OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 09:10:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
848 Commits 1 Branch 0 Tags
a24932e220dfa9be8b0b501210fef8a0bc7ef43e
Commit Graph

474 Commits

Author SHA1 Message Date
Matt Brubeck
dec05d79ab Minor changes to wording of RUSTSEC-2020-0082 (#516) 
This clarifies that UB can happen during unwinding, and not only after
catching a panic.
 2020-12-06 15:25:23 -05:00
Shnatsel
65c6ad732d Assigned RUSTSEC-2020-0082 to ordered-float 2020-12-06 20:11:29 +00:00
Matt Brubeck
1b49d499c4 ordered_float:NotNan may contain NaN after unwinding in assignment operators 
After using an assignment operators such as `NotNan::add_assign`,
`NotNan::mul_assign`, etc., it was possible for the resulting `NotNan`
value to contain a `NaN`.  This could cause undefined behavior in safe
code, because the safe `NotNan::cmp` method contains internal unsafe
code that assumes the value is never `NaN`.  (It could also cause
undefined behavior in third-party unsafe code that makes the same
assumption, as well as logic errors in safe code.)

This was mitigated starting in version 0.4.0, by panicking if the
assigned value is NaN.  However, in affected versions from 0.4.0 onward,
code that continued after using unwinding to catch this panic could
still observe the invalid value and trigger undefined behavior.

The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring
that the assignment operators panic without modifying the operand, if
the result would be `NaN`.

Fix details:

https://github.com/reem/rust-ordered-float/pull/20
https://github.com/reem/rust-ordered-float/pull/71
 2020-12-06 12:07:22 -08:00
Shnatsel
af8dc79e89 Assigned RUSTSEC-2020-0081 to mio 2020-12-02 23:54:17 +00:00
Linus Färnstrand
3d7ea41f31 Add unaffected field for older mio 2020-12-03 00:51:55 +01:00
Linus Färnstrand
5f0bbd36c1 Add advisory on mio SocketAddr casting 2020-12-03 00:46:32 +01:00
Shnatsel
548b170bba Assigned RUSTSEC-2020-0080 to miow 2020-12-02 23:44:19 +00:00
Linus Färnstrand
6484507a67 Add advisory on miow SocketAddr casting 2020-12-03 00:41:13 +01:00
Shnatsel
7fb2641888 Assigned RUSTSEC-2020-0079 to socket2 2020-12-02 23:37:25 +00:00
Linus Färnstrand
83b9bfa55a Add advisory on socket2 about casting SocketAddr 2020-12-03 00:33:07 +01:00
Shnatsel
3fafefc320 Assigned RUSTSEC-2020-0078 to net2 2020-12-02 23:22:49 +00:00
Linus Färnstrand
4ddf6680a7 Remove deprecation/upgrade text 2020-12-03 00:21:06 +01:00
Linus Färnstrand
4876ce3b91 Add informational field about unsoundness 2020-12-03 00:01:03 +01:00
Linus Färnstrand
8e4861d90c Reword advisory description 2020-12-02 23:48:43 +01:00
Linus Färnstrand
4c2a45a1db Add advisory on net2 making invalid memory assumptions 2020-12-02 22:56:21 +01:00
github-actions[bot]
fc6aabb66e Assigned RUSTSEC-2020-0077 to memmap (#502) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 11:15:42 -08:00
Kaitlyn Kenwell
5c8b2e64a2 Create advisory for memmap (#501) 2020-12-02 11:13:46 -08:00
github-actions[bot]
5f98540c7e Assigned RUSTSEC-2020-0076 to routing (#500) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 09:59:27 -08:00
Stephen Coyle
cd269c4848 Add unmaintained crate advisory for routing (#499) 
Has been renamed to `sn_routing`.
 2020-12-02 09:58:32 -08:00
github-actions[bot]
5c449df553 Assigned RUSTSEC-2020-0075 to branca (#498) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-29 06:52:44 -08:00
Johannes
19e7661dae Add advisory for branca (#497) 2020-11-29 06:51:25 -08:00
Shnatsel
798056aa57 Assigned RUSTSEC-2020-0074 to pyo3 2020-11-28 21:17:57 +00:00
Alex Gaynor
b9eed83776 Added advisory for pyo3 reference counting issue 2020-11-28 15:43:56 -05:00
Taiki Endo
4c6de3973f Fix patched version of RUSTSEC-2019-0037 (#494) 2020-11-27 18:51:11 -08:00
Tony Arcieri
84f130870b Rename references fields to related (#492) 
This frees up `references` to be used for tracking multiple URLs with
additional information.

