OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
469 Commits 1 Branch 0 Tags
7797133c67a2fe6594338acdd00a77903563dcb6
Commit Graph

469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
7797133c67 Add CVE mapping 2020-03-18 17:15:13 +01:00
Tony Arcieri
f9beae30a9 Merge pull request #244 from RustSec/RUSTSEC-2016-0005/md5-is-legacy 
RUSTSEC-2016-0005: move `md-5` crate to legacy algorithms
 2020-03-15 15:45:06 -07:00
Tony Arcieri
1880f0baf8 RUSTSEC-2016-0005: move md-5 crate to legacy algorithms 
https://www.kb.cert.org/vuls/id/836068/
 2020-03-15 15:43:02 -07:00
Tony Arcieri
a6dfe7ff88 Merge pull request #243 from stroxler/patch-1 
Add `md5` to RustCrypto digest crates
 2020-03-15 15:41:24 -07:00
Steven Troxler
b02ff94044 Add md5 to RustCrypto digest algorithms 
When migrating a codebase off of rust-crypto, I encountered a few uses of the md5 digest, and realized that it was missing from this advisory. Since deprecations are good onboarding tasks for folks new to rust (like me), I figured it would be helpful to explicitly state here that RustCrypto has an `md-5` crate you can use as (almost) a drop-in replacement
 2020-03-14 14:32:08 -07:00
Tony Arcieri
88461fc18f Merge pull request #242 from RustSec/RUSTSEC-2019-0031/add-link-to-spinning-top 
RUSTSEC-2019-0031: add link to `spinning_top`
 2020-03-13 09:54:03 -07:00
Tony Arcieri
ee50344262 RUSTSEC-2019-0031: add link to spinning_top 2020-03-13 09:05:42 -07:00
Tony Arcieri
19196c2936 Merge pull request #238 from RustSec/migrate-rust-advisories-to-v2-format 
Migrate `rust/` advisories to V2 format
 2020-03-01 12:11:53 -08:00
Tony Arcieri
f0ee46e990 Migrate rust/ advisories to V2 format 
The migration in #236 only handled the `crates/` advisories, not the
ones in `rust/`.

This commit completes the migration.
 2020-03-01 12:10:57 -08:00
Tony Arcieri
5165b5f215 Merge pull request #239 from RustSec/fix-rustsec-admin-caching 
.github: fix rustsec-admin install caching
 2020-03-01 12:10:36 -08:00
Tony Arcieri
ce7810963c .github: fix rustsec-admin install caching 
Fixes use of the cached `rustsec-admin` binary, which was added in #237
 2020-03-01 12:08:37 -08:00
Tony Arcieri
35fe84ed86 Merge pull request #237 from RustSec/cache-rustsec-admin-install 
.github: cache installation of rustsec-admin
 2020-03-01 11:11:15 -08:00
Tony Arcieri
38626513a9 .github: cache installation of rustsec-admin 2020-03-01 11:03:23 -08:00
Tony Arcieri
3d7688c538 Merge pull request #236 from RustSec/migrate-to-v2-format 
Migrate all advisories to V2 format (closes #228)
 2020-03-01 10:57:52 -08:00
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Tony Arcieri
c54e93a581 Merge pull request #232 from RustSec/fix-linking-errors 
Fix broken/malformatted outbound links
 2020-01-27 08:02:27 -08:00
Tony Arcieri
df7657d332 Fix broken/malformatted outbound links 2020-01-27 07:52:31 -08:00
Tony Arcieri
a6d99fb52e Merge pull request #231 from RustSec/RUSTSEC-2020-0004 
Assign RUSTSEC-2020-0004 to lucet-runtime-internals
 2020-01-27 07:30:39 -08:00
Tony Arcieri
d8e872fd93 Assign RUSTSEC-2020-0004 to lucet-runtime-internals 
Original PR: https://github.com/RustSec/advisory-db/pull/229
 2020-01-27 07:19:15 -08:00
Tony Arcieri
723abd4d2b Merge pull request #229 from jfoote/master 
Add lucet-runtime-internals sigstack allocation vuln advisory
 2020-01-27 07:18:20 -08:00
Tony Arcieri
81d10a945b Merge pull request #230 from RustSec/RUSTSEC-2020-0003 
Assign RUSTSEC-2020-0003 (informational) to rust_sodium
 2020-01-27 07:17:37 -08:00
Tony Arcieri
2b82281e54 Assign RUSTSEC-2020-0003 (informational) to rust_sodium 
Original PR: https://github.com/RustSec/advisory-db/pull/225
 2020-01-27 07:09:23 -08:00
Tony Arcieri
5d16b10103 Merge pull request #225 from S-Coyle/rust_sodium 
Add unmaintained crate informational advisory: rust_sodium
 2020-01-27 07:06:13 -08:00
Tony Arcieri
e5eeccda02 Merge branch 'master' into rust_sodium 2020-01-27 06:44:52 -08:00
Jonathan Foote
0271003e2e Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:36:06 -05:00
Jonathan Foote
3f1f71de9b Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:35:58 -05:00
Jonathan Foote
f8ff9cfc6f Add lucet-runtime-internals sigstack allocation vuln advisory 2020-01-24 15:27:56 -05:00
Stephen Coyle
b300fa84d7 Add unmaintained crate informational advisory: rust_sodium 2020-01-21 12:17:20 +00:00
Tony Arcieri
b88eb18c3b Merge pull request #227 from RustSec/RUSTSEC-2018-0016 
Assign RUSTSEC-2018-0016 to quickersort
 2020-01-20 07:18:00 -08:00
Tony Arcieri
17e82e13d6 Assign RUSTSEC-2018-0016 to quickersort 
Original PR: https://github.com/RustSec/advisory-db/pull/210
 2020-01-20 07:05:35 -08:00
Tony Arcieri
e78d311ee1 Merge pull request #210 from EmbarkStudios/quickersort 
Add advisory for deprecated/unmaintained quickersort
 2020-01-20 06:37:58 -08:00
Tony Arcieri
9fb65308a6 Merge pull request #224 from RustSec/RUSTSEC-2016-0005/add-note-about-rust-crypto-crate-vs-org 
RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto
 2020-01-19 11:37:20 -08:00
Tony Arcieri
e30a06a6b2 RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto 
The `rust-crypto` crate and RustCrypto org have confusingly similar
names, which has caused confusion about this advisory in practice:

