OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,427 Commits 1 Branch 0 Tags
9e4db05abcf230899dbe46983bb4b4e76074e637
Commit Graph

1427 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Youngsuk Kim
9e4db05abc binjs_io: 'Read' on uninitialized memory may cause UB (#660) 
* Report 0088-binjs_io to RustSec

* informational = "unsound"
 2021-08-21 19:20:15 -06:00
github-actions[bot]
9039912764 Assigned RUSTSEC-2021-0084 to bronzedb-protocol (#988) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:20:01 -06:00
Youngsuk Kim
10843f8372 bronzedb-protocol: Read on uninitialized buffer can cause UB (impl of ReadKVExt) (#659) 
* Report 0087-bronzedb-protocol to RustSec

* informational = "unsound"
 2021-08-21 19:18:33 -06:00
Alexis Mousset
e9382c8680 Fix typos in advisories (#976) 2021-08-21 19:18:11 -06:00
github-actions[bot]
7765af95c4 Assigned RUSTSEC-2021-0083 to derive-com-impl (#987) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:17:47 -06:00
apennamen
ef71611e6a Add advisory for potential memory corruption in derive-com-impl (#649) 2021-08-21 19:16:19 -06:00
github-actions[bot]
9c5df457e5 Assigned RUSTSEC-2020-0153 to bite (#986) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:15:34 -06:00
Youngsuk Kim
b4b68c19bc bite: Read on uninitialized memory (#593) 
* bite: Read on uninitialized memory

* informational = "unsound"
 2021-08-21 19:08:46 -06:00
github-actions[bot]
68d6f5afa9 Assigned RUSTSEC-2021-0082 to vec-const (#985) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-21 19:08:23 -06:00
Ben Kimock
01c59cafdb Report vec-const as unsound (#981) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-21 19:07:03 -06:00
diwic
f20b53ca89 Patched release of reffers (#984) 
I'm not sure anyone uses this old crate but if they do, at least now they have a fixed version.
 2021-08-21 12:38:49 +03:00
Sergey "Shnatsel" Davidoff
e0fda3fe9b add CVE alias to RUSTSEC-2021-0081(actix-http) (#983) 2021-08-17 22:07:01 +03:00
kpcyrd
67da87fc89 Update RUSTSEC-2021-0080 [affected] version (#980) 2021-08-11 00:54:42 +03:00
Remi Rampin
01bad82da9 Add fix for RUSTSEC-2021-0080 (#979) 2021-08-10 19:52:04 +03:00
github-actions[bot]
e692597283 Assigned RUSTSEC-2021-0081 to actix-http (#978) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-08-10 12:12:52 +03:00
Rob Ede
7a42cb7e08 add advisory for actix-http HRS (#977) 
* add actix-http HRS

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Adjust version ranges to make a hypothetical 4.0.0 patched

* drop nonexistent category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-08-10 12:11:38 +03:00
ZSchoen
541c537a23 added specific affected functions to CVE-2021-29922 (#975) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-09 05:15:56 -07:00
github-actions[bot]
ce76490feb Assigned RUSTSEC-2021-0080 to tar (#974) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 13:16:32 -07:00
kpcyrd
158cd653ca Add directory traversal for tar (#965) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-08-08 12:53:24 -07:00
github-actions[bot]
82ce1aa716 Assigned RUSTSEC-2021-0079 to hyper (#973) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 12:41:08 -07:00
BlackHoleFox
3a5de9c7b5 Add advisory for hyper Transfer-Encoding header parsing (#968) 2021-08-08 12:39:37 -07:00
github-actions[bot]
255194ae7a Assigned RUSTSEC-2021-0078 to hyper (#972) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-08-08 12:39:12 -07:00
BlackHoleFox
0148dead3a Add advisory for hyper Content-Length header parsing (#967) 2021-08-08 12:36:02 -07:00
ZSchoen
a81783c627 added CVE-2021-29922 (#971) 2021-08-08 12:35:13 -07:00
github-actions[bot]
1db7602857 Assigned RUSTSEC-2021-0077 to better-macro (#969) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-07-26 13:46:07 -07:00
Jeremy Fitzhardinge
8af7718d8f better-macro has deliberate RCE in proc-macro (#966) 
It's "Proving A Point" in
https://github.com/raycar5/better-macro/blob/master/doc/hi.md but there's
no guarantee that this will remain benign (or is actually benign right
now). The crate also has no useful functionality.
 2021-07-26 13:39:47 -07:00
github-actions[bot]
e20838a4ff Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-13 15:47:59 +03:00
Martin Pugh
e95d360049 Add advisory for libsecp256k1 (#963) 
* add advisory

