OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
332 Commits 1 Branch 0 Tags
a90bcef811db87f91ce8ed523d8b7fa409bb2d10
Commit Graph

332 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
a90bcef811 .travis.yml: Don't install rustsec-admin if it's already installed 2019-09-30 09:36:56 -07:00
Tony Arcieri
84423b8605 Add CVE-2019-16760: Security advisory for Cargo (2019-09-30) 
Original announcement: https://groups.google.com/forum/#!topic/rustlang-security-announcements/rVQ5e3TDnpQ
 2019-09-30 09:24:50 -07:00
Tony Arcieri
5beb8d4305 Merge pull request #169 from RustSec/rustsec-admin 
.travis.yml: Lint with the `rustsec-admin` crate
 2019-09-24 02:52:00 -07:00
Tony Arcieri
f40c350e71 .travis.yml: Lint with the rustsec-admin crate 
https://github.com/RustSec/rustsec-admin
 2019-09-24 02:32:18 -07:00
Tony Arcieri
cd175d416a Merge pull request #167 from RustSec/move-linter-out-of-repo 
Move linter to the `RustSec/rustsec-crate` repo
 2019-09-23 14:54:50 -07:00
Tony Arcieri
a86a4d5783 Move linter to the RustSec/rustsec-crate repo 
The linter has been extracted from this repo into a combined CLI utility
which is available here:

https://github.com/RustSec/rustsec-crate/tree/master/cli
 2019-09-23 14:35:14 -07:00
Tony Arcieri
206598bb68 Merge pull request #166 from RustSec/rustsec/v0.13 
Upgrade to `rustsec` v0.13 final release
 2019-09-23 08:39:21 -07:00
Tony Arcieri
e3c507bdf3 Upgrade to rustsec v0.13 final release 2019-09-23 08:31:33 -07:00
Tony Arcieri
62cf33df70 Merge pull request #165 from RustSec/rustsec/v0.13.0-alpha4 
Upgrade to `rustsec` v0.13.0-alpha4
 2019-09-22 17:14:06 -07:00
Tony Arcieri
3595024657 Upgrade to rustsec v0.13.0-alpha4 2019-09-22 16:56:16 -07:00
Tony Arcieri
5b69b1de70 Merge pull request #164 from RustSec/RUSTSEC-2019-0022/fix-date 
RUSTSEC-2019-0022: Fix date
 2019-09-18 11:56:32 -06:00
Tony Arcieri
41487158f9 RUSTSEC-2019-0022: Fix date 
Filed as 2017 instead of 2019
 2019-09-18 11:49:43 -06:00
Tony Arcieri
7df1c4c131 Merge pull request #163 from RustSec/RUSTSEC-2019-0023 
Assign RUSTSEC-2019-0023 to string-interner
 2019-09-18 11:38:21 -06:00
Tony Arcieri
869f318f78 Assign RUSTSEC-2019-0023 to string-interner 
Original PR: https://github.com/RustSec/advisory-db/pull/138
 2019-09-18 11:30:26 -06:00
Tony Arcieri
d6a1741bf2 Merge pull request #162 from RustSec/RUSTSEC-2019-0022 
Assign RUSTSEC-2019-0022 to portaudio-rs
 2019-09-18 11:27:36 -06:00
Tony Arcieri
52ceea1bb8 Assign RUSTSEC-2019-0022 to portaudio-rs 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 11:04:14 -06:00
Tony Arcieri
80feab701f Merge pull request #161 from RustSec/RUSTSEC-2019-0021 
Assign RUSTSEC-2019-0021 to linea
 2019-09-18 11:02:19 -06:00
Tony Arcieri
e9e31b78b2 Assign RUSTSEC-2019-0021 to linea 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 10:55:28 -06:00
Tony Arcieri
9d76d6e24d Merge pull request #138 from lo48576/string-interner-0.7.0 
Add advisory for string-interner
 2019-09-18 10:43:17 -06:00
YOSHIOKA Takuma
dd2ca60acb Add advisory for string-interner 2019-09-18 15:21:34 +09:00
Tony Arcieri
947b9bfe8a Merge pull request #160 from Phosphorus15/master 
Use-after-free in portaudio-rs and double free in linea
 2019-09-17 13:27:27 -06:00
phosphorus
473e6a8f5a Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:38 +08:00
phosphorus
c081847f6d Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:24 +08:00
phosphorus
13ea84ced3 add double free within linea 2019-09-16 00:22:41 +08:00
phosphorus
67b08c24a4 added UAF within portaudio-rs 2019-09-16 00:12:52 +08:00
Tony Arcieri
340b740569 Merge pull request #157 from RustSec/linter 
Upgrade to `rustsec` crate v0.13.0-alpha1; add linter
 2019-09-09 12:56:38 -07:00
Tony Arcieri
9b0038eb76 README.md: Update advisory template with [affected] section 
Documents the new `[affected]` section of an advisory, as supported by
the `rustsec` crate v0.13.0.
 2019-09-09 12:40:24 -07:00
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
74ebe212dc Upgrade to rustsec crate v0.13.0-alpha1; add linter 
Upgrades the `rustsec` crate to the latest alpha release and uses the
new `rustsec::advisory::Linter` functionality to lint advisories
currently in the database.

