OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 18:50:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
736 Commits 1 Branch 0 Tags
a2bb0aaa008712030b55532f2fe728f07095d8a2
Commit Graph

393 Commits

Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
a2bb0aaa00 Assign RUSTSEC-2020-0052 to crossbeam-channel 2020-10-11 15:16:26 +02:00
Taiki Endo
c764af890f Remove informational field 2020-10-11 21:55:54 +09:00
Taiki Endo
8b71717eb4 Add categories and informational fields 2020-10-11 17:27:18 +09:00
Taiki Endo
ba83b81ec4 Add advisory for UB in crossbeam-channel 0.4.3 2020-10-11 16:57:44 +09:00
Tony Arcieri
8c4b6b7d43 RUSTSEC-2019-0031: spin is maintained (#424) 
We added `yanked = true` to the advisory, however it doesn't seem to be
having the intended effect (the query for unmaintained crates is
probably failing to exclude the yanked advisories)

This is another workaround which makes the `unaffected` requirement
match all versions. Hopefully this means that `spin` will stop being
reported as unmaintained.
 2020-10-10 07:19:19 -07:00
Joshua Barretto
279da1f813 Yanked spin unmaintained advisory 2020-10-08 12:24:25 +01:00
Ammar Askar
6034646f24 Add patched version for atom crate. 2020-10-06 10:28:04 -04:00
Tony Arcieri
ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
 2020-10-01 18:29:11 -07:00
Tony Arcieri
2770460f9c RUSTSEC-2020-0011: rename obsolete to yanked (#419) 
This field name has changed
 2020-10-01 13:56:35 -07:00
Tony Arcieri
7af8522208 Assign RUSTSEC-2019-0037 to pnet (#418) 
Original PR: https://github.com/RustSec/advisory-db/pull/335
 2020-10-01 08:30:38 -07:00
Vladimir
7c95e1b1a1 libpnet (#335) 
Co-authored-by: 0xd34b33f <0xd34b33f@users.noreply.github.com>
 2020-10-01 08:21:28 -07:00
github-actions[bot]
b136b74460 Assigned RUSTSEC-2020-0051 to rustsec (#416) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-01 08:21:08 -07:00
Tony Arcieri
bfa9e12685 Add rustsec crate advisory for breaking changes to advisory format (#415) 
In theory this advisory should trigger this feature of `cargo-audit`
which checks for advisories filed against the `rustsec` crate:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

