OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,705 Commits 1 Branch 0 Tags
cfdc01461dbcb8b4f460bf9bc64907c91b9d85ce
Commit Graph

1705 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
cfdc01461d Assigned RUSTSEC-2022-0043 to tower-http (#1321) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-05 00:07:43 +02:00
pinkforest(she/her)
2827f80af4 Add tower-http 2022 version (#1320) 2022-08-05 00:06:52 +02:00
github-actions[bot]
0db59724bf Assigned RUSTSEC-2022-0042 to rustdecimal (#1318) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-04 23:10:46 +02:00
pinkforest(she/her)
4f53bcba87 Add malicious crate rustdecimal (#1317) 2022-08-04 23:09:40 +02:00
pinkforest(she/her)
a6e020424c Remove redundant lint check from assign-ids (#1315) 2022-08-04 23:01:11 +02:00
Sergey "Shnatsel" Davidoff
259257927a Revert "Add advisory rustdecimal (#1312)" (#1313) 
This reverts commit 52cb9759dc.
 2022-08-04 22:29:06 +02:00
pinkforest(she/her)
52cb9759dc Add advisory rustdecimal (#1312) 2022-08-04 22:20:29 +02:00
Tony Arcieri
36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
 2022-08-04 13:52:46 -06:00
pinkforest(she/her)
163b82246e Bump rust-admin 0.8.0 --skip-namecheck rustdecimal (#1308) 2022-08-05 04:34:27 +10:00
Sergey "Shnatsel" Davidoff
d87417aea0 useless signed commit to fix toolign that expects signed commits 2022-08-04 20:21:19 +02:00
pinkforest
db78ca0149 Revert "Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal" 2022-08-05 04:11:15 +10:00
pinkforest
63f44b37e5 Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal 2022-08-05 04:10:34 +10:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00
pinkforest(she/her)
3ee71b8734 Add Crossbeam AtomicCell<*64> Soundness #1203 (#1304) 
* Add Crossbeam AtomicCell<*64> Soundness #1203
* Address @amousset feedback
 2022-08-04 23:55:01 +10:00
Yechan Bae
474984fe44 Explicitly mention soundness in the description (#1302) 2022-08-03 16:49:16 -06:00
github-actions[bot]
e0c209077f Assigned RUSTSEC-2022-0040 to owning_ref (#1301) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-02 21:47:23 +02:00
Sergey "Shnatsel" Davidoff
ff384c3d46 Initial advisory for owning_ref unsoundness (#1188) 
* Initial advisory for owning_ref unsoundness

* move owning_ref advisory to a subfolder where it belongs

* Add OwningRef::map is unsound to owning_ref

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-02 21:41:46 +02:00
github-actions[bot]
d8dd62801c Assigned RUSTSEC-2021-0136 to sass-rs (#1300) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:19:28 +10:00
Christopher Durham
9b48cb22a1 sass-rs is deprecated (#1228) 
* sass-rs is deprecated

* Fix format
 2022-08-03 04:18:05 +10:00
github-actions[bot]
a36ba66817 Assigned RUSTSEC-2022-0039 to odbc (#1299) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:15:56 +10:00
Bruno Bigras
0387267821 Add unmaintained advisory for odbc (#1151) 
fix #1044
 2022-08-03 04:13:42 +10:00
github-actions[bot]
ec93834e77 Assigned RUSTSEC-2022-0037 to async-graphql, RUSTSEC-2022-0038 to juniper (#1298) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:59:55 +10:00
Dirkjan Ochtman
259863da4f Add advisories for async-graphql/juniper denial of service issues (#1290) 
* Add advisory for async-graphql DoS issue