Several of them are using invalid keys and need to be updated.
 2019-09-09 11:39:11 -07:00
Tony Arcieri
a1cd9fc432 Merge pull request #156 from RustSec/RUSTSEC-2019-0020 
Assign RUSTSEC-2019-0020 to generator
 2019-09-07 08:16:17 -07:00
Tony Arcieri
df689834c7 Assign RUSTSEC-2019-0020 to generator 
Original PR: https://github.com/RustSec/advisory-db/pull/150
 2019-09-07 08:08:16 -07:00
Xudong Huang
3461fe2601 Add advisory for generator (#150) 2019-09-07 07:42:52 -07:00
Tony Arcieri
43aea6cc49 Merge pull request #153 from RustSec/RUSTSEC-2019-0019 
Assign RUSTSEC-2019-0019 to blake2
 2019-09-06 16:52:52 -07:00
Tony Arcieri
66fe537fdc Assign RUSTSEC-2019-0019 to blake2 
Original PR: https://github.com/RustSec/advisory-db/pull/151
 2019-09-06 13:45:25 -07:00
Tony Arcieri
06b81b58ab Merge pull request #151 from RustSec/broken-blake2-impls 
Add advisory for broken `blake2` impls
 2019-09-06 12:03:31 -07:00
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
21a1767752 Merge pull request #148 from RustSec/RUSTSEC-2019-0018 
Assign RUSTSEC-2019-0018 to renderdoc
 2019-09-02 19:44:46 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Tony Arcieri
bbb7ff55c3 Merge pull request #147 from ebkalderon/add-renderdoc-ub-vuln 
Undefined behavior in renderdoc crate
 2019-09-02 19:36:19 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
6de62b1002 Merge branch 'master' into add-renderdoc-ub-vuln 2019-09-03 01:14:08 +08:00
Tony Arcieri
6e03d3c0b7 Merge pull request #146 from RustSec/rust-lang-vulns 
File standard libary/core vulns (closes RustSec/cargo-audit#46)
 2019-09-02 10:12:18 -07:00
Tony Arcieri
58db1ee63a File standard libary/core vulns (closes RustSec/cargo-audit#46) 
Files vulnerabilities in the standard library originally reported at:

https://groups.google.com/forum/#!forum/rustlang-security-announcements

Or otherwise collected at:

https://github.com/RustSec/cargo-audit/issues/46

The `rustsec` crate doesn't presently consume these, but I'd like to add
support ASAP.
 2019-09-02 09:54:05 -07:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
706203ce01 Merge pull request #145 from RustSec/support-toml 
support.toml: Initial file
 2019-09-01 17:16:07 -07:00
Tony Arcieri
a20aa8d0c8 support.toml: Initial file 
Adds an initial file indicating what version of the `rustsec` the
advisory database is compatible with. This is designed for use with
the corresponding feature in the `rustsec` crate:

https://github.com/RustSec/rustsec-crate/pull/76
 2019-09-01 17:04:28 -07:00
Tony Arcieri
2de10f5bce Merge pull request #144 from RustSec/RUSTSEC-2019-0017 
Assign RUSTSEC-2019-0017 to once_cell
 2019-09-01 13:34:18 -07:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
decd2c5c78 Merge pull request #142 from RustSec/RUSTSEC-2019-0016 
Assign RUSTSEC-2019-0016 to chttp
 2019-09-01 13:19:05 -07:00