OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 15:28:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
42 Commits 1 Branch 0 Tags
bfcf9e99c2bc6d09a6a9e00a62862c6a08b0586f
Commit Graph

42 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erick Tryzelaar
bfcf9e99c2 Advisory: cookie denial of service 2017-05-07 16:06:21 -07:00
Tony Arcieri
524d876a8a Assign RUSTSEC-2017-0004 to base64 
Original PR:

https://github.com/RustSec/advisory-db/pull/21
 2017-05-04 09:52:29 -07:00
Tony Arcieri
9680afb237 Merge pull request #21 from AGWA-forks/master 
Advisory: base64 heap-based buffer overflow
 2017-05-04 09:49:47 -07:00
Andrew Ayer
b9a0862f48 Advisory: base64 heap-based buffer overflow 2017-05-03 17:05:46 -07:00
Tony Arcieri
7e9846989a Merge pull request #17 from RustSec/RUSTSEC-2017-0003 
Assign RUSTSEC-2017-0003 to security-framework
 2017-03-15 22:37:09 -07:00
Tony Arcieri
e6b5f1a74f Assign RUSTSEC-2017-0003 to security-framework 
Original PR:

https://github.com/RustSec/advisory-db/pull/16
 2017-03-15 22:34:43 -07:00
Tony Arcieri
7148181bb8 Merge pull request #16 from sfackler/security-framework 
Advisory: security-framework hostname verification bypass
 2017-03-15 22:29:35 -07:00
Steven Fackler
ffb475d466 Advisory: security-framework hostname verification bypass 2017-03-15 11:47:14 -07:00
Tony Arcieri
fb69bfb65b Merge pull request #14 from RustSec/RUSTSEC-2017-0002 
Assign RUSTSEC-2017-0002 to hyper
 2017-02-28 09:08:22 -08:00
Tony Arcieri
e867ef7194 Assign RUSTSEC-2017-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/12
 2017-02-28 09:02:18 -08:00
Tony Arcieri
57d1036a95 Merge pull request #13 from RustSec/update-to-rustsec-0-5-2 
Update 'rustsec' crate to 0.5.2
 2017-02-28 09:00:09 -08:00
Tony Arcieri
38bc975264 Update 'rustsec' crate to 0.5.2 
This version includes a complete rewrite of the advisory parser
 2017-02-28 08:53:10 -08:00
Tony Arcieri
96b7e7b293 Merge pull request #12 from seanmonstar/patch-1 
add advisory for hyper message splitting vulnerability
 2017-02-28 08:50:49 -08:00
Sean McArthur
4597f51b45 add advisory for hyper message splitting vulnerability 2017-02-27 15:13:17 -08:00
Tony Arcieri
49389c7252 Merge pull request #11 from RustSec/update-rustsec-crate 
Update rustsec crate to ^0.3
 2017-02-26 00:46:09 -08:00
Tony Arcieri
62a4647850 Update rustsec crate 
The latest version handles the `crate_name` -> `package` revert
 2017-02-26 00:43:14 -08:00
Tony Arcieri
ccdccb74cb Merge pull request #10 from RustSec/revert-crate-name 
Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name"
 2017-02-26 00:27:47 -08:00
Tony Arcieri
05af1866b1 Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name" 
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"

This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
 2017-02-26 00:26:22 -08:00
Tony Arcieri
c8e8676d1a Add build status badges to README.md 2017-02-25 23:58:45 -08:00
Tony Arcieri
752d18e5df Add description and license to Cargo.toml 2017-02-25 23:56:39 -08:00
Tony Arcieri
e9232d2962 Merge pull request #9 from RustSec/test-for-well-formed-advisory-db 
Add test to ensure Advisories.toml is well-formed
 2017-02-25 23:52:50 -08:00
Tony Arcieri
ec7ca2aa88 Add test to ensure Advisories.toml is well-formed 2017-02-25 23:49:53 -08:00
Tony Arcieri
986c090c06 Merge pull request #8 from RustSec/rename-package-to-crate-name 
Rename `package` TOML attribute to `crate_name`
 2017-02-25 23:16:40 -08:00
Tony Arcieri
f4dbb0d82c Rename package TOML attribute to crate_name 
The correct name for a Rust package is a "crate", so something with "crate" is
less ambiguous than "package".

