OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
179 Commits 1 Branch 0 Tags
bf5fbb02da8232e2a13e5af46b4ec8834d0989d5
Commit Graph

179 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
bf5fbb02da Assign RUSTSEC-2018-0013 to safe-transmute 
Original PR: https://github.com/RustSec/advisory-db/pull/89
 2019-03-03 08:15:26 -08:00
Tony Arcieri
6c769769c8 Merge pull request #89 from nabijaczleweli/master 
safe-transmute's vec-to-vec transmutations could lead to heap overflow/corruption
 2019-03-03 07:14:53 -08:00
nabijaczleweli
b34dcfbeaf Optimisation in the wake of lack of docuemntation 2019-03-02 21:08:30 +01:00
nabijaczleweli
0eb9b4e364 Split affected_paths 2019-03-02 20:39:10 +01:00
nabijaczleweli
103630159d Replace affected_functions with affected_paths 2019-03-02 18:49:14 +01:00
nabijaczleweli
3a073396ba Add safe_transmute vec2vec transmutation bug 
Ref: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
 2019-03-02 17:32:29 +01:00
Tony Arcieri
bf2763b2dd Merge pull request #88 from RustSec/RUSTSEC-2018-0012 
Assign RUSTSEC-2018-0012 to orion
 2019-02-14 07:26:41 -08:00
Tony Arcieri
5ffa5a8861 Assign RUSTSEC-2018-0012 to orion 
Original PR: https://github.com/RustSec/advisory-db/pull/87
 2019-02-13 16:31:27 -08:00
Tony Arcieri
98d6dd83dd Merge pull request #87 from brycx/orion 
Add orion logicbug
 2019-02-13 16:29:06 -08:00
brycx
0ce0b2bb0f Add orion advisory 2019-02-12 09:14:33 +01:00
Tony Arcieri
7005341641 Merge pull request #86 from RustSec/rustsec/v0.11.0 
Update to 'rustsec' crate v0.11
 2019-01-13 18:00:45 -08:00
Tony Arcieri
cb4f7d11af lint: Check that affected_paths start with crate name 
Uses the crate name as fetched from the crates.io API to ensure all
`affected_paths` begin with the crate name (i.e. are canonical)
 2019-01-13 17:53:43 -08:00
Tony Arcieri
927a5e314b Update to 'rustsec' crate v0.11 2019-01-13 17:49:20 -08:00
Tony Arcieri
782efebde9 Revert "Add affected functions to legacy security warnings (#83)" 
This reverts commit 0a981e2b6f.

These now need to use the new `affected_paths` attribute, which has a
different (VersionReq-bucketed) format.
 2019-01-13 17:31:25 -08:00
Tony Arcieri
59ea63710e README.md: Bump maintained date 2019-01-13 17:31:01 -08:00
Tony Arcieri
ced185dcc3 Merge pull request #84 from RustSec/resign-merge-commit 
README.md: Bump maintained date
 2018-12-21 06:34:03 -08:00
Tony Arcieri
7caafae73b README.md: Bump maintained date 
This is largely to work around the following:

```
$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
error: couldn't fetch advisory database: git operation failed: no signature on commit 0a981e2b6f: Add affected functions to legacy security warnings (#83) (Moritz Beller <Inventitech@users.noreply.github.com>)
```

I tried to Squash-and-Merge on #83. GitHub does not sign the resulting
commit. Oops.

So this commit is just to make HEAD a GitHub-signed merge commit.
 2018-12-21 06:15:44 -08:00
Moritz Beller
0a981e2b6f Add affected functions to legacy security warnings (#83) 
Add affected functions to advisories

Add `affected_functions` to:

- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
 2018-12-21 06:11:32 -08:00
Tony Arcieri
4be9cb6f15 Merge pull request #82 from praezi/master 
Add new affected functions attribute to template
 2018-12-20 18:56:55 -08:00
Moritz Beller
5602386b18 Add new affected functions attribute to template 
Refs #68
 2018-12-20 22:10:29 +01:00
Tony Arcieri
21e7a88d37 Merge pull request #81 from RustSec/RUSTSEC-2018-0011 
Assign RUSTSEC-2018-0011 to arrayfire
 2018-12-18 18:24:40 -08:00
Tony Arcieri
ff0b4e0703 Assign RUSTSEC-2018-0011 to arrayfire 
Original PR: https://github.com/RustSec/advisory-db/pull/80
 2018-12-18 18:14:37 -08:00
Tony Arcieri
18cae15271 Merge pull request #80 from 9prady9/arrayfire 
Enum repr memory corruption in arrayfire crate
 2018-12-18 17:42:51 -08:00
pradeep
e010bc1307 Add memory-corruption keyword to arrayfire rustsec 2018-12-18 23:30:09 +05:30
pradeep
9dd2785e95 Enum repr memory corruption in arrayfire crate 2018-12-18 23:25:30 +05:30
Tony Arcieri
c5ffec7b90 Merge pull request #79 from RustSec/RUSTSEC-2018-0010 
Assign RUSTSEC-2018-0010 to openssl
 2018-12-16 10:20:38 -08:00
Tony Arcieri
ac8b248cfd Assign RUSTSEC-2018-0010 to openssl 
Original PR: https://github.com/RustSec/advisory-db/pull/77
 2018-12-16 10:08:17 -08:00
Tony Arcieri
393eea4f49 Merge pull request #77 from alex/patch-1 
Request RUSTSEC for resolved UAF in OpenSSL
 2018-12-16 09:45:04 -08:00
Tony Arcieri
e4a4f8882e Merge branch 'master' into patch-1 2018-12-15 14:58:21 -08:00
Tony Arcieri
dd250ac015 Merge pull request #78 from RustSec/rustsec/v0.10 
Update to 'rustsec' crate v0.10
 2018-12-14 19:53:19 -08:00
Tony Arcieri
a272bc719d Update to 'rustsec' crate v0.10 2018-12-14 19:46:51 -08:00
Alex Gaynor
dc704601c0 Request RUSTSEC for resolved UAF in OpenSSL 2018-12-10 19:48:20 -05:00
Tony Arcieri
d364848782 Merge pull request #76 from RustSec/RUSTSEC-2018-0009 
Assign RUSTSEC-2018-0009 to crossbeam
 2018-12-09 10:01:07 -08:00
Tony Arcieri
33da41e6aa Assign RUSTSEC-2018-0009 to crossbeam 
Original PR: https://github.com/RustSec/advisory-db/pull/75
 2018-12-09 09:42:17 -08:00
Tony Arcieri
c0fdc45715 Merge pull request #75 from stjepang/crossbeam-0.4.0 
A bug in crossbeam v0.4.0
 2018-12-09 09:20:04 -08:00
Stjepan Glavina
e769e16a6c Add memory-corruption 2018-12-09 16:57:04 +00:00
Stjepan Glavina
968e1279f6 Remove comments 2018-12-09 16:46:28 +00:00
Stjepan Glavina
e717bd76c2 Mark < 0.4.0 as unaffected 2018-12-09 14:24:34 +00:00
Stjepan Glavina
fd45ce4eb5 A bug in crossbeam v0.4.0 2018-12-09 14:07:06 +00:00
Tony Arcieri
529358ad6e Merge pull request #73 from alex/verify-package-name 
Verify package names are correct in CI
 2018-12-06 13:06:09 -08:00
Alex Gaynor
bc8567a1ed Switch to using crates_io_api crate 2018-12-06 15:43:02 -05:00
Alex Gaynor
de407733b8 Verify package names are correct in CI 
Fixes #72
 2018-12-06 15:14:51 -05:00
Tony Arcieri
1a3b811d08 Merge pull request #71 from RustSec/RUSTSEC-2018-0008 
Assign RUSTSEC-2018-0008 to slice-deque
 2018-12-06 09:25:44 -08:00
Tony Arcieri
875d4d5fdd Assign RUSTSEC-2018-0008 to slice-deque 
Original PR: https://github.com/RustSec/advisory-db/pull/70
 2018-12-06 09:18:37 -08:00
Tony Arcieri
34b07f258c Merge pull request #70 from gnzlbg/sd 
Add advisory for slice-deque
 2018-12-06 09:03:44 -08:00
gnzlbg
4effd1975e Add keywords 2018-12-06 17:58:48 +01:00
gnzlbg
895fe023df Add advisory for slice-deque 2018-12-06 17:53:12 +01:00
Tony Arcieri
d8f38b8187 Merge pull request #66 from RustSec/fix-rustsec-2018-0007-date 
Fix "date" field on RUSTSEC-2018-0007
 2018-10-14 10:10:13 -07:00
Tony Arcieri
487ffe4728 Fix "date:" field on RUSTSEC-2018-0007 
It appears it was mistakenly filed as being in 2017
 2018-10-14 09:53:19 -07:00
Tony Arcieri
26c6f1f128 Merge pull request #65 from RustSec/RUSTSEC-2018-0007 
Assign RUSTSEC-2018-0007 to trust-dns-proto
 2018-10-13 18:36:50 -07:00