OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 08:40:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,695 Commits 1 Branch 0 Tags
db78ca0149f8ed7c8c2d2aea0236edb63a23f362
Commit Graph

1695 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
pinkforest
db78ca0149 Revert "Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal" 2022-08-05 04:11:15 +10:00
pinkforest
63f44b37e5 Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal 2022-08-05 04:10:34 +10:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00
pinkforest(she/her)
3ee71b8734 Add Crossbeam AtomicCell<*64> Soundness #1203 (#1304) 
* Add Crossbeam AtomicCell<*64> Soundness #1203
* Address @amousset feedback
 2022-08-04 23:55:01 +10:00
Yechan Bae
474984fe44 Explicitly mention soundness in the description (#1302) 2022-08-03 16:49:16 -06:00
github-actions[bot]
e0c209077f Assigned RUSTSEC-2022-0040 to owning_ref (#1301) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-02 21:47:23 +02:00
Sergey "Shnatsel" Davidoff
ff384c3d46 Initial advisory for owning_ref unsoundness (#1188) 
* Initial advisory for owning_ref unsoundness

* move owning_ref advisory to a subfolder where it belongs

* Add OwningRef::map is unsound to owning_ref

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-02 21:41:46 +02:00
github-actions[bot]
d8dd62801c Assigned RUSTSEC-2021-0136 to sass-rs (#1300) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:19:28 +10:00
Christopher Durham
9b48cb22a1 sass-rs is deprecated (#1228) 
* sass-rs is deprecated

* Fix format
 2022-08-03 04:18:05 +10:00
github-actions[bot]
a36ba66817 Assigned RUSTSEC-2022-0039 to odbc (#1299) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 04:15:56 +10:00
Bruno Bigras
0387267821 Add unmaintained advisory for odbc (#1151) 
fix #1044
 2022-08-03 04:13:42 +10:00
github-actions[bot]
ec93834e77 Assigned RUSTSEC-2022-0037 to async-graphql, RUSTSEC-2022-0038 to juniper (#1298) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:59:55 +10:00
Dirkjan Ochtman
259863da4f Add advisories for async-graphql/juniper denial of service issues (#1290) 
* Add advisory for async-graphql DoS issue

* Add advisory for juniper DoS issue
 2022-08-03 03:58:29 +10:00
github-actions[bot]
e4ac884b59 Assigned RUSTSEC-2022-0036 to r2d2_odbc (#1297) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 03:34:36 +10:00
pinkforest(she/her)
c568a8a3bc Fix r2d2_odbc name (#1296) 
* Fix r2d2_odbc name
 2022-08-03 03:32:03 +10:00
Bruno Bigras
d8e134f108 Add unmaintained advisory for r2d2-odbc (#1150) 
fix #1097
 2022-08-03 03:14:56 +10:00
github-actions[bot]
6a31ac7433 Assigned RUSTSEC-2020-0163 to term_size (#1295) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-03 00:03:23 +10:00
LingMan
b0fc002bcd Add unmaintained advisory for term_size (#1275) 2022-08-03 00:01:14 +10:00
Evan Richter
fdbc12eb9f fix typo in advisory date (#1294) 2022-08-01 18:35:31 -04:00
Vitaly Shukela
f6c6cd09c9 Update CONTRIBUTING.md (#1292) 
Clarify file format for creating advisory.
Explicitly mention that there should be markdown text, not just the toml.
 2022-08-01 15:22:38 -04:00
github-actions[bot]
2618960a7f Assigned RUSTSEC-2022-0035 to websocket (#1293) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-01 21:21:57 +02:00
Vitaly Shukela
7d36edf537 Add advisory for websocket (#1291) 
* Add advisory for websocket

* Update RUSTSEC-0000-0000.md

* Add text to websocket advisory

* Add title to fix CI

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-08-01 21:19:33 +02:00
Yechan Bae
2380d517ee Remove redundant usually (#1288) 2022-08-01 00:37:19 +02:00
Sergey "Shnatsel" Davidoff
c1ae578c27 Create MAINTAINERS_GUIDE.md (#1286) 
* Create MAINTAINERS_GUIDE.md

