/automation.
 2018-07-19 19:26:08 -07:00
Tony Arcieri
7855ffa911 Assign RUSTSEC-2018-0003 to smallvec 
Original PR:

https://github.com/RustSec/advisory-db/pull/30
 2018-07-19 19:20:54 -07:00
Tony Arcieri
569e6ad8b0 Merge pull request #30 from mbrubeck/smallvec 
Advisory: Possible double free in SmallVec::insert_many
 2018-07-19 19:00:02 -07:00
Matt Brubeck
fd11c62bc5 Advisory: Possible double free in SmallVec::insert_many 
For details, see:

* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
 2018-07-19 15:00:38 -07:00
Tony Arcieri
c21aa4af35 Merge pull request #26 from alexcrichton/tar 
Aribtrary filesystem writes in tar 0.4.15 and older
 2018-06-30 10:34:06 +01:00
Alex Crichton
1e553ef856 Aribtrary filesystem writes in tar 0.4.15 and older 
More details inside!
 2018-06-29 13:19:26 -07:00
Tony Arcieri
3c0458d26b Assign RUSTSEC-2018-0001 to untrusted 
Original PR:

https://github.com/RustSec/advisory-db/pull/24
 2018-06-26 00:13:01 +01:00
Tony Arcieri
0c1ba96e69 Merge pull request #24 from oherrala/untrusted-0-6-2 
Advisory: An integer underflow in untrusted 0.6.1 and older which could lead to panic
 2018-06-26 00:05:13 +01:00
Ossi Herrala
f5c8d09051 An integer underflow in untrusted 0.6.1 and older 2018-06-25 21:56:39 +03:00
Tony Arcieri
e8b8bf897a Merge pull request #23 from frewsxcv/patch-1 
RUSTSEC-2017-0004 is also known as CVE-2017-1000430
 2017-12-30 07:45:20 -08:00
Corey Farwell
18d848d456 RUSTSEC-2017-0004 is also known as CVE-2017-1000430 2017-12-29 13:49:40 -08:00
Tony Arcieri
ce29282ad4 RUSTSEC-2017-0001 is also known as CVE-2017-1000168 2017-08-24 08:45:54 -07:00
Tony Arcieri
fafc60ceee Assign RUSTSEC-2017-0005 to cookie 
Original PR:

https://github.com/RustSec/advisory-db/pull/22
 2017-05-08 07:56:46 -07:00
Tony Arcieri
f61627af74 Merge pull request #22 from erickt/master 
Advisory: cookie denial of service
 2017-05-08 07:55:00 -07:00
Erick Tryzelaar
bfcf9e99c2 Advisory: cookie denial of service 2017-05-07 16:06:21 -07:00
Tony Arcieri
524d876a8a Assign RUSTSEC-2017-0004 to base64 
Original PR:

https://github.com/RustSec/advisory-db/pull/21
 2017-05-04 09:52:29 -07:00
Tony Arcieri
9680afb237 Merge pull request #21 from AGWA-forks/master 
Advisory: base64 heap-based buffer overflow
 2017-05-04 09:49:47 -07:00
Andrew Ayer
b9a0862f48 Advisory: base64 heap-based buffer overflow 2017-05-03 17:05:46 -07:00
Tony Arcieri
7e9846989a Merge pull request #17 from RustSec/RUSTSEC-2017-0003 
Assign RUSTSEC-2017-0003 to security-framework
 2017-03-15 22:37:09 -07:00
Tony Arcieri
e6b5f1a74f Assign RUSTSEC-2017-0003 to security-framework 
Original PR:

https://github.com/RustSec/advisory-db/pull/16
 2017-03-15 22:34:43 -07:00
Tony Arcieri
7148181bb8 Merge pull request #16 from sfackler/security-framework 
Advisory: security-framework hostname verification bypass
 2017-03-15 22:29:35 -07:00
Steven Fackler
ffb475d466 Advisory: security-framework hostname verification bypass 2017-03-15 11:47:14 -07:00