OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 23:36:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
459 Commits 1 Branch 0 Tags
ce7810963c8a2abf6972cbcd625bba7931eb1921
Commit Graph

15 Commits

Author SHA1 Message Date
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Vinzent Steinberg
2dda7f38b8 Use backticks for escaped characters 2019-10-07 17:05:39 +02:00
Vinzent Steinberg
5233609919 Fix escapes in hyper advisory 
Fixes #159.
 2019-10-07 15:30:55 +02:00
Tony Arcieri
01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
 2019-09-09 12:19:01 -07:00
Tony Arcieri
782efebde9 Revert "Add affected functions to legacy security warnings (#83)" 
This reverts commit 0a981e2b6f.

These now need to use the new `affected_paths` attribute, which has a
different (VersionReq-bucketed) format.
 2019-01-13 17:31:25 -08:00
Moritz Beller
0a981e2b6f Add affected functions to legacy security warnings (#83) 
Add affected functions to advisories

Add `affected_functions` to:

- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
 2018-12-21 06:11:32 -08:00
Tony Arcieri
1296249cfb RUSTSEC-2016-0002.toml: use 'affected_os' attribute 
Replaces the 'affected_platforms' attribute in rustsec v0.9.
 2018-07-26 21:02:15 -07:00
Tony Arcieri
2d9a2632a7 Keywords 
Documents the new `keywords` attribute and adds keywords to all current
advisories. These can be consumed by the web UI.
 2018-07-24 16:02:35 -07:00
Tony Arcieri
2632340526 Affected Platforms 
Documents the use of the `affected_platforms` attribute in advisories,
and adds it to a relevant advisory.
 2018-07-24 15:53:43 -07:00
Tony Arcieri
07219b8d17 Assign RUSTSEC-2016-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/18
 2018-07-24 12:33:49 -07:00
Tony Arcieri
8678a77455 Advisory: hyper HTTPS MitM due to lack of hostname verification 2018-07-24 12:03:59 -07:00
Tony Arcieri
cb81d3ceaa Rename "dwf" TOML tag to "aliases" (closes #36) 
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
 2018-07-21 19:47:30 -07:00
Tony Arcieri
79fd13ac6f crates: Add 'id' attribute to all advisories 
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
 2018-07-21 15:22:39 -07:00
Tony Arcieri
e867ef7194 Assign RUSTSEC-2017-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/12
 2017-02-28 09:02:18 -08:00
Sean McArthur
4597f51b45 add advisory for hyper message splitting vulnerability 2017-02-27 15:13:17 -08:00