OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 07:46:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
848 Commits 1 Branch 0 Tags
a24932e220dfa9be8b0b501210fef8a0bc7ef43e
Commit Graph

848 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yechan Bae
a24932e220 Update example advisory text (#513) 2020-12-07 07:31:37 -08:00
Matt Brubeck
dec05d79ab Minor changes to wording of RUSTSEC-2020-0082 (#516) 
This clarifies that UB can happen during unwinding, and not only after
catching a panic.
 2020-12-06 15:25:23 -05:00
Sergey "Shnatsel" Davidoff
69bdf5ecf7 Merge pull request #515 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0082 to ordered-float
 2020-12-06 21:11:40 +01:00
Shnatsel
65c6ad732d Assigned RUSTSEC-2020-0082 to ordered-float 2020-12-06 20:11:29 +00:00
Sergey "Shnatsel" Davidoff
f5888cb3ee Merge pull request #514 from mbrubeck/ordered-float 
ordered_float:NotNan may contain NaN after unwinding in assignment operators
 2020-12-06 21:10:58 +01:00
Matt Brubeck
1b49d499c4 ordered_float:NotNan may contain NaN after unwinding in assignment operators 
After using an assignment operators such as `NotNan::add_assign`,
`NotNan::mul_assign`, etc., it was possible for the resulting `NotNan`
value to contain a `NaN`.  This could cause undefined behavior in safe
code, because the safe `NotNan::cmp` method contains internal unsafe
code that assumes the value is never `NaN`.  (It could also cause
undefined behavior in third-party unsafe code that makes the same
assumption, as well as logic errors in safe code.)

This was mitigated starting in version 0.4.0, by panicking if the
assigned value is NaN.  However, in affected versions from 0.4.0 onward,
code that continued after using unwinding to catch this panic could
still observe the invalid value and trigger undefined behavior.

The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring
that the assignment operators panic without modifying the operand, if
the result would be `NaN`.

Fix details:

