OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 08:40:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
177 Commits 1 Branch 0 Tags
b34dcfbeafcf67d5e02820b2a8dcec871ccb21f2
Commit Graph

63 Commits

Author SHA1 Message Date
nabijaczleweli
b34dcfbeaf Optimisation in the wake of lack of docuemntation 2019-03-02 21:08:30 +01:00
nabijaczleweli
0eb9b4e364 Split affected_paths 2019-03-02 20:39:10 +01:00
nabijaczleweli
103630159d Replace affected_functions with affected_paths 2019-03-02 18:49:14 +01:00
nabijaczleweli
3a073396ba Add safe_transmute vec2vec transmutation bug 
Ref: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
 2019-03-02 17:32:29 +01:00
Tony Arcieri
5ffa5a8861 Assign RUSTSEC-2018-0012 to orion 
Original PR: https://github.com/RustSec/advisory-db/pull/87
 2019-02-13 16:31:27 -08:00
brycx
0ce0b2bb0f Add orion advisory 2019-02-12 09:14:33 +01:00
Tony Arcieri
782efebde9 Revert "Add affected functions to legacy security warnings (#83)" 
This reverts commit 0a981e2b6f.

These now need to use the new `affected_paths` attribute, which has a
different (VersionReq-bucketed) format.
 2019-01-13 17:31:25 -08:00
Moritz Beller
0a981e2b6f Add affected functions to legacy security warnings (#83) 
Add affected functions to advisories

Add `affected_functions` to:

- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
 2018-12-21 06:11:32 -08:00
Tony Arcieri
ff0b4e0703 Assign RUSTSEC-2018-0011 to arrayfire 
Original PR: https://github.com/RustSec/advisory-db/pull/80
 2018-12-18 18:14:37 -08:00
pradeep
e010bc1307 Add memory-corruption keyword to arrayfire rustsec 2018-12-18 23:30:09 +05:30
pradeep
9dd2785e95 Enum repr memory corruption in arrayfire crate 2018-12-18 23:25:30 +05:30
Tony Arcieri
ac8b248cfd Assign RUSTSEC-2018-0010 to openssl 
Original PR: https://github.com/RustSec/advisory-db/pull/77
 2018-12-16 10:08:17 -08:00
Alex Gaynor
dc704601c0 Request RUSTSEC for resolved UAF in OpenSSL 2018-12-10 19:48:20 -05:00
Tony Arcieri
33da41e6aa Assign RUSTSEC-2018-0009 to crossbeam 
Original PR: https://github.com/RustSec/advisory-db/pull/75
 2018-12-09 09:42:17 -08:00
Stjepan Glavina
e769e16a6c Add memory-corruption 2018-12-09 16:57:04 +00:00
Stjepan Glavina
968e1279f6 Remove comments 2018-12-09 16:46:28 +00:00
Stjepan Glavina
e717bd76c2 Mark < 0.4.0 as unaffected 2018-12-09 14:24:34 +00:00
Stjepan Glavina
fd45ce4eb5 A bug in crossbeam v0.4.0 2018-12-09 14:07:06 +00:00
Tony Arcieri
875d4d5fdd Assign RUSTSEC-2018-0008 to slice-deque 
Original PR: https://github.com/RustSec/advisory-db/pull/70
 2018-12-06 09:18:37 -08:00
gnzlbg
4effd1975e Add keywords 2018-12-06 17:58:48 +01:00
gnzlbg
895fe023df Add advisory for slice-deque 2018-12-06 17:53:12 +01:00
Tony Arcieri
487ffe4728 Fix "date:" field on RUSTSEC-2018-0007 
It appears it was mistakenly filed as being in 2017
 2018-10-14 09:53:19 -07:00
Tony Arcieri
aa901622d6 Assign RUSTSEC-2018-0007 to trust-dns-proto 
Original PR: https://github.com/RustSec/advisory-db/pull/62
 2018-10-13 18:31:34 -07:00
Tony Arcieri
b825af523e Merge branch 'master' into trust-dns-proto-0-4-3 2018-10-13 18:14:24 -07:00
Tony Arcieri
89aab75c1b Assign RUSTSEC-2018-0006 to yaml-rust 
Original PR: https://github.com/RustSec/advisory-db/pull/60
 2018-10-13 18:09:39 -07:00
Tony Arcieri
2c3880df0d Merge branch 'master' into yaml-rust-advisory 2018-10-13 17:32:09 -07:00
Tony Arcieri
ee579432c6 Assign RUSTSEC-2018-0005 to serde_yaml 
Original PR: https://github.com/RustSec/advisory-db/pull/61
 2018-10-13 16:24:33 -07:00
Ossi Herrala
d6b9d03e45 Stack overflow in Trust-DNS when parsing DNS packet 2018-10-11 15:55:18 +03:00
Konrad Borowski
f22c3798f6 Add advisory for serde_yaml 2018-09-17 08:59:36 +02:00
Konrad Borowski
dce22c22b2 Add advisory for yaml-rust 2018-09-17 08:48:40 +02:00
Tony Arcieri
575dc9a705 Assign RUSTSEC-2018-0004 to claxon 
Original PR:

https://github.com/RustSec/advisory-db/pull/54
 2018-08-25 07:11:55 -07:00
Ruud van Asseldonk
a79e12f482 Add advisory for Claxon 0.3.2 and 0.4.1 2018-08-25 12:36:22 +02:00
Tony Arcieri
1296249cfb RUSTSEC-2016-0002.toml: use 'affected_os' attribute 
Replaces the 'affected_platforms' attribute in rustsec v0.9.
 2018-07-26 21:02:15 -07:00
Tony Arcieri
2d9a2632a7 Keywords 
Documents the new `keywords` attribute and adds keywords to all current
advisories. These can be consumed by the web UI.
 2018-07-24 16:02:35 -07:00
Tony Arcieri
2632340526 Affected Platforms 
Documents the use of the `affected_platforms` attribute in advisories,
and adds it to a relevant advisory.
 2018-07-24 15:53:43 -07:00
Tony Arcieri
07219b8d17 Assign RUSTSEC-2016-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/18
 2018-07-24 12:33:49 -07:00
Tony Arcieri
8678a77455 Advisory: hyper HTTPS MitM due to lack of hostname verification 2018-07-24 12:03:59 -07:00
Tony Arcieri
09e3a9eb76 Assign RUSTSEC-2016-0001 to openssl 
Original PR:

https://github.com/RustSec/advisory-db/pull/19
 2018-07-24 10:48:20 -07:00
Tony Arcieri
72a4178ca1 Advisory: openssl <0.9.0 may be vulnerable to MitM due to weak defaults 2018-07-24 10:47:29 -07:00
Tony Arcieri
cb81d3ceaa Rename "dwf" TOML tag to "aliases" (closes #36) 
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
 2018-07-21 19:47:30 -07:00
Tony Arcieri
79fd13ac6f crates: Add 'id' attribute to all advisories 
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
 2018-07-21 15:22:39 -07:00
Matt Brubeck
194883b71e More patched versions released for smallvec 2018-07-20 10:31:28 -07:00
Tony Arcieri
0a1d62c88d Advisories.toml: Fix RUSTSEC-2018-0002 
`RUSTSEC-2018-0002` was previously assigned to `tar`, but never added to
`Advisories.toml`.

The merge workflow for this could definitely use some
improvements/automation.
 2018-07-19 19:26:08 -07:00
Tony Arcieri
7855ffa911 Assign RUSTSEC-2018-0003 to smallvec 
Original PR:

https://github.com/RustSec/advisory-db/pull/30
 2018-07-19 19:20:54 -07:00
Matt Brubeck
fd11c62bc5 Advisory: Possible double free in SmallVec::insert_many 
For details, see:

* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
 2018-07-19 15:00:38 -07:00
Alex Crichton
1e553ef856 Aribtrary filesystem writes in tar 0.4.15 and older 
More details inside!
 2018-06-29 13:19:26 -07:00
Tony Arcieri
3c0458d26b Assign RUSTSEC-2018-0001 to untrusted 
Original PR:

https://github.com/RustSec/advisory-db/pull/24
 2018-06-26 00:13:01 +01:00
Ossi Herrala
f5c8d09051 An integer underflow in untrusted 0.6.1 and older 2018-06-25 21:56:39 +03:00
Corey Farwell
18d848d456 RUSTSEC-2017-0004 is also known as CVE-2017-1000430 2017-12-29 13:49:40 -08:00
Tony Arcieri
ce29282ad4 RUSTSEC-2017-0001 is also known as CVE-2017-1000168 2017-08-24 08:45:54 -07:00