OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
877 Commits 1 Branch 0 Tags
76a2a25ecc08489f229c3e490e258a35d2b5cc24
Commit Graph

877 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
76a2a25ecc Merge pull request #545 from dalance/add_interfaces2 
Add advisory for interfaces2
 2021-01-06 17:06:05 +01:00
github-actions[bot]
4ef9441cbd Assigned RUSTSEC-2021-0001 to mdbook (#548) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-01-04 09:50:29 -08:00
Tony Arcieri
0708242759 Bump rustsec-admin to v0.3.3 (#547) 
Should address the bug we encountered assigning an ID to the first
advisory for a given year:

https://github.com/RustSec/advisory-db/runs/1644743652
 2021-01-04 09:35:34 -08:00
Yechan Bae
846dfb93a3 Update CVE numbers (#542) 2021-01-04 09:02:59 -08:00
Pietro Albini
71c5fdb926 add CVE-2020-26297 to mdbook <= 0.4.4 (#546) 2021-01-04 07:55:43 -08:00
dalance
14a3b0cead Add advisory for interfaces2 2021-01-04 18:34:12 +09:00
Yechan Bae
79832ae026 Add CVE number for RUSTSEC-2020-0091 (#541) 2020-12-30 18:47:09 -05:00
Sergey "Shnatsel" Davidoff
65fc46c831 Merge pull request #537 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0093 to async-h1
 2020-12-18 17:22:02 +01:00
Shnatsel
06a9a03d3b Assigned RUSTSEC-2020-0093 to async-h1 2020-12-18 16:21:43 +00:00
Sergey "Shnatsel" Davidoff
34cd60013f Merge pull request #536 from jbr/async-h1-request-smuggling-unread-bodies 
File an http request smuggling advisory for async-h1 < 2.3.0
 2020-12-18 17:21:11 +01:00
Sergey "Shnatsel" Davidoff
ce0f9692ff drop commented-out fields 2020-12-18 17:21:04 +01:00
Jacob Rothstein
f8b4364f88 maybe appease linter? 2020-12-17 17:57:48 -08:00
Jacob Rothstein
fbb1d34eeb File an advisory for async-h1 < 2.3.0 2020-12-17 17:50:01 -08:00
github-actions[bot]
ac20d3a702 Assigned RUSTSEC-2020-0092 to concread (#535) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2020-12-17 14:42:35 -05:00
Youngsuk Kim
56276f96a6 Add advisory for data race in concread (#532) 2020-12-17 14:39:03 -05:00
github-actions[bot]
f64c4fc8bb Assigned RUSTSEC-2020-0091 to arc-swap (#531) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-11 10:31:21 -08:00
Michal 'vorner' Vaner
80d45a8d18 Dangling reference in arc_swap::access::Map (#530) 2020-12-11 10:09:15 -08:00
Lyndon Brown
4e0c71a0d6 Fix wrong url (#529) 
Mistake from fb2a1a6c47
 2020-12-11 06:38:51 -08:00
github-actions[bot]
189213fa5e Assigned RUSTSEC-2020-0090 to thex (#527) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:44:25 -08:00
Ammar Askar
f71bc5a6d3 Add advisory for data race in thex (#523) 2020-12-09 07:41:23 -08:00
github-actions[bot]
a043a90d0c Assigned RUSTSEC-2020-0089 to nanorand (#526) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:33:38 -08:00
aspen
e90491ebc6 Add nanorand 0.5.0 RNG weakness (#525) 2020-12-09 07:32:30 -08:00
Sergey "Shnatsel" Davidoff
0588583ef3 Merge pull request #522 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0088 to magnetic
 2020-12-08 19:56:53 +01:00
tarcieri
955ad994f1 Assigned RUSTSEC-2020-0088 to magnetic 2020-12-07 17:34:10 +00:00
Yechan Bae
bd3cb8dd83 Report 0050-magnetic to RustSec (#519) 2020-12-07 09:33:32 -08:00
github-actions[bot]
f17cd12f02 Assigned RUSTSEC-2020-0087 to try-mutex (#521) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:33:02 -08:00
Yechan Bae
639d1b1be1 Report 0047-try-mutex to RustSec (#517) 2020-12-07 09:27:27 -08:00
github-actions[bot]
ed9dba3262 Assigned RUSTSEC-2020-0083 to safe_app, RUSTSEC-2020-0084 to safe_authenticator, RUSTSEC-2020-0085 to safe_vault, RUSTSEC-2020-0086 to safe_core (#520) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:22:02 -08:00
Stephen Coyle
61d315ae6f Renamed crates (#518) 
- `safe_core` has been renamed to `sn_client`
- `safe_app` has been superseded by `sn_client`
- `safe_authenticator` has been superseded by `sn_client`.
- `safe_vault` has been renamed to `sn_node`.
 2020-12-07 09:17:30 -08:00
Yechan Bae
a24932e220 Update example advisory text (#513) 2020-12-07 07:31:37 -08:00
Matt Brubeck
dec05d79ab Minor changes to wording of RUSTSEC-2020-0082 (#516) 
This clarifies that UB can happen during unwinding, and not only after
catching a panic.
 2020-12-06 15:25:23 -05:00
Sergey "Shnatsel" Davidoff
69bdf5ecf7 Merge pull request #515 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0082 to ordered-float
 2020-12-06 21:11:40 +01:00
Shnatsel
65c6ad732d Assigned RUSTSEC-2020-0082 to ordered-float 2020-12-06 20:11:29 +00:00
Sergey "Shnatsel" Davidoff
f5888cb3ee Merge pull request #514 from mbrubeck/ordered-float 
ordered_float:NotNan may contain NaN after unwinding in assignment operators
 2020-12-06 21:10:58 +01:00
Matt Brubeck
1b49d499c4 ordered_float:NotNan may contain NaN after unwinding in assignment operators 
After using an assignment operators such as `NotNan::add_assign`,
`NotNan::mul_assign`, etc., it was possible for the resulting `NotNan`
value to contain a `NaN`.  This could cause undefined behavior in safe
code, because the safe `NotNan::cmp` method contains internal unsafe
code that assumes the value is never `NaN`.  (It could also cause
undefined behavior in third-party unsafe code that makes the same
assumption, as well as logic errors in safe code.)

