OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
490 Commits 1 Branch 0 Tags
91eed8534666cc93b27fd06bf768d1eb4e28e6ee
Commit Graph

490 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Demi M. Obenour
91eed85346 Note that another vulnerability is needed for RCE 
Also make some trivial changes to pass the linter.
 2020-03-30 18:59:14 -04:00
Demi M. Obenour
8b6786f78c Merge branch 'master' into smuggling 2020-03-30 18:38:47 -04:00
Tony Arcieri
81193d1dba Merge pull request #254 from RustSec/RUSTSEC-2020-0007 
Assign RUSTSEC-2020-0007 to bitvec
 2020-03-30 12:48:39 -07:00
Tony Arcieri
4de36fe70a Assign RUSTSEC-2020-0007 to bitvec 
Original PR: https://github.com/RustSec/advisory-db/pull/253
 2020-03-30 12:45:16 -07:00
Tony Arcieri
f37a7bf90a Merge pull request #253 from myrrlyn/master 
Report memory management error in `bitvec`
 2020-03-30 11:02:11 -07:00
Alexander Payne
70389f6a25 Report memory management error in bitvec 
See myrrlyn/bitvec#55
 2020-03-27 16:10:15 -06:00
Tony Arcieri
de905c8bfe Merge pull request #252 from RustSec/RUSTSEC-2020-0006 
Assign RUSTSEC-2020-0006 to bumpalo
 2020-03-24 14:56:30 -07:00
Tony Arcieri
ab9cad4eba Assign RUSTSEC-2020-0006 to bumpalo 
Original PR: https://github.com/RustSec/advisory-db/pull/251
 2020-03-24 14:21:56 -07:00
Tony Arcieri
a6d2cc87a2 Merge pull request #251 from fitzgen/patch-1 
bumpalo: Report memory exposure bug in realloc
 2020-03-24 14:14:50 -07:00
Nick Fitzgerald
2a32306fa8 bumpalo: Report memory exposure bug in realloc 2020-03-24 14:12:17 -07:00
Tony Arcieri
ae3627d1a9 Merge pull request #250 from djc/template-cvss 
Mention CVSS field in template (see #248)
 2020-03-24 07:40:04 -07:00
Dirkjan Ochtman
3c71342be3 Mention CVSS field in template (see #248) 2020-03-24 15:36:32 +01:00
Tony Arcieri
e00d8ad965 Merge pull request #249 from RustSec/RUSTSEC-2020-0005 
Assign RUSTSEC-2020-0005 to cbox
 2020-03-23 09:33:34 -07:00
Tony Arcieri
da46c54637 Assign RUSTSEC-2020-0005 to cbox 
Original PR: https://github.com/RustSec/advisory-db/pull/246
 2020-03-23 09:25:44 -07:00
Tony Arcieri
9d4cdd5ebd Merge pull request #246 from eduardosm/cbox 
Add advisory for cbox
 2020-03-23 09:13:32 -07:00
Tony Arcieri
d99e1f9c94 Merge branch 'master' into cbox 2020-03-23 09:09:25 -07:00
Tony Arcieri
40077b6e77 Merge pull request #247 from rockstar/fix/adjust-patched-flatbuffers-version 
fix: update patched version for 2019-0028
 2020-03-21 19:23:49 -07:00
Paul Hummer
ca7a01db12 fix: update patched version for 2019-0028 
This patch updates the `RUSTSEC-2019-0028` advisory to show a patched
version is available. The patch was added [in PR 5554](https://github.com/google/flatbuffers/pull/5554),
and released with version `0.6.1`.
