OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 00:30:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,360 Commits 1 Branch 0 Tags
a7ffa73f48dd6afff74f89184f2fb4fc828d4d9f
Commit Graph

1360 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wei Tang
a7ffa73f48 Add security advisory for evm crate related to memory over-allocation (#909) 2021-05-11 23:23:09 +02:00
Sergey "Shnatsel" Davidoff
bd8a0f6700 Add patched version for kekbit RUSTSEC-2020-0129 (#908) 2021-05-10 10:49:18 +02:00
github-actions[bot]
5b4c4f4d16 Assigned RUSTSEC-2021-0065 to anymap (#907) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-07 17:26:35 -07:00
Erick Tryzelaar
658266f614 anymap is unmaintained (#906) 
It appears that the anymap has been abandoned, and the most recent
released version contains a soundness bug that has been fixed upstream,
but never published to crates.io
 2021-05-07 17:19:04 -07:00
github-actions[bot]
444f649224 Assigned RUSTSEC-2021-0064 to cpuid-bool (#905) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-06 16:45:32 -07:00
Tony Arcieri
01a4733782 Add unmaintained crate advisory for cpuid-bool (#904) 
It has been renamed to `cpufeatures`. See:

https://github.com/RustCrypto/utils/pull/381
 2021-05-06 16:41:05 -07:00
github-actions[bot]
9279d5f03b Assigned RUSTSEC-2021-0063 to comrak (#903) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-04 10:46:29 +02:00
Asherah Connor
e8a9c4346b Add advisory for another comrak XSS (#902) 
Thanks to Sam Sanoop (snoopysecurity) for reporting.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
 2021-05-04 10:45:50 +02:00
Tony Arcieri
f26e762f20 aes* crates: add crate names to advisory titles (#901) 
The previous titles accidentally ommitted the crate names, making them
confusing during reporting.
 2021-05-03 18:28:43 -07:00
github-actions[bot]
106fe13cb4 Assigned RUSTSEC-2021-0062 to miscreant (#900) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 12:05:09 -07:00
Tony Arcieri
fe57ea233a Add unmaintained crate advisory for miscreant (#899) 2021-05-03 12:03:33 -07:00
github-actions[bot]
14077ced71 Assigned RUSTSEC-2021-0061 to aes-ctr (#898) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:33:31 -07:00
Tony Arcieri
acc093457e Add unmaintained crate advisory for aes-ctr (#897) 2021-05-03 11:31:13 -07:00
github-actions[bot]
50c50ed33a Assigned RUSTSEC-2021-0060 to aes-soft (#896) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:19:17 -07:00
Tony Arcieri
91df546267 Add unmaintained crate advisory for aes-soft (#895) 2021-05-03 11:17:47 -07:00
github-actions[bot]
55c7b80657 Assigned RUSTSEC-2021-0059 to aesni (#894) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-05-03 11:14:14 -07:00
Tony Arcieri
0d0acd8f42 Add unmaintained crate advisory for aesni (#893) 2021-05-03 11:13:16 -07:00
Tony Arcieri
c91631243e Bump rustsec-admin to v0.4.2 (#892) 
This includes an atom feed generator:

https://github.com/RustSec/rustsec-admin/pull/142
 2021-05-03 08:26:22 -07:00
github-actions[bot]
c8f399d86d Assigned RUSTSEC-2021-0058 to openssl-src (#890) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 14:15:00 +02:00
Alexis Mousset
eed48b9a15 Add CVE-2021-23841 for openssl-src (#888) 2021-05-01 14:11:36 +02:00
github-actions[bot]
d2a673c64c Assigned RUSTSEC-2021-0057 to openssl-src (#889) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 14:09:23 +02:00
Alexis Mousset
35792564ac Add CVE-2021-23840 for openssl-src (#887) 2021-05-01 14:08:48 +02:00
github-actions[bot]
d824e5d5c0 Assigned RUSTSEC-2021-0056 to openssl-src (#886) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 10:50:50 +02:00
Alexis Mousset
ee38ef509c Add CVE-2021-3450 for openssl-src (#883) 2021-05-01 10:32:22 +02:00
github-actions[bot]
e4e343b7b0 Assigned RUSTSEC-2021-0055 to openssl-src (#884) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-05-01 10:32:12 +02:00
Alexis Mousset
43778319e4 Add CVE-2021-3449 for openssl-src (#882) 2021-05-01 10:30:25 +02:00
Tony Arcieri
3dcdf93d52 Bump rustsec-admin to v0.4.1 (#881) 
This includes improvements to the web site generator:

https://github.com/RustSec/rustsec-admin/pull/133
 2021-04-30 10:28:12 -07:00
github-actions[bot]
db03320a5d Assigned RUSTSEC-2021-0054 to rkyv (#878) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-04-29 11:54:36 +02:00
David Koloski
7086fa22a3 Report rkyv vulnerability (issue rkyv#113) (#877) 
* Report rkyv vulnerability (issue rkyv#113)

