OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 23:08:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,535 Commits 1 Branch 0 Tags
d8701fad2d40aeca8e8564692f14a8d7c30a5136
Commit Graph

1535 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jacob Pratt
d8701fad2d Add missing method to time vulnerability (#1086) 2021-10-19 16:13:58 -06:00
Alexis Mousset
0c762d06a8 Add CVE alias for RUSTSEC-2021-0069 (#1087) 2021-10-19 21:56:47 +02:00
github-actions[bot]
8e29664694 Assigned RUSTSEC-2021-0121 to crypto2 (#1084) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-18 10:22:07 -06:00
包布丁
0d6d73ffde Unsound implementation of Chacha20 in crypto2 (#1072) 2021-10-18 10:19:31 -06:00
github-actions[bot]
9823491277 Assigned RUSTSEC-2020-0159 to chrono (#1083) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-18 10:19:09 -06:00
Tony Arcieri
1d8c7e1f15 Add chrono advisory for chrono#499 (localtime_r) (#1082) 
This is an advisory similar to `RUSTSEC-2020-0071` impacting usages of
`localtime_r` within `chrono` itself, since the API is used in a
cross-thread manner in an unsound way.
 2021-10-18 10:13:47 -06:00
Ben Kimock
5335769e4b Update vec-const advisory (#1081) 2021-10-18 00:19:40 +02:00
github-actions[bot]
93c9b95f23 Assigned RUSTSEC-2021-0120 to abomonation (#1080) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-17 15:33:02 -06:00
Ben Kimock
68a4387f34 Report abomonation as unsound (#1079) 2021-10-17 15:28:16 -06:00
Jacob Pratt
e7d342f190 Update RUSTEC-2020-0071 (#1078) 
This includes the affected functions in time 0.1 and rewords a few
things for clarity.
 2021-10-16 22:31:32 -06:00
Alexander Kjäll
f494f83f8e add missing cve info to advisories (#1077) 
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
 2021-10-14 21:53:11 +02:00
Alexander Kjäll
9a1349483e Add CVE information to RUSTSEC-2020-0142 (#1076) 
See: https://cve.circl.lu/cve/CVE-2020-36462
 2021-10-14 17:38:20 +02:00
Alexander Kjäll
09587b2b82 Add CVE info to RUSTSEC-2020-0133 (#1075) 
see: https://cve.circl.lu/cve/CVE-2020-36453
 2021-10-14 10:33:50 -04:00
puzzlewolf
380869a5c1 Update patched version of zeroize_derive. (#1074) 
zeroize_derive backported the fix to the 1.1 branch and released it as
version 1.1.1 (https://github.com/iqlusioninc/crates/pull/881).
 2021-10-12 09:24:09 -06:00
Sergey "Shnatsel" Davidoff
d29205a680 Promote nix::unistd::getgrouplist to vulnerability (#1073) 2021-10-08 18:17:22 +02:00
Alex Gaynor
b426bdf91c Tiny change to try to force github to sign 2021-10-07 10:02:39 -04:00
github-actions[bot]
76105bde90 Assigned RUSTSEC-2020-0158 to slice-deque (#1069) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-10-07 07:38:11 -06:00
Théo Degioanni
377fdd8e59 Report slice-deque as unmaintained (#938) 2021-10-07 07:29:49 -06:00
Alexander Kjäll
bb3e4acd80 add CVE information to RUSTSEC-2021-0080 (#1068) 2021-10-01 23:25:09 +02:00
Alexander Kjäll
b858bec3cc Add CVE information (#1067) 2021-10-01 23:24:38 +02:00
github-actions[bot]
6724be0e29 Assigned RUSTSEC-2021-0119 to nix (#1066) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-30 19:05:28 +02:00
Geoffrey Thomas
a59b58df71 nix::unistd::getgrouplist buffer overflow (#1060) 
* nix::unistd::getgrouplist buffer overflow

* add `unaffected`

* add patched versions

* add affected OSs

* drop severity down to a warning

* note that this requires root to exploit

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-09-30 19:03:59 +02:00
github-actions[bot]
54d10b4026 Assigned RUSTSEC-2021-0118 to arrow (#1064) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-29 18:01:48 +02:00
Sergey "Shnatsel" Davidoff
f2e3a65042 Yet another arrow advisory (#1059) 
* Create RUSTSEC-0000-0000.md

* remove references to writes
 2021-09-29 18:00:36 +02:00
github-actions[bot]
a9bf472713 Assigned RUSTSEC-2021-0117 to arrow (#1063) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-29 18:00:13 +02:00
Sergey "Shnatsel" Davidoff
edfbe64d47 arrow DecimalArray advisory (#1058) 
* Create RUSTSEC-0000-0000.md

