OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 18:50:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,028 Commits 1 Branch 0 Tags
cbf97de9b780c3279e779ef40b7fa2789b2b9905
Commit Graph

2028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexis Mousset
cbf97de9b7 Add documentation for advisories licenses (#1761) 2023-08-28 15:52:35 +00:00
Alexis Mousset
65e32a757b Sync advisories ids from GitHub (#1760) 2023-08-27 15:52:52 +00:00
Sandro-Alessio Gierens
d401af5af8 Add jzon as alternative recommendation for json (#1759) 
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
 2023-08-25 17:52:15 +00:00
github-actions[bot]
5373b7ebb0 Assigned RUSTSEC-2023-0054 to mail-internals (#1758) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-08-24 10:21:13 +00:00
наб
3f70263445 mail-internals memory corruption (#1741) 2023-08-24 10:20:06 +00:00
Samuel Moelius
5bde16559d README.md: Link to HOWTO_UNMAINTAINED.md (#1754) 
Closes #1748
 2023-08-23 06:14:50 -06:00
github-actions[bot]
214d69f125 Assigned RUSTSEC-2023-0052 to webpki, RUSTSEC-2023-0053 to rustls-webpki (#1753) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-08-22 12:45:02 +00:00
ctz
ff6edc9823 CPU denial of service in rustls-webpki and webpki crates (#1752) 
* Add rustls-webpki denial of service bug

* Add webpki denial of service bug
 2023-08-22 12:44:03 +00:00
Sandro-Alessio Gierens
7600054d6c Add uzers as alternative recommendation for users (#1751) 
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
 2023-08-21 10:35:45 +00:00
github-actions[bot]
ae12a8f93f Assigned RUSTSEC-2023-0051 to dlopen_derive (#1747) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-08-19 12:29:52 +02:00
Samuel Moelius
f7511e0fa3 Add unmaintained dlopen_derive advisory (#1735) 2023-08-19 12:23:53 +02:00
github-actions[bot]
f76ea1c128 Assigned RUSTSEC-2023-0050 to multipart (#1746) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-08-18 22:38:40 +02:00
Sanpi
d98c58dda0 Add unmaintained multipart crate (#1679) 2023-08-18 22:35:57 +02:00
github-actions[bot]
58aa4552f3 Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-08-14 11:14:25 -06:00
Tony Arcieri
9012b65f10 Add Double Public Key Signing Function Oracle Attack on ed25519-dalek (#1744) 
Closes #1360
 2023-08-14 11:12:30 -06:00
github-actions[bot]
15e3b1b071 Assigned RUSTSEC-2023-0049 to tui (#1740) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-08-07 07:27:47 -06:00
Orhun Parmaksız
e27f9d4f8a Add unmaintained tui advisory (#1739) 2023-08-07 07:26:03 -06:00
Alexis Mousset
98e8483ac1 Update aliases from GHSA OSV export (#1734) 2023-07-29 19:20:00 +02:00
github-actions[bot]
926c7faf15 Assigned RUSTSEC-2023-0048 to intaglio (#1733) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-07-27 00:15:10 +02:00
Ryan Lopopolo
3cf8a9354f Add advisory for unsoundness in intaglio symbol interners (#1732) 
See:

- https://github.com/artichoke/intaglio/issues/235
- https://github.com/artichoke/intaglio/pull/236
- https://github.com/artichoke/intaglio/releases/tag/v1.9.0
 2023-07-27 00:11:22 +02:00
github-actions[bot]
4aa517564d Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-07-18 16:37:16 +00:00
Rafael
782315865b report unsoundness of lmdb-rs (#1724) 
* report unsoundness of lmdb-rs

* report unsoundness of lmdb-rs
 2023-07-18 16:36:20 +00:00
Alexis Mousset
1d12a1c2e3 Fix typos (#1729) 2023-07-15 15:07:13 +00:00
Alexis Mousset
5ceeefcbba Bump rustsec-admin to 0.8.6 (#1728) 2023-07-08 16:04:33 +02:00
Alexis Mousset
c2b1e4cab4 Update aliases from GHSA OSV export (#1727) 2023-07-08 14:30:19 +02:00
Linus Färnstrand
1f538e6f3b Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725) 
Since `IsTerminal` is now stable, this CVE can recommend that first
 2023-06-29 12:21:59 +00:00
github-actions[bot]
9cf72357c8 Assigned RUSTSEC-2023-0046 to cyfs-base (#1723) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-22 09:43:08 -06:00
Rafael
a64182cf0f report misaligned pointer dereference in cyfs-base (#1718) 2023-06-22 09:42:06 -06:00
github-actions[bot]
76c37849b6 Assigned RUSTSEC-2023-0045 to memoffset (#1722) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-21 12:29:36 +00:00
Kisaragi
27aa255f11 Add advisory to memoffset (#1721) 
* Add advisory to `memoffset`