* fix category

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-04-29 10:40:04 +02:00
Pablo Sichert
5b3dcb83b4 Yank advisories for once-again maintained dirs/directories crates (#876) 2021-04-19 09:31:05 -07:00
Richard Bradfield
60455ec8b1 Mark patched tiny-http version for 2020-0031 (#875) 
* Mark patched tiny-http version for 2020-0031

A backport of the fix for 2020-0031 has been applied to the 0.6.x
branch, starting at 0.6.3, subsequent 0.6 versions are no longer
vulnerable.

* Fix version specification

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-04-16 13:27:30 +02:00
github-actions[bot]
caa2ef87e9 Assigned RUSTSEC-2021-0053 to algorithmica (#874) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-04-15 10:46:46 -07:00
Sergey "Shnatsel" Davidoff
0e059ec673 Merge pull request #873 from RustSec/master 
Mirror algorithmica advisory to `main`
 2021-04-15 18:55:02 +02:00
Sergey "Shnatsel" Davidoff
c9b5bbd2f4 Merge pull request #872 from JOE1994/0163-algorithmica 
algorithmica: 'merge_sort::merge()' crashes with double-free for `T: Drop`
 2021-04-15 18:17:02 +02:00
JOE1994
4b7ea77407 Report 0163-algorithmica to RustSec 2021-04-15 12:00:46 -04:00
Yechan Bae
22b59ea8a3 Add std CVE (#869) 2021-04-13 14:22:28 -07:00
Yechan Bae
ce4db769c2 Update CVE numbers (#870) 2021-04-13 14:10:09 -07:00
Sergey "Shnatsel" Davidoff
bc824311d0 Merge pull request #868 from Alexhuszagh/main 
Update advisory to indicate patched versions of stackvector.
 2021-04-13 11:52:48 +02:00
Alex Huszagh
65efff6ab5 Update advisory to indicate patched versions of stackvector. 2021-04-12 22:59:53 -05:00
Ken Reed
abdfc42fea Added patch to "fix" vulnerability. (#866) 
* patch note

* added patch version
 2021-04-06 06:43:11 -07:00
Sergey "Shnatsel" Davidoff
c71cfec8c3 Merge pull request #865 from RustSec/assign-ids 
Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
 2021-04-02 10:20:26 +02:00
Shnatsel
113188c623 Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map 2021-04-02 08:19:57 +00:00
Sergey "Shnatsel" Davidoff
21e46e9a65 Merge pull request #863 from ammaraskar/id-map 
Add advisory for double-free issues in id-map
 2021-04-02 10:19:13 +02:00
Sergey "Shnatsel" Davidoff
a2e3067e4c Merge pull request #864 from ammaraskar/outer_cgi 
[patched] Add advisory for uninitialized exposure in outer_cgi
 2021-04-02 10:18:42 +02:00
Ammar Askar
1f8dfd9503 Add advisory for uninitialized exposure in outer_cgi 2021-03-31 08:17:57 -07:00
Ammar Askar
f35600e723 Add advisory for double-free issues in id-map 2021-03-31 08:06:30 -07:00
Sergey "Shnatsel" Davidoff
333e5cb0b1 Merge pull request #861 from RustSec/assign-ids 
Assigned RUSTSEC-2021-0050 to reorder
 2021-03-31 13:30:20 +02:00
Shnatsel
1f9f3620e0 Assigned RUSTSEC-2021-0050 to reorder 2021-03-31 11:30:04 +00:00
Sergey "Shnatsel" Davidoff
09466c5095 Merge pull request #860 from ammaraskar/reorder 
Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
 2021-03-31 13:29:33 +02:00
Ammar Askar
7b3ef9f3a5 Add advisory for out-of-bounds write and uninitialized memory exposure in reorder 2021-03-30 23:44:20 -07:00