OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
743 Commits 1 Branch 0 Tags
c128a6bdcd175dd04411630ff4975d2c4604207e
Commit Graph

743 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lyndon Brown
c128a6bdcd Add advisory for possible use-after-free fixed in libpulse-binding v2.5.0 2020-10-22 03:15:42 +01:00
Sergey "Shnatsel" Davidoff
7d14cb7de8 Merge pull request #428 from taiki-e/rustsec-2020-0052 
Add CVE and GHSA to RUSTSEC-2020-0052
 2020-10-17 01:12:16 +02:00
Tony Arcieri
68af791cc2 Assign RUSTSEC-2020-{0053,0054} to dirs/directories (#431) 
Original PR: https://github.com/RustSec/advisory-db/pull/430/files
 2020-10-16 13:55:50 -07:00
melocene
e36c10d843 dirs and directories crates are unmaintained (#430) 2020-10-16 13:50:54 -07:00
Taiki Endo
7358a10d0d Add CVE and GHSA to RUSTSEC-2020-0052 2020-10-15 04:06:29 +09:00
Egor Larionov
b6bcce2c6b Add patch version for the unsoundness issue in dync (#427) 2020-10-13 07:41:52 -04:00
Sergey "Shnatsel" Davidoff
4da6145a2a Merge pull request #426 from RustSec/RUSTSEC-2020-0052-assign 
Assign RUSTSEC-2020-0052 to crossbeam-channel
 2020-10-11 15:16:57 +02:00
Sergey "Shnatsel" Davidoff
a2bb0aaa00 Assign RUSTSEC-2020-0052 to crossbeam-channel 2020-10-11 15:16:26 +02:00
Sergey "Shnatsel" Davidoff
75a51cb9f4 Merge pull request #425 from taiki-e/crossbeam-533 
Add advisory for UB in crossbeam-channel 0.4.3
 2020-10-11 15:00:30 +02:00
Taiki Endo
c764af890f Remove informational field 2020-10-11 21:55:54 +09:00
Taiki Endo
8b71717eb4 Add categories and informational fields 2020-10-11 17:27:18 +09:00
Taiki Endo
ba83b81ec4 Add advisory for UB in crossbeam-channel 0.4.3 2020-10-11 16:57:44 +09:00
Tony Arcieri
8c4b6b7d43 RUSTSEC-2019-0031: spin is maintained (#424) 
We added `yanked = true` to the advisory, however it doesn't seem to be
having the intended effect (the query for unmaintained crates is
probably failing to exclude the yanked advisories)

This is another workaround which makes the `unaffected` requirement
match all versions. Hopefully this means that `spin` will stop being
reported as unmaintained.
 2020-10-10 07:19:19 -07:00
Sergey "Shnatsel" Davidoff
bd86384ca5 Merge pull request #423 from zesterer/master 
Yanked spin unmaintained advisory
 2020-10-08 13:31:14 +02:00
Joshua Barretto
279da1f813 Yanked spin unmaintained advisory 2020-10-08 12:24:25 +01:00
Sergey "Shnatsel" Davidoff
7450b9f82f Merge pull request #422 from ammaraskar/patch-1 
Add patched version for atom crate.
 2020-10-06 16:30:39 +02:00
Ammar Askar
6034646f24 Add patched version for atom crate. 2020-10-06 10:28:04 -04:00
Tony Arcieri
777546f938 CI: use rustsec-admin v0.3.0-pre in assign-ids step (#421) 2020-10-02 10:56:11 -07:00
Tony Arcieri
ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
 2020-10-01 18:29:11 -07:00
Tony Arcieri
2770460f9c RUSTSEC-2020-0011: rename obsolete to yanked (#419) 
This field name has changed
 2020-10-01 13:56:35 -07:00
Tony Arcieri
7af8522208 Assign RUSTSEC-2019-0037 to pnet (#418) 
Original PR: https://github.com/RustSec/advisory-db/pull/335
 2020-10-01 08:30:38 -07:00
Vladimir
7c95e1b1a1 libpnet (#335) 
Co-authored-by: 0xd34b33f <0xd34b33f@users.noreply.github.com>
 2020-10-01 08:21:28 -07:00
github-actions[bot]
b136b74460 Assigned RUSTSEC-2020-0051 to rustsec (#416) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2020-10-01 08:21:08 -07:00
Tony Arcieri
bfa9e12685 Add rustsec crate advisory for breaking changes to advisory format (#415) 
In theory this advisory should trigger this feature of `cargo-audit`
which checks for advisories filed against the `rustsec` crate:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

