OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 10:40:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,763 Commits 1 Branch 0 Tags
7fb3fd2a297ec75d66701c87f5a5acebf41ff55b
Commit Graph

1203 Commits

Author SHA1 Message Date
pinkforest(she/her)
7fb3fd2a29 Add unmaintained rusttype (#1388) 2022-08-31 04:36:44 +10:00
github-actions[bot]
cd616654ec Assigned RUSTSEC-2020-0165 to mozjpeg (#1396) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-31 04:35:26 +10:00
pinkforest(she/her)
cc892a6a6f Add unsound mozjpeg (#1389) 2022-08-31 04:35:03 +10:00
github-actions[bot]
f56c70041a Assigned RUSTSEC-2020-0164 to cell-project (#1395) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-31 04:33:16 +10:00
RustyYato
ad4b62d6c1 Add unsound cell-project (#1391) 2022-08-31 04:32:42 +10:00
Alexis Mousset
df51dcdf97 Remove reference mention from description (#1393) 2022-08-28 23:00:20 +02:00
github-actions[bot]
c4d6e937dc Assigned RUSTSEC-2022-0053 to mapr (#1387) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:03:54 +10:00
pinkforest(she/her)
49290fcb90 Add unmaintained mapr (#1382) 2022-08-27 16:03:23 +10:00
github-actions[bot]
011edf4cc6 Assigned RUSTSEC-2022-0052 to os_socketaddr (#1386) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:02:35 +10:00
a-ba
2b84c61925 Add unsoundness in os_socketaddr (#1384) 2022-08-27 16:01:53 +10:00
github-actions[bot]
e0f55ed7b5 Assigned RUSTSEC-2022-0051 to lz4-sys (#1385) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-26 20:18:18 +02:00
Niklas Fiekas
e0b768ba73 lz4-sys: Forward CVE-2021-3520 (#1383) 2022-08-26 20:17:00 +02:00
Volker Mische
f42031da81 Remove mapr as alternative from RUSTSEC-2020-0077 (#1381) 
With the merge of https://github.com/RazrFalcon/memmap2-rs/pull/52 into `memmap2`,
all changes from `mapr` are ported upstream. Hence `memmap2` is now the single best
alternative.
 2022-08-25 17:09:30 +10:00
Armin Ronacher
d8b50de4d4 Added console to RUSTSEC-2021-0139 (#1380) 2022-08-22 00:16:31 +02:00
github-actions[bot]
af9781a543 Assigned RUSTSEC-2021-0139 to ansi_term (#1377) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 18:20:44 +10:00
pinkforest(she/her)
3231714ffe Add unmaintained ansi_term (#1372) 2022-08-19 18:19:41 +10:00
github-actions[bot]
d452043dbb Assigned RUSTSEC-2022-0050 to interledger-packet (#1376) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 15:34:11 +10:00
pinkforest(she/her)
7e04331f1e Add unmaintained interledger (#1369) 2022-08-19 15:33:27 +10:00
René Kijewski
b75822a011 RUSTSEC-2022-0049: recategorize as memory-exposure (#1368) 
Because of the bug random data was read, but still written into a sane
buffer.
 2022-08-17 03:08:30 +10:00
github-actions[bot]
84997ea578 Assigned RUSTSEC-2022-0049 to iana-time-zone (#1367) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-17 02:53:54 +10:00
René Kijewski
afc10f8aa1 Use after free in MacOS / iOS implementation (#1366) 
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of `CFRelease()` and `str::to_owned()`,
random memory would be copied.
 2022-08-17 02:52:54 +10:00
pinkforest(she/her)
d3eccc4072 Remove yanked 2 (#1364) 
* Remove yanked 2

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Test cache

* Cache back on

* Bump audit cache

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:38:08 +10:00
github-actions[bot]
7b8185d1df Assigned RUSTSEC-2022-0048 to xml-rs (#1365) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-15 12:13:06 +10:00
pinkforest(she/her)
4e5153b854 Add unmaintained xml-rs (#1356) 2022-08-15 12:12:16 +10:00
github-actions[bot]
9739cb7f1e Assigned RUSTSEC-2021-0138 to mz-avro (#1346) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-13 15:17:38 +10:00
Jorge Leitao
4c1283751a Added informal advisory to mz-avro (#1144) 
* Added informal advisory to mz-avro

