OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-02 17:46:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
365 Commits 1 Branch 0 Tags
9a304ea2c69c825c42bcda6bab843c19cf0db6ce
Commit Graph

154 Commits

Author SHA1 Message Date
Tony Arcieri
3bcb5ab774 Assign RUSTSEC-2016-0005 (informational) to rust-crypto 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/181
 2019-10-08 10:48:35 -07:00
Tony Arcieri
24df24afec Add unmaintained crate informational advisory: rust-crypto 
No releases since May 2016, no commits since September 2016, with
62 open issues and 37 open PRs.

Author is unresponsive:

https://github.com/DaGenix/rust-crypto/issues/440

Advisory includes a large list of maintained "successor" crates:
`rust-crypto` was a kitchen sink of functionality, so the advisory
contains a list of potential successor crates each with an
algorithm-by-algorithm breakdown of what they support.
 2019-10-08 10:45:01 -07:00
Tony Arcieri
1092f100f6 Assign RUSTSEC-2018-0015 (informational) to term 
Marking as looking for a new maintainer per:

https://github.com/RustSec/advisory-db/pull/182
 2019-10-08 10:28:47 -07:00
Tony Arcieri
422e3d6514 Add unmaintained crate informational advisory: term 
The author of `term`, @Stebalien, has opened the following GitHub issue
looking for a new maintainer:

https://github.com/Stebalien/term/issues/93

Ideally we can help find one by increasing visibility on this issue.
Otherwise this advisory includes a list of possible alternatives.
 2019-10-08 10:22:23 -07:00
Tony Arcieri
5b35b71cf7 Add patched_versions to informational advisories 
Its absence breaks older versions of cargo-audit:

    $ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
    error: error loading advisory database: couldn't parse data: missing field `patched_versions` for key `advisory`
    Exited with code 1
 2019-10-08 07:34:43 -07:00
Tony Arcieri
a5392f2d08 Assign RUSTSEC-2018-0014 (informational) to chan 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/179
 2019-10-07 22:04:07 -07:00
Tony Arcieri
4d66c1daa0 Add unmaintained crate informational advisory: chan 
Officially deprecated by its author @BurntSushi:

0a5c0d4ad4
 2019-10-07 22:02:21 -07:00
Tony Arcieri
590d83fbb6 Assign RUSTSEC-2016-0004 (informational) to libusb 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/180
 2019-10-07 21:23:07 -07:00
Tony Arcieri
b47fff1658 Add unmaintained crate informational advisory: libusb 
No releases since 2016 and no responses from the author about its
maintenance status; with several open PRs and issues:

https://github.com/dcuddeback/libusb-rs/issues/33

Recommending `rusb`, a maintained fork, as a successor:

