OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,958 Commits 1 Branch 0 Tags
735bd0286f0340cdaae0da30006928cea5feb573
Commit Graph

1958 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
735bd0286f Assigned RUSTSEC-2023-0027 to async-nats, RUSTSEC-2023-0028 to buf_redux (#1664) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:42:41 +11:00
Ossi Herrala
b3d6563b3b Add unmaintained buf_redux (#1614) 
* Add unmaintained advisory of buf_redux

Fixes #1602

* Fil in the advisory

* Wording fixes

* Typo fix

* Wording fixes

* Grammar

* Alloc not core crate for Vec

* Add fork option

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-25 02:39:27 +11:00
Paolo Barbolini
6035ece499 async-nats MitM vulnerability (#1661) 
* Create RUSTSEC-0000-0000.md

* Add category

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* Improve title

* Improve the description and reintroduce formatting

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2023-03-24 15:38:47 +00:00
github-actions[bot]
c48913e44d Assigned RUSTSEC-2023-0025 to git-hash, RUSTSEC-2023-0026 to git-path (#1663) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:33:49 +11:00
Kyle Huey
83e7443d27 Add "unmaintained" advisories for all old Gitoxide crates. (#1644) 
* Add "unmaintained" advisories for all old Gitoxide crates.

Gitoxide mass renamed its crates from git-<crate> to gix-<crate>,
and the old crate names are no longer receiving updates. Create
advisories for all of them with messages pointing to the new crates.

* Reduce to main leaf crates trigger points

Co-authored-by: Sebastian Thiel <sebastian.thiel@icloud.com>

* git-features uses git-hash

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Sebastian Thiel <sebastian.thiel@icloud.com>
 2023-03-25 02:33:23 +11:00
Sergey "Shnatsel" Davidoff
d6377e0188 Fix CI always using an outdated version of rustsec-admin (#1660) 
* Fix CI always using an outdated version of rustsec-admin

* Bump the cache key in tandem with version bump

* Dummy commit to make sure CI works on subsequent runs

* Check that the required version is installed, reinstall if not

* Fix shell syntax

* Dummy commit to make sure CI works on subsequent runs
 2023-03-24 14:38:59 +00:00
github-actions[bot]
cda37f498a Assigned RUSTSEC-2023-0024 to openssl (#1659) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:55:44 -04:00
Paul Kehrer
be5a1c9d27 X509Extension::new and X509Extension::new_nid null ptr deref (#1658) 2023-03-23 22:55:14 -04:00
github-actions[bot]
221585e32d Assigned RUSTSEC-2023-0023 to openssl (#1657) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:47:26 -04:00
Paul Kehrer
5a9bbcceed openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read (#1656) 
* openssl file disclosure

* Update crates/openssl/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2023-03-23 22:46:37 -04:00
github-actions[bot]
f863caf8fd Assigned RUSTSEC-2023-0022 to openssl (#1655) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:21:14 -04:00
Paul Kehrer
929acd512d openssl X509NameBuilder::build thread safety (#1654) 
* openssl X509NameBuilder::build thread safety

* Update crates/openssl/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2023-03-23 22:20:39 -04:00
Tony Arcieri
7fcf849f8d README.md: update maintained badge (#1653) 2023-03-23 08:25:13 -06:00
github-actions[bot]
64bba30087 Assigned RUSTSEC-2022-0092 to rmp-serde (#1651) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-22 21:06:54 +00:00
sidunder
458519d840 Add advisory rmp-serde (#1650) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-22 21:03:41 +00:00
github-actions[bot]
802c58bc5b Assigned RUSTSEC-2023-0021 to stb_image (#1648) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-19 15:53:19 +00:00
Matt Brubeck
06a7d1fd04 NULL pointer dereference in stb_image (#1647) 2023-03-19 15:52:01 +00:00
MOZGIII
0888b44843 Update 2022-0076 wasmtime v1 accessor #1645 (#1646) 
* A follow-up after #1645

This is technically required for correctness, as v1 doesn't have this fn at all.

* Update RUSTSEC-2022-0076.md

* Update RUSTSEC-2022-0076.md

Proper v1 fn

* Comma to the rescue

* TOML Tables

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-16 10:49:40 +11:00
MOZGIII
0d3e22c5c8 Update RUSTSEC-2022-0076.md with v1 patch (#1645) 
* Update RUSTSEC-2022-0076.md

The details page at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg says the v1 also has a patched release.