https://www.reddit.com/r/rust/comments/e29sxc/ann_rustcryptoaead_v020_heapless_symmetric_aead/f8ujyxm/

This commit adds a small note to disambiguate them and note that
RustCrypto-the-GitHub-org is still maintained.
 2020-01-19 11:07:44 -08:00
Johan Andersson
8b0725132b Fix typo 
Co-Authored-By: Randy Taylor <tehgecKozzz@gmail.com>
 2020-01-17 22:17:06 +01:00
Tony Arcieri
3aa5df1bbc Merge pull request #223 from RustSec/RUSTSEC-2020-0002 
Assign RUSTSEC-2020-0002 to prost
 2020-01-16 13:50:07 -08:00
Tony Arcieri
a5b6099b9d Assign RUSTSEC-2020-0002 to prost 
Original PR: https://github.com/RustSec/advisory-db/pull/222
 2020-01-16 12:52:00 -08:00
Tony Arcieri
35c829803e Merge pull request #222 from dbrgn/prost-stackoverflow 
Add advisory for prost stack overflow
 2020-01-16 12:50:53 -08:00
Danilo Bargen
7a0d254bbe fixup! Add advisory for prost stack overflow 2020-01-16 20:23:41 +01:00
Danilo Bargen
57f553ee45 Add advisory for prost stack overflow 2020-01-16 20:22:21 +01:00
Tony Arcieri
4d051434f0 Merge pull request #221 from roy-work/roy/fix-http-affected-ranges 
Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20
 2020-01-09 14:56:31 -05:00
Roy Wellington Ⅳ
200651cff2 Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 
I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: https://github.com/hyperium/http/issues/352
In that bug, the fixing PR was https://github.com/hyperium/http/pull/360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: 81ceb611cf

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http #354 and http #355.

For the first: the issue: https://github.com/hyperium/http/issues/354
In that bug, the fixing PR was https://github.com/hyperium/http/pull/357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: 82d53dbdfd

For the second: the issue: https://github.com/hyperium/http/issues/355
In that bug, the fixing PR was https://github.com/hyperium/http/pull/362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: 8ffe094df1
 2020-01-09 12:20:27 -05:00
Tony Arcieri
289948245e Merge pull request #220 from RustSec/RUSTSEC-2019-0034 
Assign RUSTSEC-2019-0034 to http
 2020-01-09 12:09:54 -05:00
Tony Arcieri
526892a193 Assign RUSTSEC-2019-0034 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/218
 2020-01-09 11:24:52 -05:00
Tony Arcieri
2aad27e243 Merge pull request #218 from Qwaz/http2 
Add advisory for hyperium/http/issues/354,355
 2020-01-09 11:20:19 -05:00
Tony Arcieri
52e0b4e186 Merge branch 'master' into http2 2020-01-09 10:49:26 -05:00
Tony Arcieri
f35bd92631 Merge pull request #219 from RustSec/RUSTSEC-2019-0033 
Assign RUSTSEC-2019-0033 to http
 2020-01-09 10:49:07 -05:00
Tony Arcieri
0e59ecb72d Assign RUSTSEC-2019-0033 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/217
 2020-01-09 10:37:55 -05:00
Tony Arcieri
8c9c29bbb7 Merge pull request #217 from Qwaz/http1 
Add advisory for hyperium/http/issues/352
 2020-01-09 10:27:46 -05:00
Yechan Bae
ba2df66b30 hyperium/http/issues/354,355 2020-01-09 00:48:06 -05:00
Yechan Bae
36b8de692c hyperium/http/issues/352 2020-01-09 00:45:59 -05:00