https://github.com/a1ien/rusb
 2019-10-07 21:22:45 -07:00
Vinzent Steinberg
2dda7f38b8 Use backticks for escaped characters 2019-10-07 17:05:39 +02:00
Vinzent Steinberg
5233609919 Fix escapes in hyper advisory 
Fixes #159.
 2019-10-07 15:30:55 +02:00
Tony Arcieri
ca7b554f5b Assign RUSTSEC-2017-0006 to rmpv 
Original PR: https://github.com/RustSec/advisory-db/pull/171
 2019-10-01 08:11:47 -07:00
Danilo Bargen
57a8cb1eae Add advisory for DoS vulnerability in rmpv 2019-10-01 10:15:06 +02:00
Tony Arcieri
41487158f9 RUSTSEC-2019-0022: Fix date 
Filed as 2017 instead of 2019
 2019-09-18 11:49:43 -06:00
Tony Arcieri
869f318f78 Assign RUSTSEC-2019-0023 to string-interner 
Original PR: https://github.com/RustSec/advisory-db/pull/138
 2019-09-18 11:30:26 -06:00
Tony Arcieri
52ceea1bb8 Assign RUSTSEC-2019-0022 to portaudio-rs 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 11:04:14 -06:00
Tony Arcieri
e9e31b78b2 Assign RUSTSEC-2019-0021 to linea 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 10:55:28 -06:00
YOSHIOKA Takuma
dd2ca60acb Add advisory for string-interner 2019-09-18 15:21:34 +09:00
phosphorus
473e6a8f5a Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:38 +08:00
phosphorus
c081847f6d Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:24 +08:00
phosphorus
13ea84ced3 add double free within linea 2019-09-16 00:22:41 +08:00
phosphorus
67b08c24a4 added UAF within portaudio-rs 2019-09-16 00:12:52 +08:00
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
df689834c7 Assign RUSTSEC-2019-0020 to generator 
Original PR: https://github.com/RustSec/advisory-db/pull/150
 2019-09-07 08:08:16 -07:00
Xudong Huang
3461fe2601 Add advisory for generator (#150) 2019-09-07 07:42:52 -07:00
Tony Arcieri
66fe537fdc Assign RUSTSEC-2019-0019 to blake2 
Original PR: https://github.com/RustSec/advisory-db/pull/151
 2019-09-06 13:45:25 -07:00
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
5b742bbc54 Assign RUSTSEC-2019-0016 to chttp 
Original PR: https://github.com/RustSec/advisory-db/pull/139
 2019-09-01 13:06:15 -07:00
Tony Arcieri
8ed9e62129 Merge branch 'master' into sagebind-patch-1 2019-09-01 12:56:31 -07:00
Tony Arcieri
603012cd96 Assign RUSTSEC-2019-0015 to compact_arena 
Original PR: https://github.com/RustSec/advisory-db/pull/137
 2019-09-01 12:46:55 -07:00
Tony Arcieri
c21ebf3341 Assign RUSTSEC-2019-0014 to image 
Original PR: https://github.com/RustSec/advisory-db/pull/135
 2019-09-01 12:37:49 -07:00
Stephen M. Coakley
439853f667 Create RUSTSEC-0000-0000.toml 2019-09-01 13:45:03 -05:00
llogiq
7b363b785a add out-of-bounds memory access in compact_arena < 0.4.0 (#137) 2019-09-01 10:54:20 -07:00
HeroicKatora
c8c41f939a Add hdr decoder use-after-free advisory (#135) 2019-09-01 10:46:14 -07:00
Tony Arcieri
44dc01298e Assign RUSTSEC-2019-0013 to spin 
Original PR: https://github.com/RustSec/advisory-db/pull/132
 2019-08-28 10:11:01 -07:00
Matt Taylor
5568479c48 Clarify that users of Once are not affected 2019-08-28 06:37:10 +01:00
Matt Taylor
3c55761403 Report vulnerability in spin crate's RwLock impl 2019-08-27 20:09:09 +01:00
Ralf Jung
9ec1ad0a9c typo 2019-07-20 13:45:36 +02:00
Ralf Jung
7e3423c7ec actually memoffset also had an uninit-drop vuln, and that affects all versions ever published 2019-07-20 12:56:59 +02:00
Tony Arcieri
3a175b7b37 Assign RUSTSEC-2019-0012 to smallvec 
Original PR: https://github.com/RustSec/advisory-db/pull/127/
 2019-07-19 14:12:22 -07:00
Sergey "Shnatsel" Davidoff
150700481b Update RUSTSEC-0000-0000.toml 2019-07-19 21:45:40 +02:00
Sergey "Shnatsel" Davidoff
3b810f1c13 Add advisory for smallvec issue #149 2019-07-19 21:35:39 +02:00
Tony Arcieri
4d673eedf4 Assign RUSTSEC-2019-0011 to memoffset 
Original PR: https://github.com/RustSec/advisory-db/pull/124
 2019-07-17 09:50:31 -07:00
Ralf Jung
148b3d2dd0 add memoffset issue 2019-07-16 15:51:12 +02:00
Tony Arcieri
8b88d66355 Assign RUSTSEC-2019-0010 to libflate 
Original PR: https://github.com/RustSec/advisory-db/pull/122
 2019-07-07 11:25:05 -07:00