OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,763 Commits 1 Branch 0 Tags
7fb3fd2a297ec75d66701c87f5a5acebf41ff55b
Commit Graph

1763 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
pinkforest(she/her)
7fb3fd2a29 Add unmaintained rusttype (#1388) 2022-08-31 04:36:44 +10:00
github-actions[bot]
cd616654ec Assigned RUSTSEC-2020-0165 to mozjpeg (#1396) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-31 04:35:26 +10:00
pinkforest(she/her)
cc892a6a6f Add unsound mozjpeg (#1389) 2022-08-31 04:35:03 +10:00
github-actions[bot]
f56c70041a Assigned RUSTSEC-2020-0164 to cell-project (#1395) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-31 04:33:16 +10:00
RustyYato
ad4b62d6c1 Add unsound cell-project (#1391) 2022-08-31 04:32:42 +10:00
Alexis Mousset
df51dcdf97 Remove reference mention from description (#1393) 2022-08-28 23:00:20 +02:00
Sergey "Shnatsel" Davidoff
d998cb999d bump rustsec-admin to 0.8.2 in web workflow (#1392) 2022-08-28 13:42:04 +02:00
github-actions[bot]
c4d6e937dc Assigned RUSTSEC-2022-0053 to mapr (#1387) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:03:54 +10:00
pinkforest(she/her)
49290fcb90 Add unmaintained mapr (#1382) 2022-08-27 16:03:23 +10:00
github-actions[bot]
011edf4cc6 Assigned RUSTSEC-2022-0052 to os_socketaddr (#1386) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:02:35 +10:00
a-ba
2b84c61925 Add unsoundness in os_socketaddr (#1384) 2022-08-27 16:01:53 +10:00
github-actions[bot]
e0f55ed7b5 Assigned RUSTSEC-2022-0051 to lz4-sys (#1385) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-26 20:18:18 +02:00
Niklas Fiekas
e0b768ba73 lz4-sys: Forward CVE-2021-3520 (#1383) 2022-08-26 20:17:00 +02:00
Volker Mische
f42031da81 Remove mapr as alternative from RUSTSEC-2020-0077 (#1381) 
With the merge of https://github.com/RazrFalcon/memmap2-rs/pull/52 into `memmap2`,
all changes from `mapr` are ported upstream. Hence `memmap2` is now the single best
alternative.
 2022-08-25 17:09:30 +10:00
Armin Ronacher
d8b50de4d4 Added console to RUSTSEC-2021-0139 (#1380) 2022-08-22 00:16:31 +02:00
github-actions[bot]
af9781a543 Assigned RUSTSEC-2021-0139 to ansi_term (#1377) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 18:20:44 +10:00
pinkforest(she/her)
3231714ffe Add unmaintained ansi_term (#1372) 2022-08-19 18:19:41 +10:00
github-actions[bot]
d452043dbb Assigned RUSTSEC-2022-0050 to interledger-packet (#1376) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 15:34:11 +10:00
pinkforest(she/her)
7e04331f1e Add unmaintained interledger (#1369) 2022-08-19 15:33:27 +10:00
dependabot[bot]
811c7c256c Bump peter-evans/create-pull-request from 3 to 4 (#1375) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:31 -06:00
dependabot[bot]
57c8f476a1 Bump actions/checkout from 2 to 3 (#1374) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:18 -06:00
dependabot[bot]
b562a37254 Bump actions/cache from 1 to 3 (#1373) 
Bumps [actions/cache](https://github.com/actions/cache) from 1 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:03 -06:00
LingMan
f3cc4cd03e Add a dependabot config (#1371) 
Dependabot will watch the workflow files in .github/workflows and
automatically file PRs if there are updates available for any of the used
Actions.
 2022-08-18 07:44:02 -06:00
pinkforest(she/her)
863d0e654f Document empty versions (#1370) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-18 14:30:36 +10:00
René Kijewski
b75822a011 RUSTSEC-2022-0049: recategorize as memory-exposure (#1368) 
Because of the bug random data was read, but still written into a sane
buffer.
 2022-08-17 03:08:30 +10:00
github-actions[bot]
84997ea578 Assigned RUSTSEC-2022-0049 to iana-time-zone (#1367) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-17 02:53:54 +10:00
René Kijewski
afc10f8aa1 Use after free in MacOS / iOS implementation (#1366) 
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of `CFRelease()` and `str::to_owned()`,
random memory would be copied.
 2022-08-17 02:52:54 +10:00
pinkforest(she/her)
8bf0011f39 Document withdrawn (#1355) 
* Document yanked and withdrawn

