OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,568 Commits 1 Branch 0 Tags
a20a779bf790ed4e2fc19b4a201ca7973f078349
Commit Graph

1568 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Kimock
a20a779bf7 Turn the issue about shamir into an advisory (#1134) 2021-12-27 20:28:54 +01:00
github-actions[bot]
1ea676a614 Assigned RUSTSEC-2021-0133 to cargo-download (#1133) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-25 19:20:22 +01:00
pinkforest(she/her)
7f0874b516 Mark cargo-download unmaintained (#1132) 2021-12-25 19:04:31 +01:00
Ben Kimock
3952f343f1 Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131) 2021-12-22 16:15:54 -05:00
github-actions[bot]
dd7d3d726a Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-21 23:27:44 +01:00
Sergey "Shnatsel" Davidoff
dc5ced1155 CVE-2020-8927 for compu-brotli-sys (#1129) 2021-12-21 23:26:29 +01:00
github-actions[bot]
32b107c4c6 Assigned RUSTSEC-2021-0131 to brotli-sys (#1128) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-21 21:51:30 +01:00
Sergey "Shnatsel" Davidoff
94bde4a325 Brotli CVE-2020-8927 redux (#1127) 
* Create RUSTSEC-0000-0000.md

* wording
 2021-12-21 21:48:42 +01:00
github-actions[bot]
ca9497a45b Assigned RUSTSEC-2021-0130 to lru (#1126) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-21 16:50:24 +01:00
Ossi Herrala
2fc8681c0e Add use after free advisory for lru crate (#1125) 
* Add use after free advisory for lru crate

* Add blockquotes

* Update RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-12-21 16:47:42 +01:00
github-actions[bot]
bfcafe5727 Assigned RUSTSEC-2021-0129 to openssl-src (#1123) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-15 01:18:24 +01:00
Alexis Mousset
ee8bb37fb1 Add CVE-2021-4044 for openssl-src (#1122) 2021-12-15 01:13:03 +01:00
github-actions[bot]
6d06054e82 Assigned RUSTSEC-2021-0128 to rusqlite (#1120) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-12-09 01:29:19 +01:00
Thom Chiovoloni
ef9463d5a7 Report rusqlite closure lifetime issue (#1117) 2021-12-09 01:28:00 +01:00
Emil Gardström
1204636ca5 correct formatting for lists in RUSTSEC-2021-0127 (#1116) 2021-12-01 15:04:55 +01:00
github-actions[bot]
1c4b2d56c3 Assigned RUSTSEC-2021-0127 to serde_cbor (#1115) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-11-30 07:21:27 -07:00
Jose Santos
79158e0a4d serde_cbor is unmaintained (#1114) 2021-11-30 07:16:10 -07:00
github-actions[bot]
24987956da Assigned RUSTSEC-2021-0126 to rust-embed (#1113) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-11-29 19:32:40 +01:00
5225225
de35d2ee12 Add advisory for rust-embed path traversal (#1112) 2021-11-29 19:25:01 +01:00
Linus Probert
825e7ae54c Adds maintained alternative to slice_deque (#1109) 2021-11-18 07:04:01 -07:00
github-actions[bot]
c3e02b1dc8 Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-11-18 01:32:59 +01:00
Nick Mathewson
c98000195b Security advisory on simple_asn1 version 0.6.0 (#1103) 
* Security advisory on simple_asn1 version 0.6.0

The maintainer has acknowledged and fixed this issue; see
https://github.com/acw/simple_asn1/pull/28 .

* fixup! Security advisory on simple_asn1 version 0.6.0

Try to fix lint errors.
 2021-11-18 01:29:09 +01:00
github-actions[bot]
3af7a839b1 Assigned RUSTSEC-2021-0124 to tokio (#1107) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-11-17 00:11:14 +01:00
Eliza Weisman
5f68bbad79 Add advisory for tokio-rs/tokio#4225 (#1106) 
* Add advisory for tokio-rs/tokio#4225

If a `tokio::sync::oneshot` channel is closed (via the
[`oneshot::Receiver::close`] method), a data race may occur if the
`oneshot::Sender::send` method is called while the corresponding
`oneshot::Receiver` is `await`ed or calling `try_recv`.

When these methods are called concurrently on a closed channel, the two halves
of the channel can concurrently access a shared memory location, resulting in a
data race. This has been observed to [cause memory corruption][corruption].

Note that the race only occurs when **both** halves of the channel are used
after one half has called `close`. Code where `close` is not used, or where the
`Receiver` is not `await`ed and `try_recv` is not called after calling `close`,
is not affected.

See tokio-rs/tokio#4225 for more details.

This issue was patched in v1.13.1. The patch was backported to the current
LTS version (v1.8.x) in release v1.8.4.