This was mitigated starting in version 0.4.0, by panicking if the
assigned value is NaN.  However, in affected versions from 0.4.0 onward,
code that continued after using unwinding to catch this panic could
still observe the invalid value and trigger undefined behavior.

The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring
that the assignment operators panic without modifying the operand, if
the result would be `NaN`.

Fix details:

https://github.com/reem/rust-ordered-float/pull/20
https://github.com/reem/rust-ordered-float/pull/71
 2020-12-06 12:07:22 -08:00
Sergey "Shnatsel" Davidoff
3ea0b300a3 Merge pull request #510 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0081 to mio
 2020-12-03 00:54:31 +01:00
Shnatsel
af8dc79e89 Assigned RUSTSEC-2020-0081 to mio 2020-12-02 23:54:17 +00:00
Sergey "Shnatsel" Davidoff
d984be9fa4 Merge pull request #509 from faern/mio-socketaddr 
Add advisory on mio SocketAddr casting
 2020-12-03 00:53:47 +01:00
Linus Färnstrand
3d7ea41f31 Add unaffected field for older mio 2020-12-03 00:51:55 +01:00
Linus Färnstrand
5f0bbd36c1 Add advisory on mio SocketAddr casting 2020-12-03 00:46:32 +01:00
Sergey "Shnatsel" Davidoff
abbf24473b Merge pull request #508 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0080 to miow
 2020-12-03 00:45:54 +01:00
Shnatsel
548b170bba Assigned RUSTSEC-2020-0080 to miow 2020-12-02 23:44:19 +00:00
Sergey "Shnatsel" Davidoff
33df676a24 Merge pull request #507 from faern/miow-socketaddr 
Add advisory on miow SocketAddr casting
 2020-12-03 00:43:50 +01:00
Linus Färnstrand
6484507a67 Add advisory on miow SocketAddr casting 2020-12-03 00:41:13 +01:00
Sergey "Shnatsel" Davidoff
0eebb486a9 Merge pull request #506 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0079 to socket2
 2020-12-03 00:40:45 +01:00
Shnatsel
7fb2641888 Assigned RUSTSEC-2020-0079 to socket2 2020-12-02 23:37:25 +00:00
Sergey "Shnatsel" Davidoff
d5a9e41daa Merge pull request #505 from faern/socket2-socketaddr 
Add advisory on socket2 about casting SocketAddr
 2020-12-03 00:36:58 +01:00
Linus Färnstrand
83b9bfa55a Add advisory on socket2 about casting SocketAddr 2020-12-03 00:33:07 +01:00
Sergey "Shnatsel" Davidoff
2fc7176464 Merge pull request #504 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0078 to net2
 2020-12-03 00:23:08 +01:00
Shnatsel
3fafefc320 Assigned RUSTSEC-2020-0078 to net2 2020-12-02 23:22:49 +00:00