See also: RustSec/advisory-db#429
 2020-11-23 07:55:17 -08:00
Ammar Askar
cd034f750b Add patched version for futures-intrusive's RUSTSEC-2020-0072 (#490) 2020-11-20 09:46:39 -08:00
github-actions[bot]
57ccc941b6 Assigned RUSTSEC-2020-0073 to image (#489) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-20 07:07:55 -08:00
HeroicKatora
5b68bd5a1f Advisory for image issue 1357 (#488) 2020-11-20 07:06:26 -08:00
github-actions[bot]
f958b20831 Assigned RUSTSEC-2020-0072 to futures-intrusive (#487) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:22:59 -08:00
Ammar Askar
15125a950c Report soundness bug with concurrency in futures-intrusive (#482) 2020-11-18 18:22:11 -08:00
github-actions[bot]
1d7066d6d1 Assigned RUSTSEC-2020-0071 to time (#486) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:21:00 -08:00
Jacob Pratt
793301b134 Potential segfault in the time crate (#485) 2020-11-18 18:19:28 -08:00
github-actions[bot]
78ad57d13b Assigned RUSTSEC-2020-0070 to lock_api (#484) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 10:06:59 -08:00
Ammar Askar
7b5e78867f Report soundness bug with lock_api (#483) 2020-11-18 10:04:30 -08:00
github-actions[bot]
af0ee095ba Assigned RUSTSEC-2020-0069 to lettre (#481) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-11 10:27:32 -08:00
Alexis Mousset
108b6b5967 Add advisory for lettre sendmail transport (#478) 2020-11-11 10:26:11 -08:00
Tony Arcieri
0bdef412ac RUSTSEC-2020-0068: remove parameters from affected functions (#477) 
It's breaking `cargo-deny` which hasn't updated to the new parser yet
 2020-11-09 12:02:00 -08:00
github-actions[bot]
0ca360b195 Assigned RUSTSEC-2020-0068 to multihash (#476) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-09 11:05:42 -08:00
Kirill Pimenov
5eb66747c4 Unexpected panic in multihash from_slice parsing code (#475) 2020-11-09 11:04:58 -08:00
Avery Harnish
587ed762aa fix: s/directoriess/directories 2020-11-05 14:55:13 -06:00
github-actions[bot]
65b9aa70b7 Assigned RUSTSEC-2020-0067 to quic-p2p (#473) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:50:19 -08:00
Stephen Coyle
9757ff2052 Add unmaintained crate advisory for quic-p2p (#468) 
It's been renamed to `qp2p`
 2020-11-02 06:49:09 -08:00
github-actions[bot]
d5cf9d7653 Assigned RUSTSEC-2020-0066 to safe_bindgen (#472) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:48:54 -08:00
Stephen Coyle
3761ab5885 Add unmaintained crate advisory for safe_bindgen (#466) 
It's been renamed to `sn_bindgen`
 2020-11-02 06:46:50 -08:00
github-actions[bot]
00a4c19a46 Assigned RUSTSEC-2020-0065 to fake_clock (#471) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:46:33 -08:00
Stephen Coyle
a949bd4620 Add unmaintained crate advisory for fake_clock (#465) 
It's been renamed to `sn_fake_clock`
 2020-11-02 06:45:29 -08:00
github-actions[bot]
74c2e86f5d Assigned RUSTSEC-2020-0064 to ffi_utils (#470) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:45:15 -08:00
Stephen Coyle
3adba0fcc4 Add unmaintained crate advisory for ffi_utils (#464) 
It's been renamed to `sn_ffi_utils`
 2020-11-02 06:43:54 -08:00
github-actions[bot]
51fd5e3c97 Assigned RUSTSEC-2020-0063 to safe-nd (#469) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-02 06:43:36 -08:00
Stephen Coyle
0da539a26e Add unmaintained crate advisory for safe-nd (#467) 
It's been renamed to `sn_data_types`
 2020-11-02 06:42:05 -08:00