* fix formatting
 2021-07-13 15:46:23 +03:00
github-actions[bot]
4792a373b1 Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-09 06:07:19 +02:00
Pratyush Mishra
674daf6fae ark_r1cs_std::mul_by_inverse generated unsound constraints in versions below 0.3.1 (#961) 
* `ark_r1cs_std::mul_by_inverse` was unsound in versions below `0.3.1`

* Fix category

* Add link to PR
 2021-07-09 06:06:05 +02:00
Sergey "Shnatsel" Davidoff
730c1e815a Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960) 
This reverts commit a9c31a6e25.
 2021-07-08 21:09:27 +02:00
github-actions[bot]
2d60adf54f Assigned RUSTSEC-2021-0074 to ammonia (#959) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 20:48:05 +02:00
Michael Howell
3533e434a6 Add rust-ammonia/ammonia#142 (#956) 
* Add rust-ammonia/ammonia#142

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md
 2021-07-08 20:46:50 +02:00
Sergey "Shnatsel" Davidoff
a9c31a6e25 Hotfix #957 until we figure out what to do with it (#958) 2021-07-08 20:34:15 +02:00
github-actions[bot]
7629432184 Assigned RUSTSEC-2021-0073 to prost-types (#955) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 19:27:50 +02:00
Lucio Franco
1889bffd67 prost-types: Timestamp conversion overflow (#954) 2021-07-08 19:25:47 +02:00
Sergey "Shnatsel" Davidoff
cbeaf18e2b Made RUSTSEC-2021-0072 not affect tokio 2.0 and later 2021-07-08 01:26:08 +02:00
github-actions[bot]
01ac699fd5 Assigned RUSTSEC-2021-0072 to tokio (#952) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-07-08 01:09:42 +02:00
Alice Ryhl
6f2157cba4 Add advisory for race condition in Tokio (#951) 
* Add RUSTSEC for tokio#3929

* Update version range

* Wrap with code fences

* Add advisory information

* Add unaffected

* Don't use tilde in version specification

it's not yet supported by rustsec v0.24

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-07-08 01:08:31 +02:00
Yechan Bae
afbc0dc9e1 Update five std CVEs (#946) 2021-07-06 12:36:13 -06:00
Tony Arcieri
23d8630fbe Bump rustsec-admin to v0.5.1 (#949) 2021-07-03 13:02:47 -06:00
Sergey "Shnatsel" Davidoff
34e9832a80 OSV export: fix handling of advisories without an ID (#948) 
* OSV export: fix handling of advisories without an ID

* job will fail without -f flag on rm
 2021-07-02 17:48:46 +02:00
Sergey "Shnatsel" Davidoff
9f3eb562a2 Add OSV export CI job (#947) 2021-07-02 17:22:13 +02:00
Sergey "Shnatsel" Davidoff
d5a60f2737 Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945) 2021-07-02 01:39:03 +02:00
Sergey "Shnatsel" Davidoff
84e3fb3121 Add withdrawn field (#942) 
* Add `withdrawn` field to advisories, recording the yank date

* Synthetic signed commit for testing

* Add `withdrawn` field to lubpulse-binding advisory forgotten on the first pass
 2021-06-30 00:08:30 +02:00
Tony Arcieri
1684325bb6 Bump rustsec-admin to v0.5.0 (#944) 2021-06-30 00:01:00 +02:00
Chojan Shang
220bc71988 Add patched version for flatbuffers RUSTSEC-2020-0009 (#943) 
Signed-off-by: Chojan Shang <psiace@outlook.com>
 2021-06-23 23:24:04 +02:00
David Marshall
cd87335b46 Update RUSTSEC-2021-0049.md (#941) 
https://nvd.nist.gov/vuln/detail/CVE-2021-29940
 2021-06-16 23:05:39 +02:00
github-actions[bot]
0d2022a191 Assigned RUSTSEC-2021-0071 to grep-cli (#940) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-06-15 00:43:22 +02:00
Andrew Gallant
ec6dbf077c crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939) 
* crates/grep-cli: add advisory for arbitrary binary execution on Windows

Ref https://github.com/BurntSushi/ripgrep/issues/1773

* drop commented out field

* crates/grep-cli: add more details about mitigation

Instead of dancing around it, we just say it: the main issue is that
std::process::Command will resolve relative binary names with respect to
the CWD first, because it just uses the Windows API for this.

More specifically, we call out the two particular mitigations that are
now in place.

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-06-15 00:42:25 +02:00