* Correct versions

* Affected fn SemVers

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-16 10:21:27 +11:00
github-actions[bot]
eb28e72f18 Assigned RUSTSEC-2023-0020 to const-cstr (#1642) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-13 05:38:56 +11:00
Ossi Herrala
5c4217537b Add unsound const-cstr (#1613) 
* Add unmaintained advisory for const-cstr

* Fill advisory

* Adjust date

* Fix typo

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Nugine <nugine@foxmail.com>
 2023-03-13 05:36:53 +11:00
github-actions[bot]
fa80f68070 Assigned RUSTSEC-2021-0153 to encoding (#1641) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 18:17:34 +11:00
sidunder
2284b69dd8 Add advisory encoding (#1608) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-12 18:16:58 +11:00
github-actions[bot]
10278a154a Assigned RUSTSEC-2019-0040 to boxfnonce (#1640) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 18:15:02 +11:00
sidunder
4bb7a93998 Add boxfnonce informational advisory (#1609) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-12 18:14:13 +11:00
github-actions[bot]
d1e7c68b39 Assigned RUSTSEC-2020-0168 to mach (#1639) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 17:59:25 +11:00
Ossi Herrala
6fb0acdee6 Add unmaintained advisory for mach (#1616) 
* Add unmaintained advisory for mach

* Update crates/mach/RUSTSEC-0000-0000.md

Align standard format

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-03-12 17:58:36 +11:00
github-actions[bot]
eab0949bf8 Assigned RUSTSEC-2021-0152 to out-reference (#1638) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 17:55:15 +11:00
Nugine
84b7ddd280 out_reference::Out::from_raw should be unsafe (#1627) 
* `out_reference::Out::from_raw` should be `unsafe`

* Update crates/out-reference/RUSTSEC-0000-0000.md

Adjust date when it was reported

* Minor fix

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-03-12 17:51:05 +11:00
github-actions[bot]
ffe539ba4d Assigned RUSTSEC-2021-0150 to ncollide3d, RUSTSEC-2021-0151 to ncollide2d (#1637) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 17:47:41 +11:00
damienrg
220fa87130 Add unmaintained advisory for ncollide (#1623) 
There is no activity since March 2022 and the maintainer has advised
that this crate is passively-maintained since January 2021.
 2023-03-12 09:40:47 +11:00
github-actions[bot]
bb831bb8d2 Assigned RUSTSEC-2021-0148 to nphysics3d, RUSTSEC-2021-0149 to nphysics2d (#1636) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 09:34:14 +11:00
damienrg
1d79443ae8 Add unmaintained advisory for nphysics (#1624) 
There is no activity since July 2021 and the maintainer has advised
that this crate is passively-maintained since January 2021.
 2023-03-12 09:32:03 +11:00
github-actions[bot]
292b3a8437 Assigned RUSTSEC-2023-0019 to kuchiki (#1634) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-03-07 12:56:33 +01:00
sidunder
31bfe7f68c Add unmaintained advisory kuchiki (#1632) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-07 12:55:41 +01:00
github-actions[bot]
b170dda7f8 Assigned RUSTSEC-2023-0018 to remove_dir_all (#1629) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-04 21:50:30 +00:00
Alexander Kjäll
85d45d26e1 remove_dir_all have TOCTOU race condition (#1628) 
* remove_dir_all have TOCTOU race condition
reported in GHSA-mc8h-8q98-g5hr

* Replace GHSA description with an excerpt form upstream changelog, add GHSA to references

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-03-04 21:49:41 +00:00
github-actions[bot]
8124c2ef69 Assigned RUSTSEC-2023-0017 to maligned (#1626) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-04 02:16:44 +00:00
Nugine
94f44e826b maligned::align_first causes incorrect deallocation (#1625) 2023-03-04 02:15:19 +00:00
github-actions[bot]
9a5b100802 Assigned RUSTSEC-2023-0016 to partial_sort (#1622) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-02-25 18:11:27 +01:00
Niklas Fiekas
6761c6902d Add informational advisory for partial_sort out-of-bounds read (#1617) 2023-02-25 18:04:48 +01:00
github-actions[bot]
81e6e5a8e1 Assigned RUSTSEC-2022-0091 to tauri (#1621) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-02-25 16:16:50 +01:00
github-actions[bot]
bf247555bd Assigned RUSTSEC-2023-0015 to ascii (#1619) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-02-25 16:13:09 +01:00
sidunder
eadc6fea9e Add advisory Tauri filesystem scope bypass (#1571) 
* Add advisory Tauri filesystem scope bypass

* Fix version ranges

---------

Co-authored-by: sidunder <sidunder@users.noreply.github.com>
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-02-25 15:31:37 +01:00
Kisaragi
6e74bc0d18 Add ascii advisory (#1618) 
* Add ascii advisory

* Strip unnecessary comments

* Fix version range specification and category

* Change fixed version specification to `>= 0.9.3`

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-02-25 15:30:18 +01:00
github-actions[bot]
0e63414bd1 Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-02-14 07:38:31 -05:00
sidunder
1a941a3d4c Add sqlite advisory (#1599) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-02-14 07:38:01 -05:00
github-actions[bot]
1942528507 Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-02-14 07:37:53 -05:00
Alex Martens
90f7279a2f Add soundness advisory for cortex-m-rt (#1601) 2023-02-14 07:37:12 -05:00
Robert Bartlensky
c536da77d7 Update RUSTSEC-2020-0097.md (#1600) 
This issue has been patched in versions >=v1.0 (see [comment]).

[comment]: https://github.com/rust-x-bindings/rust-xcb/issues/93#issuecomment-966921127
 2023-02-13 15:34:01 +01:00