After merging, I will test with an older `cargo-audit` version to see if
it has the intended effect.
 2020-10-01 08:19:41 -07:00
github-actions[bot]
a1f39cc8c9 Assigned RUSTSEC-2020-0050 to dync 2020-09-27 19:10:29 +00:00
Ammar Askar
7f5deb94c0 Add misaligned-access soundness issue for dync crate 2020-09-27 11:59:16 -07:00
github-actions[bot]
fe2503798e Assigned RUSTSEC-2018-0019 to actix-web 2020-09-26 20:38:10 +00:00
Sergey "Shnatsel" Davidoff
2522178d5b Add advisory for very old, unsound Actix 2020-09-26 22:12:12 +02:00
github-actions[bot]
cc3f69c160 Assigned RUSTSEC-2020-0049 to actix-codec 2020-09-26 19:51:53 +00:00
Sergey "Shnatsel" Davidoff
f4faaa9cc3 drop comment 2020-09-26 21:49:09 +02:00
Sergey "Shnatsel" Davidoff
74e8568389 Advisory for unsound pinning in actix-codec 2020-09-26 21:47:56 +02:00
Sergey "Shnatsel" Davidoff
17d2fd9b41 fix date for real this time 2020-09-26 21:32:13 +02:00
Sergey "Shnatsel" Davidoff
25c3aaaf6c Assign RUSTSEC-2020-0048 to actix-http 2020-09-26 21:31:13 +02:00
Sergey "Shnatsel" Davidoff
14f4dbb09a fix date more 2020-09-26 21:29:49 +02:00
Sergey "Shnatsel" Davidoff
8974b0f390 Merge pull request #402 from RustSec/actix-http-pin 
Advisory for unsound pinning in actix-http
 2020-09-26 21:22:39 +02:00
Sergey "Shnatsel" Davidoff
09a306dbc2 fix date 2020-09-26 21:17:03 +02:00
github-actions[bot]
b091551faf Assigned RUSTSEC-2020-0047 to array-queue 2020-09-26 17:46:05 +00:00
Sergey "Shnatsel" Davidoff
9b360973e2 Merge pull request #396 from ammaraskar/0017-array-queue 
Add advisory for out-of-bounds read in array-queue.
 2020-09-26 19:45:28 +02:00
Sergey "Shnatsel" Davidoff
6f59b11780 Advisory for unsound pinning in actix-http 2020-09-26 19:35:10 +02:00
github-actions[bot]
9fe2230dcc Assigned RUSTSEC-2020-0046 to actix-service 2020-09-26 17:07:03 +00:00
Sergey "Shnatsel" Davidoff
db20f9b701 Merge pull request #399 from RustSec/actix-service-cell 
Add advisory for unsound Cell in actix-service
 2020-09-26 19:06:04 +02:00
github-actions[bot]
0eb24bf2a5 Assigned RUSTSEC-2020-0045 to actix-utils 2020-09-26 17:05:26 +00:00
Sergey "Shnatsel" Davidoff
90ac1e0dea Add advisory for unsound Cell in actix-service 2020-09-26 18:43:20 +02:00
Sergey "Shnatsel" Davidoff
41f95e41cb fix url 2020-09-26 18:37:46 +02:00
Sergey "Shnatsel" Davidoff
f7c02faed1 add advisory for custom Cell in actix-utils 2020-09-26 18:31:04 +02:00
github-actions[bot]
64d1651ee7 Assigned RUSTSEC-2020-0044 to atom 2020-09-26 16:04:29 +00:00
Sergey "Shnatsel" Davidoff
94949cbee4 Merge pull request #390 from ammaraskar/atom_issue 
Add advisory for atom crate
 2020-09-26 18:03:55 +02:00
Sergey "Shnatsel" Davidoff
ebd9ffcac8 Update RUSTSEC-0000-0000.toml 2020-09-26 12:27:30 +02:00
Sergey "Shnatsel" Davidoff
bd394d56fd Update RUSTSEC-0000-0000.toml 2020-09-26 12:26:17 +02:00
Sergey "Shnatsel" Davidoff
d0bdfc9546 Update RUSTSEC-0000-0000.toml 2020-09-26 12:25:05 +02:00
Sergey "Shnatsel" Davidoff
ee8f668400 Update RUSTSEC-0000-0000.toml 2020-09-26 12:23:43 +02:00
Ammar Askar
a1076cfa18 Add advisory for out-of-bounds read in array-queue. 2020-09-26 00:54:49 -07:00
github-actions[bot]
687f999343 Assigned RUSTSEC-2020-0043 to ws 2020-09-25 12:55:36 +00:00
Benjamin Kampmann
5a25462b61 the year is 2020 2020-09-25 12:23:05 +02:00
Benjamin Kampmann
61a2e15704 adding ws-rs advisory 2020-09-25 12:14:34 +02:00
github-actions[bot]
57fc37a584 Assigned RUSTSEC-2020-0042 to stack 2020-09-24 18:01:53 +00:00
Ammar Askar
0fdd4d8a5c Add patched version 2020-09-24 10:33:22 -07:00
Ammar Askar
4c2d1c0d1b Add advisory for out-of-bounds write in stack crate 2020-09-24 03:03:13 -07:00
Alexander Kjäll
12198c5751 added CVE number (#387) 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25016
 2020-09-23 07:52:00 -07:00
Alexander Kjäll
903e6532e6 added CVE numbers (#386) 
looks like some confusion if the CVE is about this or RUSTSEC-2020-0036, but it looks like this is the actual security hole

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25575
 2020-09-23 07:51:49 -07:00
Ammar Askar
f324f2d97c Add advisory for atom crate 2020-09-21 11:54:43 -07:00