However, "crate" itself is a Rust keyword. To avoid clashes in Rust code which
uses this same attribute name, "crate_name" can be used instead unambigously.
 2017-02-25 23:13:36 -08:00
Tony Arcieri
9556f0fdee Add id to Advisories.toml 
Clearly this needs to be a less manual process, but we're just getting started
 2017-02-25 16:57:33 -08:00
Tony Arcieri
dc3301d1e4 Add date to RUSTSEC-2017-0001 2017-02-25 16:47:52 -08:00
Tony Arcieri
6f3b266664 Assign RUSTSEC-2017-0001 to sodiumoxide 
Original PR:

https://github.com/RustSec/advisory-db/pull/4
 2017-02-25 16:46:26 -08:00
Tony Arcieri
0aeb6b9bd7 Merge pull request #4 from RustSec/sodiumoxide-degenerate-public-keys 
Advisory: sodiumoxide degenerate public keys
 2017-02-25 16:43:37 -08:00
Tony Arcieri
7a62937dd5 Merge pull request #6 from RustSec/advisory-date 
Add a "date" field to advisories
 2017-02-25 16:39:21 -08:00
Tony Arcieri
2141fa43c6 Add a "date" field to advisories 
Should indicate date of disclosure of the vulnerability
 2017-02-25 16:38:30 -08:00
Tony Arcieri
1a18a429fc Advisory: sodiumoxide degenerate public keys 
Fixed in sodiumoxide 0.0.14.

See: https://github.com/dnaq/sodiumoxide/issues/154
 2017-02-25 16:28:44 -08:00
Tony Arcieri
648ea485b0 Merge pull request #5 from RustSec/advisory-table-header 
Use [advisory] as the table header for advisories
 2017-02-25 16:25:51 -08:00
Tony Arcieri
caac500122 Use [advisory] as the table header for advisories 
Was previously `[vulnerability]`, but as the contents are a security advisory
it's probably a more apt label.
 2017-02-25 16:21:38 -08:00
Tony Arcieri
bccef973f4 Merge pull request #3 from RustSec/advisory-titles 
Add titles to advisories
 2017-02-25 15:43:54 -08:00
Tony Arcieri
efdcc6e849 Add titles to advisories 
Once again taking a cue from RubySec (but also systems like CVE),
advisories should have a one-liner title
 2017-02-25 15:40:22 -08:00
Tony Arcieri
38aa9550ea Merge pull request #2 from RustSec/unaffected-and-patched-versions 
Separate "unaffected_versions" and "patched_versions"
 2017-02-25 15:38:29 -08:00
Tony Arcieri
c28b7ceb38 Separate "unaffected_versions" and "patched_versions" 
Taking a cue from RubySec, this splits the original "versions" attribute into
separate ones for versions which were never vulnerable, and ones which include
an explicit fix for a vulnerability.
 2017-02-25 15:35:43 -08:00
Tony Arcieri
520426b0f8 Text description of public domain license 2017-02-25 15:12:42 -08:00
Tony Arcieri
d927b503e6 Merge pull request #1 from RustSec/license 
Dedicate advisory database to the public domain
 2017-02-25 15:11:56 -08:00
Tony Arcieri
9b8366731a Dedicate advisory database to the public domain 2017-02-25 15:10:28 -08:00
Tony Arcieri
9bbd818e18 Add advisory format example 
This is using the TOML format described in the (presently open) initial RustSec
RFC for security advisories described here:

https://github.com/RustSec/rfcs/pull/1
 2017-02-25 15:03:26 -08:00
Tony Arcieri
6c32608b11 Initial commit 2017-02-25 14:37:59 -08:00