OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
410 Commits 1 Branch 0 Tags
d96db2b3d6fa4b3cc44ca184919c0291eb46074e
Commit Graph

410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
d96db2b3d6 Merge pull request #211 from basvandijk/RUSTSEC-2019-0023-string-interner-0.6.4 
string-interner-0.6.4 also fixes RUSTSEC-2019-0023
 2019-12-21 08:30:20 -08:00
Bas van Dijk
158c986aa4 string-interner-0.6.4 also fixes RUSTSEC-2019-0023 
The fix https://github.com/Robbepop/string-interner/pull/10
released in 0.7.1 was also backported to the 0.6 release line in
https://github.com/Robbepop/string-interner/pull/14 and released in 0.6.4.
 2019-12-21 11:43:05 +01:00
Tony Arcieri
7bc1753de3 Merge pull request #209 from RustSec/RUSTSEC-2019-0032 
Assign RUSTSEC-2019-0032 to crust
 2019-12-17 07:43:10 -08:00
Tony Arcieri
c2c2e8e1a7 Assign RUSTSEC-2019-0032 to crust 
Original PR: https://github.com/RustSec/advisory-db/pull/204
 2019-12-17 07:32:36 -08:00
Tony Arcieri
63f1b5f0cd Merge pull request #208 from RustSec/RUSTSEC-2019-0031/spin 
Assign RUSTSEC-2019-0031 to spin
 2019-12-17 07:08:45 -08:00
Tony Arcieri
91b9e060e2 Assign RUSTSEC-2019-0031 to spin 
Unmaintained per its author:

https://github.com/mvdnes/spin-rs/commit/7516c80
 2019-12-17 06:42:04 -08:00
Tony Arcieri
159a7a3b55 Merge pull request #204 from simlay/crust-archived 
Added RUSTSEC advisory for crust as an archived/unmaintained.
 2019-11-21 16:38:17 -08:00
Sebastian Imlay
366505b01b Added RUSTSEC advisory for crust as an unmaintained. 2019-11-21 16:08:53 -08:00
Tony Arcieri
6957957ea1 Merge pull request #203 from omarabid/patch-1 
fix typo in Readme
 2019-11-13 06:36:44 +01:00
Abid Omar
7f4c2e1863 fix typo in Readme 2019-11-11 21:04:03 +01:00
Tony Arcieri
f9cd955852 Merge pull request #202 from RustSec/RUSTSEC-2019-0030 
Assign RUSTSEC-2019-0030 to streebog
 2019-11-07 08:33:52 -08:00
Tony Arcieri
c762d41313 Assign RUSTSEC-2019-0030 to streebog 
Original PR: https://github.com/RustSec/advisory-db/pull/201
 2019-11-07 08:16:46 -08:00
Tony Arcieri
cd6c47bc90 Merge pull request #201 from newpavlov/streebog1 
Add an advisory for streebog bug
 2019-11-06 11:41:53 -08:00
newpavlov
34eb710de5 fix description 2019-11-06 19:49:57 +03:00
newpavlov
7786157156 add an advisory for streebog bug 2019-11-06 19:47:35 +03:00
Tony Arcieri
61f0800fb0 Merge pull request #200 from brycx/orion-alternative 
rust-crypto: Add orion as alternative
 2019-11-04 17:16:17 -08:00
brycx
9a3a5743c0 No IETF on XChaCha20 variant 2019-11-04 19:53:43 +01:00
brycx
c8f2bccd72 rust-crypto: Add orion as alternative 2019-11-04 15:49:50 +01:00
Tony Arcieri
edca2c5ae0 Merge pull request #199 from RustSec/chacha20/counter-overflow 
chacha20: Add counter overflow advisory
 2019-10-23 11:07:55 -07:00
Tony Arcieri
ab01fe3e28 Assign RUSTSEC-2019-0029 to chacha20 2019-10-23 10:56:18 -07:00
Tony Arcieri
0f1e1885db chacha20: Add counter overflow advisory 
Upstream issue: https://github.com/RustCrypto/stream-ciphers/pull/64
 2019-10-23 10:37:38 -07:00
Tony Arcieri
b810ef0f6b Merge pull request #197 from nagisa/flatbuffers 
Add a flatbuffers unsound code advisory
 2019-10-23 09:25:10 -07:00
Tony Arcieri
d520ed489c Assign RUSTSEC-2019-0028 to flatbuffers 2019-10-23 09:11:16 -07:00
Simonas Kazlauskas
2a867650cb Add a flatbuffers unsound code advisory 2019-10-20 20:30:18 +03:00
Tony Arcieri
21ec94a22f Merge pull request #196 from kpp/patch-1 
Update RUSTSEC-2019-0026.toml
 2019-10-19 20:35:02 -07:00
Roman Proskuryakov
73c772d878 Update RUSTSEC-2019-0026.toml 2019-10-20 02:04:21 +03:00
Tony Arcieri
d53649551b Merge pull request #195 from RustSec/RUSTSEC-2019-0027 
Assign RUSTSEC-2019-0027 to libsecp256k1
 2019-10-14 09:00:23 -07:00
Tony Arcieri
783394f059 Assign RUSTSEC-2019-0027 to libsecp256k1 
Original PR: https://github.com/RustSec/advisory-db/pull/194
 2019-10-14 08:47:43 -07:00
Tony Arcieri
2ea335249f Merge pull request #194 from s3krit/libsecp256k1-timing 
Flaw in Scalar::check_overflow allows side-channel timing attack
 2019-10-14 08:22:15 -07:00
Martin Pugh
0af6c80758 Add libsecp256k1 advisory 2019-10-14 15:08:46 +01:00
Tony Arcieri
8b3a5661db Merge pull request #193 from RustSec/RUSTSEC-2019-0026 
Assign RUSTSEC-2019-0026 to sodiumoxide
 2019-10-11 12:09:13 -07:00
Tony Arcieri
38a7158626 Assign RUSTSEC-2019-0026 to sodiumoxide 
Original PR: https://github.com/RustSec/advisory-db/pull/192
 2019-10-11 11:43:47 -07:00
Tony Arcieri
4ee77db244 Merge pull request #192 from kpp/master 
PartialEq implementation for sodiumoxide::crypto::generichash::Digest has compared itself to itself
 2019-10-11 11:42:13 -07:00
Roman Proskuryakov
fd955ac4a2 PartialEq implementation for sodiumoxide::crypto::generichash::Digest has compared itself to itself 2019-10-11 20:38:01 +03:00
Tony Arcieri
ba8504f073 Merge pull request #191 from RustSec/RUSTSEC-2017-0006/add-patched-versions 
RUSTSEC-2017-0006: rmpv: add patched versions
 2019-10-11 09:23:18 -07:00
Tony Arcieri
cad07fbc25 RUSTSEC-2017-0006: rmpv: add patched versions 
Patched as of v0.4.2:

https://github.com/RustSec/advisory-db/pull/171#issuecomment-540169499
 2019-10-11 09:07:24 -07:00
Tony Arcieri
e98f9fd70f Merge pull request #190 from RustSec/RUSTSEC-2019-0025 
Assign RUSTSEC-2019-0025 to serde_cbor
 2019-10-11 09:06:04 -07:00
Tony Arcieri
621d40e195 Assign RUSTSEC-2019-0025 to serde_cbor 
Original PR: https://github.com/RustSec/advisory-db/pull/171/files
 2019-10-11 08:40:48 -07:00
Tony Arcieri
e0a595f0b3 Merge pull request #188 from pyfisch/patch-1 
Flaw in CBOR deserializer allows stack overflow
 2019-10-11 08:39:38 -07:00
pyfisch
3afc9e6afc Flaw in CBOR deserializer allows stack overflow 2019-10-10 11:43:01 +02:00
Tony Arcieri
0b637794de Merge pull request #187 from RustSec/RUSTSEC-2019-0024 
RUSTSEC-2019-0024: Test advisory for `rustsec-example-crate` (closes #158)
 2019-10-08 18:24:00 -07:00
Tony Arcieri
14f7fd3faa RUSTSEC-2019-0024: Test advisory for rustsec-example-crate 
This is a test advisory useful for verifying RustSec tooling and
vulnerability detection pipelines are working correctly. Aside from
the fact that it is filed against an example crate, it is otherwise
considered by the Advisory Database itself to be a normal security
advisory.

It's filed against `rustsec-example-crate`, an otherwise completely
empty crate with no functionality or code, which has two releases:

- v0.0.1: *vulnerable* according to this advisory
- v1.0.0: *patched* by this advisory

(Technically there is a third release, v0.0.0, which is yanked, but
otherwise identical to the v0.0.1 release)
 2019-10-08 18:11:30 -07:00
Tony Arcieri
27eb3df93e Merge pull request #183 from RustSec/unmaintained-crates/cassandra 
Add unmaintained crate informational advisory: cassandra
 2019-10-08 11:31:20 -07:00
Tony Arcieri
f7581dc887 Assign RUSTSEC-2016-0006 (informational) to cassandra 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/183
 2019-10-08 11:13:07 -07:00
Tony Arcieri
c48b077ec0 Add unmaintained crate informational advisory: cassandra 
No releases since 2016 and no responses from the author about its
maintenance status:

https://github.com/tupshin/cassandra-rs/issues/52

Recommending `cassandra-cpp`, a maintained fork, as a successor:

https://github.com/Metaswitch/cassandra-rs
 2019-10-08 11:12:02 -07:00
Tony Arcieri
9a304ea2c6 Merge pull request #181 from RustSec/unmaintained-crates/rust-crypto 
Add unmaintained crate informational advisory: rust-crypto
 2019-10-08 11:11:06 -07:00
Tony Arcieri
3bcb5ab774 Assign RUSTSEC-2016-0005 (informational) to rust-crypto 
Marking as unmaintained per:

https://github.com/RustSec/advisory-db/pull/181
 2019-10-08 10:48:35 -07:00
Tony Arcieri
24df24afec Add unmaintained crate informational advisory: rust-crypto 
No releases since May 2016, no commits since September 2016, with
62 open issues and 37 open PRs.

Author is unresponsive:

https://github.com/DaGenix/rust-crypto/issues/440

Advisory includes a large list of maintained "successor" crates:
`rust-crypto` was a kitchen sink of functionality, so the advisory
contains a list of potential successor crates each with an
algorithm-by-algorithm breakdown of what they support.
 2019-10-08 10:45:01 -07:00
Tony Arcieri
32810e4a91 Merge pull request #182 from RustSec/unmaintained-crates/term 
Add unmaintained crate informational advisory: term
 2019-10-08 10:43:34 -07:00
Tony Arcieri
1092f100f6 Assign RUSTSEC-2018-0015 (informational) to term 
Marking as looking for a new maintainer per:

https://github.com/RustSec/advisory-db/pull/182
 2019-10-08 10:28:47 -07:00