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Yank the yanked

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:40:50 +10:00
pinkforest(she/her)
d3eccc4072 Remove yanked 2 (#1364) 
* Remove yanked 2

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Test cache

* Cache back on

* Bump audit cache

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:38:08 +10:00
github-actions[bot]
7b8185d1df Assigned RUSTSEC-2022-0048 to xml-rs (#1365) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-15 12:13:06 +10:00
pinkforest(she/her)
4e5153b854 Add unmaintained xml-rs (#1356) 2022-08-15 12:12:16 +10:00
pinkforest(she/her)
fd7df6ae1c Bump rustsec-admin deprecate yanked (#1363) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-14 18:44:13 -06:00
pinkforest(she/her)
15d6985304 Document references field (#1354) 
* Add references to README.md example

* TOML syntax

* Comment out optional field

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-15 03:55:18 +10:00
pinkforest(she/her)
d86ec54729 Document the Markdown in README example (#1352) 
* Explain the Markdown in README example

* Proper LF
 2022-08-15 03:54:21 +10:00
github-actions[bot]
9739cb7f1e Assigned RUSTSEC-2021-0138 to mz-avro (#1346) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-13 15:17:38 +10:00
Jorge Leitao
4c1283751a Added informal advisory to mz-avro (#1144) 
* Added informal advisory to mz-avro

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Updated date; fixed patch bracket; added note on unlikelyness.
 2022-08-13 15:16:44 +10:00
Sergey "Shnatsel" Davidoff
d052179237 Advertise GHSA integrations, add more tools (#1343) 2022-08-12 18:42:03 +02:00
github-actions[bot]
3ee42e2f72 Assigned RUSTSEC-2022-0047 to oqs (#1345) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:57:37 +02:00
Thom Wiggers
e6ddcfcd98 oqs: PQC signature scheme Rainbow level I parameterset broken (#1337) 2022-08-11 15:54:17 +02:00
Thom Wiggers
cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340) 
* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose
 2022-08-11 15:45:48 +02:00
github-actions[bot]
db3a09a691 Assigned RUSTSEC-2022-0046 to rocksdb (#1344) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:30:57 +02:00
Niklas Fiekas
94e8af7c0c Add out-of-bounds read advisory for rocksdb (#1237) 2022-08-11 15:30:02 +02:00
Andrew Chin
dda8c048b6 Updated README with info on informational advisories (#1341) 2022-08-10 08:19:00 -06:00
github-actions[bot]
0846a34539 Assigned RUSTSEC-2021-0137 to sodiumoxide (#1342) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-10 14:01:59 +10:00
pinkforest(she/her)
8c0fc9759b Add sodiumoxide unmaintained (#1334) 
* Add sodiumoxide unmaintained

* dryoc url

* Add Awesome Rust Cryptography

* Address @tarcieri feedback :thumbsUp:

* Add singatory and ring

* Add Ed25519 libs
 2022-08-10 14:01:23 +10:00
github-actions[bot]
8c261ff246 Assigned RUSTSEC-2022-0045 to oqs (#1339) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-09 12:26:05 +02:00
Thom Wiggers
6629c1333a oqs: SIKE and SIDH are insecure (#1338) 2022-08-09 12:24:53 +02:00
Sergey "Shnatsel" Davidoff
a8ebada593 bump rustsec-admin in publish-web workflow (#1335) 
Required for the changes from https://github.com/rustsec/rustsec/pull/633 to propagate
 2022-08-09 00:30:49 +02:00
Sergey "Shnatsel" Davidoff
c5864c24b5 Fix "ghost" ID assignment PRs (#1332) 2022-08-08 16:21:09 +02:00
github-actions[bot]
744a565d54 Assigned RUSTSEC-2018-0022 to temporary (#1331) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 21:03:27 +10:00