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Updated date; fixed patch bracket; added note on unlikelyness.
 2022-08-13 15:16:44 +10:00
github-actions[bot]
3ee42e2f72 Assigned RUSTSEC-2022-0047 to oqs (#1345) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:57:37 +02:00
Thom Wiggers
e6ddcfcd98 oqs: PQC signature scheme Rainbow level I parameterset broken (#1337) 2022-08-11 15:54:17 +02:00
Thom Wiggers
cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340) 
* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose
 2022-08-11 15:45:48 +02:00
github-actions[bot]
db3a09a691 Assigned RUSTSEC-2022-0046 to rocksdb (#1344) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:30:57 +02:00
Niklas Fiekas
94e8af7c0c Add out-of-bounds read advisory for rocksdb (#1237) 2022-08-11 15:30:02 +02:00
github-actions[bot]
0846a34539 Assigned RUSTSEC-2021-0137 to sodiumoxide (#1342) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-10 14:01:59 +10:00
pinkforest(she/her)
8c0fc9759b Add sodiumoxide unmaintained (#1334) 
* Add sodiumoxide unmaintained

* dryoc url

* Add Awesome Rust Cryptography

* Address @tarcieri feedback :thumbsUp:

* Add singatory and ring

* Add Ed25519 libs
 2022-08-10 14:01:23 +10:00
github-actions[bot]
8c261ff246 Assigned RUSTSEC-2022-0045 to oqs (#1339) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-09 12:26:05 +02:00
Thom Wiggers
6629c1333a oqs: SIKE and SIDH are insecure (#1338) 2022-08-09 12:24:53 +02:00
github-actions[bot]
744a565d54 Assigned RUSTSEC-2018-0022 to temporary (#1331) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 21:03:27 +10:00
5225225
bacc597558 Add advisory for temporary (#1196) 
Thanks @5225225
 2022-08-08 21:02:14 +10:00
github-actions[bot]
19bb42eae6 Assigned RUSTSEC-2022-0044 to markdown (#1330) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 20:21:17 +10:00
Dylan Anthony
f3a8bd7e5b List markdown as unmaintained (#1191) 
* List `markdown` as unmaintained

The `markdown` crate is, naturally, the first one that comes up if you're searching crates.io for "markdown". Unfortunately, that particular crate has not received any updates since November of 2020 despite several known issues with open PRs. I opened https://github.com/johannhof/markdown.rs/issues/48 to request an update on maintenance status nearing a month ago and have no heard anything back.
 2022-08-08 20:20:28 +10:00
pinkforest(she/her)
3b3160baec Fix async-graphql patched (#1326) 2022-08-06 16:41:24 +10:00
pinkforest(she/her)
bd30502590 Move tower-http out from year 2021 (#1319) 
* Move tower-http out from year 2021

* Yank tower-http 2021
 2022-08-05 00:07:54 +02:00
github-actions[bot]
cfdc01461d Assigned RUSTSEC-2022-0043 to tower-http (#1321) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-05 00:07:43 +02:00
pinkforest(she/her)
2827f80af4 Add tower-http 2022 version (#1320) 2022-08-05 00:06:52 +02:00
github-actions[bot]
0db59724bf Assigned RUSTSEC-2022-0042 to rustdecimal (#1318) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-04 23:10:46 +02:00
pinkforest(she/her)
4f53bcba87 Add malicious crate rustdecimal (#1317) 2022-08-04 23:09:40 +02:00
Sergey "Shnatsel" Davidoff
259257927a Revert "Add advisory rustdecimal (#1312)" (#1313) 
This reverts commit 52cb9759dc.
 2022-08-04 22:29:06 +02:00
pinkforest(she/her)
52cb9759dc Add advisory rustdecimal (#1312) 2022-08-04 22:20:29 +02:00
Tony Arcieri
36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
 2022-08-04 13:52:46 -06:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00