advisory-db

mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 09:10:25 +01:00

Author	SHA1	Message	Date
Youngsuk Kim	c487b0ceea	flumedb: Reading on uninitialized buffer may cause UB ( `read_entry()` ) (#661 ) * Report 0100-flumedb to RustSec * informational = "unsound"	2021-08-21 19:23:49 -06:00
github-actions[bot]	383c6359f5	Assigned RUSTSEC-2021-0085 to binjs_io (#989 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-21 19:23:35 -06:00
Youngsuk Kim	9e4db05abc	binjs_io: 'Read' on uninitialized memory may cause UB (#660 ) * Report 0088-binjs_io to RustSec * informational = "unsound"	2021-08-21 19:20:15 -06:00
github-actions[bot]	9039912764	Assigned RUSTSEC-2021-0084 to bronzedb-protocol (#988 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-21 19:20:01 -06:00
Youngsuk Kim	10843f8372	bronzedb-protocol: `Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`) (#659 ) * Report 0087-bronzedb-protocol to RustSec * informational = "unsound"	2021-08-21 19:18:33 -06:00
Alexis Mousset	e9382c8680	Fix typos in advisories (#976 )	2021-08-21 19:18:11 -06:00
github-actions[bot]	7765af95c4	Assigned RUSTSEC-2021-0083 to derive-com-impl (#987 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-21 19:17:47 -06:00
apennamen	ef71611e6a	Add advisory for potential memory corruption in derive-com-impl (#649 )	2021-08-21 19:16:19 -06:00
github-actions[bot]	9c5df457e5	Assigned RUSTSEC-2020-0153 to bite (#986 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-21 19:15:34 -06:00
Youngsuk Kim	b4b68c19bc	bite: Read on uninitialized memory (#593 ) * bite: Read on uninitialized memory * informational = "unsound"	2021-08-21 19:08:46 -06:00
github-actions[bot]	68d6f5afa9	Assigned RUSTSEC-2021-0082 to vec-const (#985 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-21 19:08:23 -06:00
Ben Kimock	01c59cafdb	Report vec-const as unsound (#981 ) Co-authored-by: Tony Arcieri <bascule@gmail.com>	2021-08-21 19:07:03 -06:00
diwic	f20b53ca89	Patched release of reffers (#984 ) I'm not sure anyone uses this old crate but if they do, at least now they have a fixed version.	2021-08-21 12:38:49 +03:00
Sergey "Shnatsel" Davidoff	e0fda3fe9b	add CVE alias to RUSTSEC-2021-0081(actix-http) (#983 )	2021-08-17 22:07:01 +03:00
kpcyrd	67da87fc89	Update RUSTSEC-2021-0080 [affected] version (#980 )	2021-08-11 00:54:42 +03:00
Remi Rampin	01bad82da9	Add fix for RUSTSEC-2021-0080 (#979 )	2021-08-10 19:52:04 +03:00
github-actions[bot]	e692597283	Assigned RUSTSEC-2021-0081 to actix-http (#978 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-08-10 12:12:52 +03:00
Rob Ede	7a42cb7e08	add advisory for actix-http HRS (#977 ) * add actix-http HRS * Update RUSTSEC-0000-0000.md * Update RUSTSEC-0000-0000.md * Adjust version ranges to make a hypothetical 4.0.0 patched * drop nonexistent category Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>	2021-08-10 12:11:38 +03:00
ZSchoen	541c537a23	added specific affected functions to CVE-2021-29922 (#975 ) Co-authored-by: Tony Arcieri <bascule@gmail.com>	2021-08-09 05:15:56 -07:00
github-actions[bot]	ce76490feb	Assigned RUSTSEC-2021-0080 to tar (#974 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-08 13:16:32 -07:00
kpcyrd	158cd653ca	Add directory traversal for tar (#965 ) Co-authored-by: Tony Arcieri <bascule@gmail.com>	2021-08-08 12:53:24 -07:00
github-actions[bot]	82ce1aa716	Assigned RUSTSEC-2021-0079 to hyper (#973 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-08 12:41:08 -07:00
BlackHoleFox	3a5de9c7b5	Add advisory for hyper Transfer-Encoding header parsing (#968 )	2021-08-08 12:39:37 -07:00
github-actions[bot]	255194ae7a	Assigned RUSTSEC-2021-0078 to hyper (#972 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-08-08 12:39:12 -07:00
BlackHoleFox	0148dead3a	Add advisory for hyper Content-Length header parsing (#967 )	2021-08-08 12:36:02 -07:00
ZSchoen	a81783c627	added CVE-2021-29922 (#971 )	2021-08-08 12:35:13 -07:00