* `url` instead of `references`

* remove references to writes
 2021-09-29 17:58:28 +02:00
github-actions[bot]
a7d4ec8dd9 Assigned RUSTSEC-2021-0116 to arrow (#1062) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-29 17:58:13 +02:00
Sergey "Shnatsel" Davidoff
9cc82e1b90 arrow BinaryArray advisory (#1057) 
* Create RUSTSEC-0000-0000.md

* reword to also include writes

* remove mentions of writes
 2021-09-29 17:46:18 +02:00
teor
a44ad8fae3 Clarify meaning of RUSTSEC-2021-0077.md (#1061) 
There appear to be some missing words that create an unintended meaning.
 2021-09-28 18:27:47 -04:00
Sergey "Shnatsel" Davidoff
653bd1397c Fix RUSTSEC-2018-0020 GHSA alias (#1056) 2021-09-25 15:47:25 +02:00
github-actions[bot]
b5319a3dba Assigned RUSTSEC-2021-0115 to zeroize_derive (#1055) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2021-09-24 12:49:25 -06:00
daxpedda
0e04678ad8 #[zeroize(drop)] not working for enums (#1054) 2021-09-24 12:46:12 -06:00
github-actions[bot]
f1fc2c3eb0 Assigned RUSTSEC-2021-0114 to nanorand (#1052) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-23 22:26:20 +02:00
Cyborus04
a4b1d48e55 nanorand tls_rand aliased mutable references (#1051) 
* nanorand `tls_rand` aliased mutable references

* `TlsWyRand`, not `TlsRand`

* Add report title

whoops

* Remove invalid category

* add URL

* "UB" -> "undefined behavior"

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-09-23 22:25:05 +02:00
github-actions[bot]
d5c7ae1c71 Assigned RUSTSEC-2021-0112 to tectonic_xdv, RUSTSEC-2021-0113 to metrics-util (#1050) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-18 23:35:48 +02:00
Yechan Bae
bb15a55b43 Add disappeared advisories (#1049) 2021-09-18 23:33:39 +02:00
github-actions[bot]
9fead37879 Assigned RUSTSEC-2021-0111 to tremor-script (#1048) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-18 20:10:57 +02:00
Matthias Wahl
057094d60e Add advisory for memory corruption in tremor-script < 0.11.6 (#1045) 
Signed-off-by: Matthias Wahl <mwahl@wayfair.com>
 2021-09-18 20:05:02 +02:00
github-actions[bot]
26d56f7614 Assigned RUSTSEC-2021-0110 to wasmtime (#1047) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-17 22:55:59 +02:00
Nick Fitzgerald
3d742d4426 Add recent Wasmtime CVEs (#1046) 
* Add recent Wasmtime CVEs

* replace URL with references

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2021-09-17 22:47:54 +02:00
Sergey "Shnatsel" Davidoff
ab0a84327e Mention OSV in readme (#1043) 2021-09-12 18:03:16 +02:00
Sergey "Shnatsel" Davidoff
6c092fecd4 Switch to rustsec-admin 0.5.2 (OSV 1.0) and branch osv (#1042) 2021-09-12 16:30:20 +02:00
Sergey "Shnatsel" Davidoff
d202965dcb Add GHSA alias to RUSTSEC-2021-0106 (#1039) 2021-09-10 16:11:09 +00:00
Sergey "Shnatsel" Davidoff
b5756eddf9 Add GHSA alias to RUSTSEC-2021-0103 (#1040) 2021-09-10 16:10:58 +00:00
Sergey "Shnatsel" Davidoff
2b1a5c551d Add GHSA alias to RUSTSEC-2021-0105 (#1041) 2021-09-10 16:04:49 +00:00
Sergey "Shnatsel" Davidoff
464cc079a5 Add GHSA alias to RUSTSEC-2020-0156 2021-09-10 16:03:52 +00:00
Sergey "Shnatsel" Davidoff
b99d8a1347 Add GHSA alias to RUSTSEC-2021-0104 (#1038) 2021-09-10 16:01:55 +00:00
github-actions[bot]
8b677b0f9a Assigned RUSTSEC-2021-0109 to ckb (#1035) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2021-09-10 15:58:38 +00:00
Sergey "Shnatsel" Davidoff
204c1ae2c6 add GHSA alias to RUSTSEC-2021-0101 (#1036) 2021-09-10 15:58:27 +00:00
Sergey "Shnatsel" Davidoff
a665da67eb Add GHSA alias to RUSTSEC-2021-0102 2021-09-10 15:58:05 +00:00