* Update crates/tokio/RUSTSEC-0000-0000.md

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* fix toml lint

whoops

* Update crates/tokio/RUSTSEC-0000-0000.md

* Update crates/tokio/RUSTSEC-0000-0000.md

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2021-11-17 00:02:09 +01:00
dylni
2a4f5887aa Add CVE for RUSTSEC-2021-0123 (#1105) 2021-11-15 06:53:17 -07:00
github-actions[bot]
dee60c20d1 Assigned RUSTSEC-2021-0123 to fruity (#1104) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-11-15 01:29:25 +01:00
dylni
d5184e35e3 Add fruity advisory for nvzqz/fruity#14 (#1102) 
* Add fruity advisory for nvzqz/fruity#14

* Fix lint error

* Fix lint error

* Add an impact section
 2021-11-15 01:26:35 +01:00
Tony Arcieri
26a6973ff1 Bump rustsec-admin to v0.6.0 (#1101) 2021-11-13 11:38:33 -07:00
github-actions[bot]
9e93a3df4a Assigned RUSTSEC-2021-0122 to flatbuffers (#1100) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-11-07 10:53:20 -07:00
Jorge Leitao
79b4d8e547 Add flatbuffers advisory for flatbuffers#6627 (#1093) 2021-11-07 10:51:34 -07:00
Alexander Kjäll
f4a8973706 add cve info to advisories (#1099) 
* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-11-06 21:37:35 +01:00
Tony Arcieri
5ad6e60967 Bump rustsec-admin to v0.5.3 (#1091) 2021-10-22 08:28:51 -06:00
Alexis Mousset
8c05fea5fa Add cvss information from nvd (#1085) 2021-10-19 16:14:35 -06:00
Jacob Pratt
d8701fad2d Add missing method to time vulnerability (#1086) 2021-10-19 16:13:58 -06:00
Alexis Mousset
0c762d06a8 Add CVE alias for RUSTSEC-2021-0069 (#1087) 2021-10-19 21:56:47 +02:00
github-actions[bot]
8e29664694 Assigned RUSTSEC-2021-0121 to crypto2 (#1084) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-18 10:22:07 -06:00
包布丁
0d6d73ffde Unsound implementation of Chacha20 in crypto2 (#1072) 2021-10-18 10:19:31 -06:00
github-actions[bot]
9823491277 Assigned RUSTSEC-2020-0159 to chrono (#1083) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-18 10:19:09 -06:00
Tony Arcieri
1d8c7e1f15 Add chrono advisory for chrono#499 (localtime_r) (#1082) 
This is an advisory similar to `RUSTSEC-2020-0071` impacting usages of
`localtime_r` within `chrono` itself, since the API is used in a
cross-thread manner in an unsound way.
 2021-10-18 10:13:47 -06:00
Ben Kimock
5335769e4b Update vec-const advisory (#1081) 2021-10-18 00:19:40 +02:00
github-actions[bot]
93c9b95f23 Assigned RUSTSEC-2021-0120 to abomonation (#1080) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-17 15:33:02 -06:00
Ben Kimock
68a4387f34 Report abomonation as unsound (#1079) 2021-10-17 15:28:16 -06:00
Jacob Pratt
e7d342f190 Update RUSTEC-2020-0071 (#1078) 
This includes the affected functions in time 0.1 and rewords a few
things for clarity.
 2021-10-16 22:31:32 -06:00
Alexander Kjäll
f494f83f8e add missing cve info to advisories (#1077) 
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
 2021-10-14 21:53:11 +02:00
Alexander Kjäll
9a1349483e Add CVE information to RUSTSEC-2020-0142 (#1076) 
See: https://cve.circl.lu/cve/CVE-2020-36462
 2021-10-14 17:38:20 +02:00
Alexander Kjäll
09587b2b82 Add CVE info to RUSTSEC-2020-0133 (#1075) 
see: https://cve.circl.lu/cve/CVE-2020-36453
 2021-10-14 10:33:50 -04:00
puzzlewolf
380869a5c1 Update patched version of zeroize_derive. (#1074) 
zeroize_derive backported the fix to the 1.1 branch and released it as
version 1.1.1 (https://github.com/iqlusioninc/crates/pull/881).
 2021-10-12 09:24:09 -06:00
Sergey "Shnatsel" Davidoff
d29205a680 Promote nix::unistd::getgrouplist to vulnerability (#1073) 2021-10-08 18:17:22 +02:00
Alex Gaynor
b426bdf91c Tiny change to try to force github to sign 2021-10-07 10:02:39 -04:00
github-actions[bot]
76105bde90 Assigned RUSTSEC-2020-0158 to slice-deque (#1069) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-07 07:38:11 -06:00