* Add advisory for juniper DoS issue
 2022-08-03 03:58:29 +10:00
github-actions[bot]
e4ac884b59 Assigned RUSTSEC-2022-0036 to r2d2_odbc (#1297) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:34:36 +10:00
pinkforest(she/her)
c568a8a3bc Fix r2d2_odbc name (#1296) 
* Fix r2d2_odbc name
 2022-08-03 03:32:03 +10:00
Bruno Bigras
d8e134f108 Add unmaintained advisory for r2d2-odbc (#1150) 
fix #1097
 2022-08-03 03:14:56 +10:00
github-actions[bot]
6a31ac7433 Assigned RUSTSEC-2020-0163 to term_size (#1295) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 00:03:23 +10:00
LingMan
b0fc002bcd Add unmaintained advisory for term_size (#1275) 2022-08-03 00:01:14 +10:00
Evan Richter
fdbc12eb9f fix typo in advisory date (#1294) 2022-08-01 18:35:31 -04:00
Vitaly Shukela
f6c6cd09c9 Update CONTRIBUTING.md (#1292) 
Clarify file format for creating advisory.
Explicitly mention that there should be markdown text, not just the toml.
 2022-08-01 15:22:38 -04:00
github-actions[bot]
2618960a7f Assigned RUSTSEC-2022-0035 to websocket (#1293) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-01 21:21:57 +02:00
Vitaly Shukela
7d36edf537 Add advisory for websocket (#1291) 
* Add advisory for websocket

* Update RUSTSEC-0000-0000.md

* Add text to websocket advisory

* Add title to fix CI

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-08-01 21:19:33 +02:00
Yechan Bae
2380d517ee Remove redundant usually (#1288) 2022-08-01 00:37:19 +02:00
Sergey "Shnatsel" Davidoff
c1ae578c27 Create MAINTAINERS_GUIDE.md (#1286) 
* Create MAINTAINERS_GUIDE.md

* Clarify motivation for not making substantial edits unilaterally
 2022-07-30 20:46:36 +02:00
github-actions[bot]
36df8a4efc Assigned RUSTSEC-2022-0034 to pkcs11 (#1283) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-07-25 11:19:15 -06:00
Ionuț Mihalcea
48214447df Add advisory for pkcs11 (#1282) 
Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
 2022-07-23 08:29:34 -06:00
github-actions[bot]
2718c2db84 Assigned RUSTSEC-2022-0033 to openssl-src (#1279) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:48:56 +02:00
Alexis Mousset
d820cf991c Add advisory for openssl CVE-2022-2274 (#1276) 2022-07-05 14:44:40 +02:00
github-actions[bot]
1c17612a36 Assigned RUSTSEC-2022-0032 to openssl-src (#1278) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:44:23 +02:00
Alexis Mousset
6f8de93f84 Add advisory for openssl CVE-2022-2097 (#1277) 2022-07-05 14:33:40 +02:00
github-actions[bot]
b4ed922847 Assigned RUSTSEC-2022-0031 to rulex (#1274) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 22:01:26 +02:00
Evan Richter
d0e82ff0d7 rulex advisory for string indexing panic (#1272) 2022-06-26 21:48:57 +02:00
github-actions[bot]
03ab8e5349 Assigned RUSTSEC-2022-0030 to rulex (#1273) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 21:44:13 +02:00
Evan Richter
c188be71e2 rulex advisory for stack overflow (#1271) 2022-06-26 21:42:00 +02:00
8573
7381319981 Copyedit RUSTSEC-2021-0122 (#1269) 
Apply some copyedits to the text introduced by #1268.  Add a missing
comma; inflect "be" better; and use normal quotation marks rather than
backticks around the word "safe", referring to Safe Rust, as, unlike
`unsafe`, "safe" is not Rust syntax.
 2022-06-25 14:06:03 +02:00
Andrew Lamb
9e0c88bd78 Clarify flatbuffers RUSTSEC-2021-0122.md (#1268) 
It may be hard for non Rust experts to understand what the implications of "is `unsafe` but not marked as such" means

I propose adding some more supporting information
 2022-06-24 16:17:18 +02:00
Sergey "Shnatsel" Davidoff
49fb6c0b94 Revert "Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263)" (#1264) 
This reverts commit 7cbdcd8500.
 2022-06-20 14:19:49 +02:00
pinkforest(she/her)
7cbdcd8500 Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263) 
* Fix advisory openssl-src 111 stream patched

* not a semver

* make 111 affected
 2022-06-17 13:15:51 +02:00
github-actions[bot]
f10f232879 Assigned RUSTSEC-2022-0029 to crossbeam (#1261) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-08 01:12:13 +02:00