* Clarify motivation for not making substantial edits unilaterally
 2022-07-30 20:46:36 +02:00
github-actions[bot]
36df8a4efc Assigned RUSTSEC-2022-0034 to pkcs11 (#1283) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-07-25 11:19:15 -06:00
Ionuț Mihalcea
48214447df Add advisory for pkcs11 (#1282) 
Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
 2022-07-23 08:29:34 -06:00
github-actions[bot]
2718c2db84 Assigned RUSTSEC-2022-0033 to openssl-src (#1279) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:48:56 +02:00
Alexis Mousset
d820cf991c Add advisory for openssl CVE-2022-2274 (#1276) 2022-07-05 14:44:40 +02:00
github-actions[bot]
1c17612a36 Assigned RUSTSEC-2022-0032 to openssl-src (#1278) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-07-05 14:44:23 +02:00
Alexis Mousset
6f8de93f84 Add advisory for openssl CVE-2022-2097 (#1277) 2022-07-05 14:33:40 +02:00
github-actions[bot]
b4ed922847 Assigned RUSTSEC-2022-0031 to rulex (#1274) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 22:01:26 +02:00
Evan Richter
d0e82ff0d7 rulex advisory for string indexing panic (#1272) 2022-06-26 21:48:57 +02:00
github-actions[bot]
03ab8e5349 Assigned RUSTSEC-2022-0030 to rulex (#1273) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-26 21:44:13 +02:00
Evan Richter
c188be71e2 rulex advisory for stack overflow (#1271) 2022-06-26 21:42:00 +02:00
8573
7381319981 Copyedit RUSTSEC-2021-0122 (#1269) 
Apply some copyedits to the text introduced by #1268.  Add a missing
comma; inflect "be" better; and use normal quotation marks rather than
backticks around the word "safe", referring to Safe Rust, as, unlike
`unsafe`, "safe" is not Rust syntax.
 2022-06-25 14:06:03 +02:00
Andrew Lamb
9e0c88bd78 Clarify flatbuffers RUSTSEC-2021-0122.md (#1268) 
It may be hard for non Rust experts to understand what the implications of "is `unsafe` but not marked as such" means

I propose adding some more supporting information
 2022-06-24 16:17:18 +02:00
Sergey "Shnatsel" Davidoff
49fb6c0b94 Revert "Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263)" (#1264) 
This reverts commit 7cbdcd8500.
 2022-06-20 14:19:49 +02:00
pinkforest(she/her)
7cbdcd8500 Fix RUSTSEC-2022-0025,26,27 openssl-src for the 111 stream (#1263) 
* Fix advisory openssl-src 111 stream patched

* not a semver

* make 111 affected
 2022-06-17 13:15:51 +02:00
github-actions[bot]
f10f232879 Assigned RUSTSEC-2022-0029 to crossbeam (#1261) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-06-08 01:12:13 +02:00
Sergey "Shnatsel" Davidoff
e8ef9ea980 Add patched version to im RUSTSEC-2020-0096 (#1259) 2022-06-08 01:10:26 +02:00
Ben Kimock
6a769d1d24 Report data race/memory corruption in crossbeam 0.2 (#1260) 2022-06-08 01:10:09 +02:00
Tony Arcieri
f79eb4bad9 Revert "Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242)" (#1258) 
This reverts commit a47cd63007.

The advisory was withdrawn based on discussions around whether read-only
environment variable access constitutes a vulnerability.

However, per the `time` crate's author @jhpratt, the crate also modifies
the environment and therefore the advisory should *not* be withdrawn:

https://github.com/rustsec/advisory-db/pull/1242#issuecomment-1144903688
 2022-06-02 08:37:44 -06:00
github-actions[bot]
29281434b7 Assigned RUSTSEC-2022-0028 to neon (#1257) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-05-23 16:11:11 -04:00
K.J. Valencik
b3bf55706f Use after free in Neon externally allocated JavaScript buffers (#1256) 2022-05-23 16:05:22 -04:00
Tony Arcieri
ef71758448 README.md: maintained as of Q2 2022 2022-05-23 08:11:59 -06:00
Tony Arcieri
c1d94fd681 Bump rustsec-admin to v0.7.0 (#1255) 
Release notes: https://github.com/rustsec/rustsec/pull/575
 2022-05-23 07:50:54 -06:00
Ralf Jung
b4d8786707 fix hyper patched version number (#1250) 2022-05-20 13:16:20 +02:00
Alexis Mousset
0abe74330b Fix category of RUSTSEC-2022-0025 (#1249) 2022-05-19 22:32:59 +02:00
github-actions[bot]
bdc5813f40 Assigned RUSTSEC-2022-0027 to openssl-src (#1248) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:41:25 +02:00