* fix invalid category
 2023-06-21 12:23:59 +00:00
github-actions[bot]
29b04da119 Assigned RUSTSEC-2023-0044 to openssl (#1720) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-20 17:34:12 -04:00
Alex Gaynor
e8534eadc5 Report buffer-overread in OpenSSL (#1719) 
* Report buffer-overread in OpenSSL

* Rename RUSTSEC-0000-0000 to RUSTSEC-0000-0000.md
 2023-06-20 21:32:25 +00:00
joshua-maros
37abf6e463 Update RUSTSEC-2023-0042 to reflect patch. (#1717) 2023-06-15 11:07:09 +00:00
github-actions[bot]
13b9455e9f Assigned RUSTSEC-2023-0043 to ftp (#1714) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-14 07:23:36 -06:00
Christian Visintin
3ad954ae91 Add unmaintained ftp crate (#1612) 2023-06-14 07:21:57 -06:00
Alexis Mousset
84c633df9c Update aliases from GHSA OSV export (#1693) 2023-06-13 15:10:24 +02:00
github-actions[bot]
ea9ad160b6 Assigned RUSTSEC-2023-0042 to ouroboros (#1708) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-12 02:10:09 +02:00
joshua-maros
ae311156f9 Ouroboros Soundess Issue (#1707) 2023-06-12 02:08:57 +02:00
github-actions[bot]
af3f3d503f Assigned RUSTSEC-2023-0041 to trust-dns-server (#1704) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-03 19:41:41 +00:00
Jonas Bushart
a14884ebf4 Vulnerability in trust-dns and trust-dns-server (#1703) 
An attacker can form packet loops between vulnerable instances leading
to a denial-of-service for both network and CPU resources.
 2023-06-03 19:40:41 +00:00
github-actions[bot]
d32ef82010 Assigned RUSTSEC-2023-0040 to users (#1702) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-01 10:22:47 -06:00
Zeeshan Ali Khan
99d0a82b66 🦺 Advisory for unmaintained crate, users (#1701) 2023-06-01 10:15:25 -06:00
github-actions[bot]
f343db0846 Assigned RUSTSEC-2023-0039 to buffered-reader (#1700) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-05-31 23:03:14 +02:00
Neal H. Walfield
8a7fc61c92 Add advisory for buffered-reader (#1697) 
Attacker-controlled input can lead to an out-of-bounds index, which
causes buffered-reader to panic.  This has been fixed in versions
1.2.0, 1.1.5, and 1.0.2 of buffered-reader.
 2023-05-31 23:02:26 +02:00
github-actions[bot]
66dbd2c1a8 Assigned RUSTSEC-2023-0038 to sequoia-openpgp (#1699) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-05-31 23:02:12 +02:00
Neal H. Walfield
ee9ec5f605 Add advisory for sequoia-openpgp (#1696) 
Attacker-controlled input can lead to an out-of-bounds index, which
causes sequoia-openpgp to panic.  This has been fixed in versions
1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.
 2023-05-31 22:54:59 +02:00
Ralph Giles
e162556b9e Suggest kuchikiki as an alternative to kuchiki (#1698) 
The `kuchiki` crate has been marked unmaintained. We're continuing
to support a fork under then name `kuchikiki` which we intend to
remain semver-compatible with our former upstream.

Suggest this as an alternative in RUSTSEC-2023-0019 since it is
a direct replacement; the other alternatives involve significant
porting effort.
 2023-05-23 14:17:25 -06:00
github-actions[bot]
0e97e6e71f Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-05-16 21:02:51 -06:00
Tony Arcieri
dc083e6955 xsalsa20poly1305 is unmaintained (#1694) 
See https://github.com/RustCrypto/AEADs/pull/525
 2023-05-16 21:01:49 -06:00
Kornel
50bed3ba40 xml-rs is maintained (#1691) 2023-05-05 09:39:54 +02:00