github-actions[bot]	1db7602857	Assigned RUSTSEC-2021-0077 to better-macro (#969 ) Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>	2021-07-26 13:46:07 -07:00
Jeremy Fitzhardinge	8af7718d8f	better-macro has deliberate RCE in proc-macro (#966 ) It's "Proving A Point" in https://github.com/raycar5/better-macro/blob/master/doc/hi.md but there's no guarantee that this will remain benign (or is actually benign right now). The crate also has no useful functionality.	2021-07-26 13:39:47 -07:00
github-actions[bot]	e20838a4ff	Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-07-13 15:47:59 +03:00
Martin Pugh	e95d360049	Add advisory for libsecp256k1 (#963 ) * add advisory * fix formatting	2021-07-13 15:46:23 +03:00
github-actions[bot]	4792a373b1	Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-07-09 06:07:19 +02:00
Pratyush Mishra	674daf6fae	`ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961 ) * `ark_r1cs_std::mul_by_inverse` was unsound in versions below `0.3.1` * Fix category * Add link to PR	2021-07-09 06:06:05 +02:00
Sergey "Shnatsel" Davidoff	730c1e815a	Revert "Hotfix #957 until we figure out what to do with it (#958 )" (#960 ) This reverts commit `a9c31a6e25`.	2021-07-08 21:09:27 +02:00
github-actions[bot]	2d60adf54f	Assigned RUSTSEC-2021-0074 to ammonia (#959 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-07-08 20:48:05 +02:00
Michael Howell	3533e434a6	Add rust-ammonia/ammonia#142 (#956 ) * Add rust-ammonia/ammonia#142 * Update RUSTSEC-0000-0000.md * Update RUSTSEC-0000-0000.md	2021-07-08 20:46:50 +02:00
Sergey "Shnatsel" Davidoff	a9c31a6e25	Hotfix #957 until we figure out what to do with it (#958 )	2021-07-08 20:34:15 +02:00
github-actions[bot]	7629432184	Assigned RUSTSEC-2021-0073 to prost-types (#955 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-07-08 19:27:50 +02:00
Lucio Franco	1889bffd67	prost-types: Timestamp conversion overflow (#954 )	2021-07-08 19:25:47 +02:00
Sergey "Shnatsel" Davidoff	cbeaf18e2b	Made RUSTSEC-2021-0072 not affect tokio 2.0 and later	2021-07-08 01:26:08 +02:00
github-actions[bot]	01ac699fd5	Assigned RUSTSEC-2021-0072 to tokio (#952 ) Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>	2021-07-08 01:09:42 +02:00
Alice Ryhl	6f2157cba4	Add advisory for race condition in Tokio (#951 ) * Add RUSTSEC for tokio#3929 * Update version range * Wrap with code fences * Add advisory information * Add unaffected * Don't use tilde in version specification it's not yet supported by rustsec v0.24 Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>	2021-07-08 01:08:31 +02:00
Yechan Bae	afbc0dc9e1	Update five std CVEs (#946 )	2021-07-06 12:36:13 -06:00
Tony Arcieri	23d8630fbe	Bump `rustsec-admin` to v0.5.1 (#949 )	2021-07-03 13:02:47 -06:00
Sergey "Shnatsel" Davidoff	34e9832a80	OSV export: fix handling of advisories without an ID (#948 ) * OSV export: fix handling of advisories without an ID * job will fail without -f flag on rm	2021-07-02 17:48:46 +02:00
Sergey "Shnatsel" Davidoff	9f3eb562a2	Add OSV export CI job (#947 )	2021-07-02 17:22:13 +02:00
Sergey "Shnatsel" Davidoff	d5a60f2737	Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945 )	2021-07-02 01:39:03 +02:00
Sergey "Shnatsel" Davidoff	84e3fb3121	Add `withdrawn` field (#942 ) * Add `withdrawn` field to advisories, recording the yank date * Synthetic signed commit for testing * Add `withdrawn` field to lubpulse-binding advisory forgotten on the first pass	2021-06-30 00:08:30 +02:00
Tony Arcieri	1684325bb6	Bump `rustsec-admin` to v0.5.0 (#944 )	2021-06-30 00:01:00 +02:00
Chojan Shang	220bc71988	Add patched version for flatbuffers RUSTSEC-2020-0009 (#943 ) Signed-off-by: Chojan Shang <psiace@outlook.com>	2021-06-23 23:24:04 +02:00
David Marshall	cd87335b46	Update RUSTSEC-2021-0049.md (#941 ) https://nvd.nist.gov/vuln/detail/CVE-2021-29940	2021-06-16 23:05:39 +02:00

1 2 3 4 5 ...

1429 Commits