OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 17:20:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
391 Commits 1 Branch 0 Tags
ab01fe3e286c101b3941a60cfdffe601dfa75fcd
Commit Graph

169 Commits

Author SHA1 Message Date
Tony Arcieri
ab01fe3e28 Assign RUSTSEC-2019-0029 to chacha20 2019-10-23 10:56:18 -07:00
Tony Arcieri
0f1e1885db chacha20: Add counter overflow advisory 
Upstream issue: https://github.com/RustCrypto/stream-ciphers/pull/64
 2019-10-23 10:37:38 -07:00
Tony Arcieri
d520ed489c Assign RUSTSEC-2019-0028 to flatbuffers 2019-10-23 09:11:16 -07:00
Simonas Kazlauskas
2a867650cb Add a flatbuffers unsound code advisory 2019-10-20 20:30:18 +03:00
Roman Proskuryakov
73c772d878 Update RUSTSEC-2019-0026.toml 2019-10-20 02:04:21 +03:00
Tony Arcieri
783394f059 Assign RUSTSEC-2019-0027 to libsecp256k1 
Original PR: https://github.com/RustSec/advisory-db/pull/194
 2019-10-14 08:47:43 -07:00
Martin Pugh
0af6c80758 Add libsecp256k1 advisory 2019-10-14 15:08:46 +01:00
Tony Arcieri
38a7158626 Assign RUSTSEC-2019-0026 to sodiumoxide 
Original PR: https://github.com/RustSec/advisory-db/pull/192
 2019-10-11 11:43:47 -07:00
Roman Proskuryakov
fd955ac4a2 PartialEq implementation for sodiumoxide::crypto::generichash::Digest has compared itself to itself 2019-10-11 20:38:01 +03:00
Tony Arcieri
cad07fbc25 RUSTSEC-2017-0006: rmpv: add patched versions 
Patched as of v0.4.2:

https://github.com/RustSec/advisory-db/pull/171#issuecomment-540169499
 2019-10-11 09:07:24 -07:00
Tony Arcieri
621d40e195 Assign RUSTSEC-2019-0025 to serde_cbor 
Original PR: https://github.com/RustSec/advisory-db/pull/171/files
 2019-10-11 08:40:48 -07:00
pyfisch
3afc9e6afc Flaw in CBOR deserializer allows stack overflow 2019-10-10 11:43:01 +02:00
Tony Arcieri
14f7fd3faa RUSTSEC-2019-0024: Test advisory for rustsec-example-crate 
This is a test advisory useful for verifying RustSec tooling and
vulnerability detection pipelines are working correctly. Aside from
the fact that it is filed against an example crate, it is otherwise
considered by the Advisory Database itself to be a normal security
advisory.

It's filed against `rustsec-example-crate`, an otherwise completely
empty crate with no functionality or code, which has two releases:

- v0.0.1: *vulnerable* according to this advisory
- v1.0.0: *patched* by this advisory

(Technically there is a third release, v0.0.0, which is yanked, but
otherwise identical to the v0.0.1 release)
 2019-10-08 18:11:30 -07:00
Tony Arcieri
f7581dc887 Assign RUSTSEC-2016-0006 (informational) to cassandra 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/183
 2019-10-08 11:13:07 -07:00
Tony Arcieri
c48b077ec0 Add unmaintained crate informational advisory: cassandra 
No releases since 2016 and no responses from the author about its
maintenance status:

https://github.com/tupshin/cassandra-rs/issues/52

Recommending `cassandra-cpp`, a maintained fork, as a successor:

https://github.com/Metaswitch/cassandra-rs
 2019-10-08 11:12:02 -07:00
Tony Arcieri
3bcb5ab774 Assign RUSTSEC-2016-0005 (informational) to rust-crypto 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/181
 2019-10-08 10:48:35 -07:00
Tony Arcieri
24df24afec Add unmaintained crate informational advisory: rust-crypto 
No releases since May 2016, no commits since September 2016, with
62 open issues and 37 open PRs.

Author is unresponsive:

https://github.com/DaGenix/rust-crypto/issues/440

Advisory includes a large list of maintained "successor" crates:
`rust-crypto` was a kitchen sink of functionality, so the advisory
contains a list of potential successor crates each with an
algorithm-by-algorithm breakdown of what they support.
 2019-10-08 10:45:01 -07:00
Tony Arcieri
1092f100f6 Assign RUSTSEC-2018-0015 (informational) to term 
Marking as looking for a new maintainer per:

https://github.com/RustSec/advisory-db/pull/182
 2019-10-08 10:28:47 -07:00
Tony Arcieri
422e3d6514 Add unmaintained crate informational advisory: term 
The author of `term`, @Stebalien, has opened the following GitHub issue
looking for a new maintainer:

https://github.com/Stebalien/term/issues/93

Ideally we can help find one by increasing visibility on this issue.
Otherwise this advisory includes a list of possible alternatives.
 2019-10-08 10:22:23 -07:00
Tony Arcieri
5b35b71cf7 Add patched_versions to informational advisories 
Its absence breaks older versions of cargo-audit:

    $ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
    error: error loading advisory database: couldn't parse data: missing field `patched_versions` for key `advisory`
    Exited with code 1
 2019-10-08 07:34:43 -07:00
Tony Arcieri
a5392f2d08 Assign RUSTSEC-2018-0014 (informational) to chan 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/179
 2019-10-07 22:04:07 -07:00
Tony Arcieri
4d66c1daa0 Add unmaintained crate informational advisory: chan 
Officially deprecated by its author @BurntSushi:

0a5c0d4ad4
 2019-10-07 22:02:21 -07:00
Tony Arcieri
590d83fbb6 Assign RUSTSEC-2016-0004 (informational) to libusb 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/180
 2019-10-07 21:23:07 -07:00
Tony Arcieri
b47fff1658 Add unmaintained crate informational advisory: libusb 
No releases since 2016 and no responses from the author about its
maintenance status; with several open PRs and issues:

https://github.com/dcuddeback/libusb-rs/issues/33

Recommending `rusb`, a maintained fork, as a successor:

https://github.com/a1ien/rusb
 2019-10-07 21:22:45 -07:00
Vinzent Steinberg
2dda7f38b8 Use backticks for escaped characters 2019-10-07 17:05:39 +02:00
Vinzent Steinberg
5233609919 Fix escapes in hyper advisory 
Fixes #159.
 2019-10-07 15:30:55 +02:00
Tony Arcieri
ca7b554f5b Assign RUSTSEC-2017-0006 to rmpv 
Original PR: https://github.com/RustSec/advisory-db/pull/171
 2019-10-01 08:11:47 -07:00
Danilo Bargen
57a8cb1eae Add advisory for DoS vulnerability in rmpv 2019-10-01 10:15:06 +02:00
Tony Arcieri
41487158f9 RUSTSEC-2019-0022: Fix date 
Filed as 2017 instead of 2019
 2019-09-18 11:49:43 -06:00
Tony Arcieri
869f318f78 Assign RUSTSEC-2019-0023 to string-interner 
Original PR: https://github.com/RustSec/advisory-db/pull/138
 2019-09-18 11:30:26 -06:00
Tony Arcieri
52ceea1bb8 Assign RUSTSEC-2019-0022 to portaudio-rs 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 11:04:14 -06:00
Tony Arcieri
e9e31b78b2 Assign RUSTSEC-2019-0021 to linea 
Original PR: https://github.com/RustSec/advisory-db/pull/160
 2019-09-18 10:55:28 -06:00
YOSHIOKA Takuma
dd2ca60acb Add advisory for string-interner 2019-09-18 15:21:34 +09:00
phosphorus
473e6a8f5a Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:38 +08:00
phosphorus
c081847f6d Update RUSTSEC-0000-0000.toml 2019-09-16 00:27:24 +08:00
phosphorus
13ea84ced3 add double free within linea 2019-09-16 00:22:41 +08:00
phosphorus
67b08c24a4 added UAF within portaudio-rs 2019-09-16 00:12:52 +08:00
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
df689834c7 Assign RUSTSEC-2019-0020 to generator 
Original PR: https://github.com/RustSec/advisory-db/pull/150
 2019-09-07 08:08:16 -07:00
Xudong Huang
3461fe2601 Add advisory for generator (#150) 2019-09-07 07:42:52 -07:00
Tony Arcieri
66fe537fdc Assign RUSTSEC-2019-0019 to blake2 
Original PR: https://github.com/RustSec/advisory-db/pull/151
 2019-09-06 13:45:25 -07:00
Tony Arcieri
6d0db7286e Add advisory for broken blake2 impls 
BLAKE2b and BLAKE2s were implemented using the wrong block size. All
versions of the `blake2` crate prior to v0.8.1 compute incorrect
digests.

See: https://github.com/RustCrypto/MACs/issues/19
 2019-09-06 10:46:06 -07:00
Tony Arcieri
c80288298b Assign RUSTSEC-2019-0018 to renderdoc 
Original PR: https://github.com/RustSec/advisory-db/pull/147
 2019-09-02 19:40:31 -07:00
Eyal Kalderon
a17b8a3693 Remove unnecessary affected_os key 2019-09-03 10:30:29 +08:00
Eyal Kalderon
64a69616a4 Add advisory for renderdoc < 0.5.0 2019-09-02 14:05:48 +08:00
Tony Arcieri
8ecff7460f Assign RUSTSEC-2019-0017 to once_cell 
Original PR: https://github.com/RustSec/advisory-db/pull/143
 2019-09-01 13:29:40 -07:00
Aleksey Kladov
84eb2025f9 add advisory for once_cell (#143) 2019-09-01 13:27:30 -07:00
Tony Arcieri
5b742bbc54 Assign RUSTSEC-2019-0016 to chttp 
Original PR: https://github.com/RustSec/advisory-db/pull/139
 2019-09-01 13:06:15 -07:00
Tony Arcieri
8ed9e62129 Merge branch 'master' into sagebind-patch-1 2019-09-01 12:56:31 -07:00
Tony Arcieri
603012cd96 Assign RUSTSEC-2019-0015 to compact_arena 
Original PR: https://github.com/RustSec/advisory-db/pull/137
 2019-09-01 12:46:55 -07:00