 2020-03-19 15:46:22 -06:00
Eduardo Sánchez Muñoz
ce9b3be5b3 Add advisory for cbox 2020-03-19 20:23:50 +01:00
Demi M. Obenour
0d7868ccb9 Add hyper request smuggling vulnerability 2020-03-19 11:41:39 -04:00
Tony Arcieri
b7d6d4ae35 Merge pull request #245 from RustSec/cve-mapping 
Add CVE mapping
 2020-03-18 09:34:35 -07:00
Sergey "Shnatsel" Davidoff
7797133c67 Add CVE mapping 2020-03-18 17:15:13 +01:00
Tony Arcieri
f9beae30a9 Merge pull request #244 from RustSec/RUSTSEC-2016-0005/md5-is-legacy 
RUSTSEC-2016-0005: move `md-5` crate to legacy algorithms
 2020-03-15 15:45:06 -07:00
Tony Arcieri
1880f0baf8 RUSTSEC-2016-0005: move md-5 crate to legacy algorithms 
https://www.kb.cert.org/vuls/id/836068/
 2020-03-15 15:43:02 -07:00
Tony Arcieri
a6dfe7ff88 Merge pull request #243 from stroxler/patch-1 
Add `md5` to RustCrypto digest crates
 2020-03-15 15:41:24 -07:00
Steven Troxler
b02ff94044 Add md5 to RustCrypto digest algorithms 
When migrating a codebase off of rust-crypto, I encountered a few uses of the md5 digest, and realized that it was missing from this advisory. Since deprecations are good onboarding tasks for folks new to rust (like me), I figured it would be helpful to explicitly state here that RustCrypto has an `md-5` crate you can use as (almost) a drop-in replacement
 2020-03-14 14:32:08 -07:00
Tony Arcieri
88461fc18f Merge pull request #242 from RustSec/RUSTSEC-2019-0031/add-link-to-spinning-top 
RUSTSEC-2019-0031: add link to `spinning_top`
 2020-03-13 09:54:03 -07:00
Tony Arcieri
ee50344262 RUSTSEC-2019-0031: add link to spinning_top 2020-03-13 09:05:42 -07:00
Tony Arcieri
19196c2936 Merge pull request #238 from RustSec/migrate-rust-advisories-to-v2-format 
Migrate `rust/` advisories to V2 format
 2020-03-01 12:11:53 -08:00
Tony Arcieri
f0ee46e990 Migrate rust/ advisories to V2 format 
The migration in #236 only handled the `crates/` advisories, not the
ones in `rust/`.

This commit completes the migration.
 2020-03-01 12:10:57 -08:00
Tony Arcieri
5165b5f215 Merge pull request #239 from RustSec/fix-rustsec-admin-caching 
.github: fix rustsec-admin install caching
 2020-03-01 12:10:36 -08:00
Tony Arcieri
ce7810963c .github: fix rustsec-admin install caching 
Fixes use of the cached `rustsec-admin` binary, which was added in #237
 2020-03-01 12:08:37 -08:00
Tony Arcieri
35fe84ed86 Merge pull request #237 from RustSec/cache-rustsec-admin-install 
.github: cache installation of rustsec-admin
 2020-03-01 11:11:15 -08:00
Tony Arcieri
38626513a9 .github: cache installation of rustsec-admin 2020-03-01 11:03:23 -08:00
Tony Arcieri
3d7688c538 Merge pull request #236 from RustSec/migrate-to-v2-format 
Migrate all advisories to V2 format (closes #228)
 2020-03-01 10:57:52 -08:00
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Tony Arcieri
c54e93a581 Merge pull request #232 from RustSec/fix-linking-errors 
Fix broken/malformatted outbound links
 2020-01-27 08:02:27 -08:00
Tony Arcieri
df7657d332 Fix broken/malformatted outbound links 2020-01-27 07:52:31 -08:00
Tony Arcieri
a6d99fb52e Merge pull request #231 from RustSec/RUSTSEC-2020-0004 
Assign RUSTSEC-2020-0004 to lucet-runtime-internals
 2020-01-27 07:30:39 -08:00
Tony Arcieri
d8e872fd93 Assign RUSTSEC-2020-0004 to lucet-runtime-internals 
Original PR: https://github.com/RustSec/advisory-db/pull/229
 2020-01-27 07:19:15 -08:00
Tony Arcieri
723abd4d2b Merge pull request #229 from jfoote/master 
Add lucet-runtime-internals sigstack allocation vuln advisory
 2020-01-27 07:18:20 -08:00
Tony Arcieri
81d10a945b Merge pull request #230 from RustSec/RUSTSEC-2020-0003 
Assign RUSTSEC-2020-0003 (informational) to rust_sodium
 2020-01-27 07:17:37 -08:00
Tony Arcieri
2b82281e54 Assign RUSTSEC-2020-0003 (informational) to rust_sodium 
Original PR: https://github.com/RustSec/advisory-db/pull/225
 2020-01-27 07:09:23 -08:00
Tony Arcieri
5d16b10103 Merge pull request #225 from S-Coyle/rust_sodium 
Add unmaintained crate informational advisory: rust_sodium
 2020-01-27 07:06:13 -08:00
Tony Arcieri
e5eeccda02 Merge branch 'master' into rust_sodium 2020-01-27 06:44:52 -08:00
Jonathan Foote
0271003e2e Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:36:06 -05:00
Jonathan Foote
3f1f71de9b Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:35:58 -05:00
Jonathan Foote
f8ff9cfc6f Add lucet-runtime-internals sigstack allocation vuln advisory 2020-01-24 15:27:56 -05:00
Stephen Coyle
b300fa84d7 Add unmaintained crate informational advisory: rust_sodium 2020-01-21 12:17:20 +00:00
Tony Arcieri
b88eb18c3b Merge pull request #227 from RustSec/RUSTSEC-2018-0016 
Assign RUSTSEC-2018-0016 to quickersort
 2020-01-20 07:18:00 -08:00