https://github.com/reem/rust-ordered-float/pull/20
https://github.com/reem/rust-ordered-float/pull/71
 2020-12-06 12:07:22 -08:00
Sergey "Shnatsel" Davidoff
3ea0b300a3 Merge pull request #510 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0081 to mio
 2020-12-03 00:54:31 +01:00
Shnatsel
af8dc79e89 Assigned RUSTSEC-2020-0081 to mio 2020-12-02 23:54:17 +00:00
Sergey "Shnatsel" Davidoff
d984be9fa4 Merge pull request #509 from faern/mio-socketaddr 
Add advisory on mio SocketAddr casting
 2020-12-03 00:53:47 +01:00
Linus Färnstrand
3d7ea41f31 Add unaffected field for older mio 2020-12-03 00:51:55 +01:00
Linus Färnstrand
5f0bbd36c1 Add advisory on mio SocketAddr casting 2020-12-03 00:46:32 +01:00
Sergey "Shnatsel" Davidoff
abbf24473b Merge pull request #508 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0080 to miow
 2020-12-03 00:45:54 +01:00
Shnatsel
548b170bba Assigned RUSTSEC-2020-0080 to miow 2020-12-02 23:44:19 +00:00
Sergey "Shnatsel" Davidoff
33df676a24 Merge pull request #507 from faern/miow-socketaddr 
Add advisory on miow SocketAddr casting
 2020-12-03 00:43:50 +01:00
Linus Färnstrand
6484507a67 Add advisory on miow SocketAddr casting 2020-12-03 00:41:13 +01:00
Sergey "Shnatsel" Davidoff
0eebb486a9 Merge pull request #506 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0079 to socket2
 2020-12-03 00:40:45 +01:00
Shnatsel
7fb2641888 Assigned RUSTSEC-2020-0079 to socket2 2020-12-02 23:37:25 +00:00
Sergey "Shnatsel" Davidoff
d5a9e41daa Merge pull request #505 from faern/socket2-socketaddr 
Add advisory on socket2 about casting SocketAddr
 2020-12-03 00:36:58 +01:00
Linus Färnstrand
83b9bfa55a Add advisory on socket2 about casting SocketAddr 2020-12-03 00:33:07 +01:00
Sergey "Shnatsel" Davidoff
2fc7176464 Merge pull request #504 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0078 to net2
 2020-12-03 00:23:08 +01:00
Shnatsel
3fafefc320 Assigned RUSTSEC-2020-0078 to net2 2020-12-02 23:22:49 +00:00
Sergey "Shnatsel" Davidoff
408e4e7e1c Merge pull request #503 from faern/net2-socketaddr 
Add advisory on net2 making invalid memory assumptions
 2020-12-03 00:22:22 +01:00
Linus Färnstrand
4ddf6680a7 Remove deprecation/upgrade text 2020-12-03 00:21:06 +01:00
Linus Färnstrand
4876ce3b91 Add informational field about unsoundness 2020-12-03 00:01:03 +01:00
Linus Färnstrand
8e4861d90c Reword advisory description 2020-12-02 23:48:43 +01:00
Linus Färnstrand
4c2a45a1db Add advisory on net2 making invalid memory assumptions 2020-12-02 22:56:21 +01:00
github-actions[bot]
fc6aabb66e Assigned RUSTSEC-2020-0077 to memmap (#502) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 11:15:42 -08:00
Kaitlyn Kenwell
5c8b2e64a2 Create advisory for memmap (#501) 2020-12-02 11:13:46 -08:00
github-actions[bot]
5f98540c7e Assigned RUSTSEC-2020-0076 to routing (#500) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 09:59:27 -08:00
Stephen Coyle
cd269c4848 Add unmaintained crate advisory for routing (#499) 
Has been renamed to `sn_routing`.
 2020-12-02 09:58:32 -08:00
github-actions[bot]
5c449df553 Assigned RUSTSEC-2020-0075 to branca (#498) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-29 06:52:44 -08:00
Johannes
19e7661dae Add advisory for branca (#497) 2020-11-29 06:51:25 -08:00
Sergey "Shnatsel" Davidoff
6e4b3d1415 Merge pull request #496 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0074 to pyo3
 2020-11-28 22:18:09 +01:00
Shnatsel
798056aa57 Assigned RUSTSEC-2020-0074 to pyo3 2020-11-28 21:17:57 +00:00
Sergey "Shnatsel" Davidoff
9b1aa6343c Merge pull request #495 from RustSec/alex-patch-1 
Added advisory for pyo3 reference counting issue
 2020-11-28 22:17:30 +01:00
Alex Gaynor
b9eed83776 Added advisory for pyo3 reference counting issue 2020-11-28 15:43:56 -05:00
Taiki Endo
4c6de3973f Fix patched version of RUSTSEC-2019-0037 (#494) 2020-11-27 18:51:11 -08:00
Tony Arcieri
bc8e7e0bd1 Bump rustsec-admin to v0.3.2 (#493) 2020-11-23 17:57:39 -08:00
Tony Arcieri
84f130870b Rename references fields to related (#492) 
This frees up `references` to be used for tracking multiple URLs with
additional information.

See also: RustSec/advisory-db#429
 2020-11-23 07:55:17 -08:00
Philippe Ombredanne
f5505edb82 Correct typo and URL (#491) 
Distributed Weakness filing went dark last year
Instead use, the official pages at mitre corp.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
 2020-11-21 08:03:50 -08:00
Ammar Askar
cd034f750b Add patched version for futures-intrusive's RUSTSEC-2020-0072 (#490) 2020-11-20 09:46:39 -08:00
github-actions[bot]
57ccc941b6 Assigned RUSTSEC-2020-0073 to image (#489) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-20 07:07:55 -08:00
HeroicKatora
5b68bd5a1f Advisory for image issue 1357 (#488) 2020-11-20 07:06:26 -08:00
github-actions[bot]
f958b20831 Assigned RUSTSEC-2020-0072 to futures-intrusive (#487) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:22:59 -08:00
Ammar Askar
15125a950c Report soundness bug with concurrency in futures-intrusive (#482) 2020-11-18 18:22:11 -08:00
github-actions[bot]
1d7066d6d1 Assigned RUSTSEC-2020-0071 to time (#486) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:21:00 -08:00
Jacob Pratt
793301b134 Potential segfault in the time crate (#485) 2020-11-18 18:19:28 -08:00
github-actions[bot]
78ad57d13b Assigned RUSTSEC-2020-0070 to lock_api (#484) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 10:06:59 -08:00
Ammar Askar
7b5e78867f Report soundness bug with lock_api (#483) 2020-11-18 10:04:30 -08:00
github-actions[bot]
af0ee095ba Assigned RUSTSEC-2020-0069 to lettre (#481) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-11 10:27:32 -08:00