After merging, I will test with an older `cargo-audit` version to see if
it has the intended effect.
 2020-10-01 08:19:41 -07:00
Sergey "Shnatsel" Davidoff
707e364a4a Merge pull request #412 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0050 to dync
 2020-09-27 21:10:40 +02:00
github-actions[bot]
a1f39cc8c9 Assigned RUSTSEC-2020-0050 to dync 2020-09-27 19:10:29 +00:00
Sergey "Shnatsel" Davidoff
b5a4582a26 Merge pull request #411 from ammaraskar/0018-dync 
Add misaligned-access soundness issue for dync crate
 2020-09-27 21:09:51 +02:00
Ammar Askar
7f5deb94c0 Add misaligned-access soundness issue for dync crate 2020-09-27 11:59:16 -07:00
Sergey "Shnatsel" Davidoff
cdbb09428a Merge pull request #410 from RustSec/assign-ids 
Assigned RUSTSEC-2018-0019 to actix-web
 2020-09-26 22:38:22 +02:00
github-actions[bot]
fe2503798e Assigned RUSTSEC-2018-0019 to actix-web 2020-09-26 20:38:10 +00:00
Sergey "Shnatsel" Davidoff
c6d6a43c6d Merge pull request #409 from RustSec/old-actix 
Add advisory for very old, unsound actix-web
 2020-09-26 22:37:35 +02:00
Sergey "Shnatsel" Davidoff
2522178d5b Add advisory for very old, unsound Actix 2020-09-26 22:12:12 +02:00
Sergey "Shnatsel" Davidoff
2c3b462fbb Merge pull request #408 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0049 to actix-codec
 2020-09-26 21:52:05 +02:00
github-actions[bot]
cc3f69c160 Assigned RUSTSEC-2020-0049 to actix-codec 2020-09-26 19:51:53 +00:00
Sergey "Shnatsel" Davidoff
0ef27ed422 Merge pull request #407 from RustSec/actix-codec-pin 
Advisory for unsound pinning in actix-codec
 2020-09-26 21:51:21 +02:00
Sergey "Shnatsel" Davidoff
f4faaa9cc3 drop comment 2020-09-26 21:49:09 +02:00
Sergey "Shnatsel" Davidoff
74e8568389 Advisory for unsound pinning in actix-codec 2020-09-26 21:47:56 +02:00
Sergey "Shnatsel" Davidoff
17d2fd9b41 fix date for real this time 2020-09-26 21:32:13 +02:00
Sergey "Shnatsel" Davidoff
4b4a41e7c5 Merge pull request #406 from RustSec/RUSTSEC-2020-0048 
Assign RUSTSEC-2020-0048 to actix-http
 2020-09-26 21:31:24 +02:00
Sergey "Shnatsel" Davidoff
25c3aaaf6c Assign RUSTSEC-2020-0048 to actix-http 2020-09-26 21:31:13 +02:00
Sergey "Shnatsel" Davidoff
14f4dbb09a fix date more 2020-09-26 21:29:49 +02:00
Sergey "Shnatsel" Davidoff
8974b0f390 Merge pull request #402 from RustSec/actix-http-pin 
Advisory for unsound pinning in actix-http
 2020-09-26 21:22:39 +02:00
Sergey "Shnatsel" Davidoff
09a306dbc2 fix date 2020-09-26 21:17:03 +02:00
Sergey "Shnatsel" Davidoff
dfed968bcc Merge pull request #403 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0047 to array-queue
 2020-09-26 19:59:59 +02:00
github-actions[bot]
b091551faf Assigned RUSTSEC-2020-0047 to array-queue 2020-09-26 17:46:05 +00:00
Sergey "Shnatsel" Davidoff
9b360973e2 Merge pull request #396 from ammaraskar/0017-array-queue 
Add advisory for out-of-bounds read in array-queue.
 2020-09-26 19:45:28 +02:00
Sergey "Shnatsel" Davidoff
6f59b11780 Advisory for unsound pinning in actix-http 2020-09-26 19:35:10 +02:00
Sergey "Shnatsel" Davidoff
ad014c6034 Merge pull request #401 from RustSec/assign-ids 
Assigned RUSTSEC-2020-0046 to actix-service
 2020-09-26 19:07:26 +02:00
github-actions[bot]
9fe2230dcc Assigned RUSTSEC-2020-0046 to actix-service 2020-09-26 17:07:03 +00:00
Sergey "Shnatsel" Davidoff
db20f9b701 Merge pull request #399 from RustSec/actix-service-cell 
Add advisory for unsound Cell in actix-service
 2020-09-26 19:06:04 +02:00