advisory-db

mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00

Author	SHA1	Message	Date
Konrad Borowski	dce22c22b2	Add advisory for yaml-rust	2018-09-17 08:48:40 +02:00
Tony Arcieri	b2125b68a5	Merge pull request #58 from RustSec/remove-obsolete-advisories-toml Delete Advsories.toml (closes #29)	2018-09-01 08:52:18 -07:00
Tony Arcieri	eb590d36f2	Delete Advsories.toml (closes #29 ) The `rustsec` crate now uses a git-based fetcher which fetches the entire repository and parses the individual TOML files for each advisory (where previously it used an HTTP-based fetcher and fetched only the `Advisories.toml` file). Now that most users have updated to the git-based fetcher, we can remove the now-redundant Advisories.toml. See: <https://github.com/RustSec/advisory-db/issues/29>	2018-09-01 08:38:46 -07:00
Tony Arcieri	dba1030450	Merge pull request #57 from RustSec/RUSTSEC-2018-9999-abandon-advisories-toml RUSTSEC-2018-9999: cargo-audit meta advisory for <0.3	2018-08-25 08:22:57 -07:00
Tony Arcieri	5bc9be8a5f	RUSTSEC-2018-9999: cargo-audit meta advisory for <0.3 Adds a "meta advisory" only to Advisories.toml noting that `Advisories.toml` will be deleted on September 1st, 2018. Versions of cargo-audit >= 0.3 will never see this, because they do not parse Advisories.toml but instead read the individual advisory files for each crate. See: https://github.com/RustSec/advisory-db/issues/29	2018-08-25 08:04:47 -07:00
Tony Arcieri	91faf10576	Merge pull request #56 from RustSec/fix-contributing-template-link CONTRIBUTING.md: Fix link to template	2018-08-25 07:43:01 -07:00
Tony Arcieri	a5666efee1	CONTRIBUTING.md: Fix link to template The anchor changed slightly	2018-08-25 07:36:28 -07:00
Tony Arcieri	640b577a2a	Merge pull request #55 from RustSec/RUSTSEC-2018-0004 Assign RUSTSEC-2018-0004 to claxon	2018-08-25 07:17:13 -07:00
Tony Arcieri	575dc9a705	Assign RUSTSEC-2018-0004 to claxon Original PR: https://github.com/RustSec/advisory-db/pull/54	2018-08-25 07:11:55 -07:00
Tony Arcieri	449223b761	Merge pull request #54 from ruuda/claxon Add advisory for Claxon 0.3.2 and 0.4.1	2018-08-25 07:05:15 -07:00
Ruud van Asseldonk	a79e12f482	Add advisory for Claxon 0.3.2 and 0.4.1	2018-08-25 12:36:22 +02:00
Tony Arcieri	bbfce11be0	Merge pull request #53 from RustSec/document-affected-arch-and-affected-os README.md: Documented `affected_arch` and `affected_os`	2018-07-26 21:17:39 -07:00
Tony Arcieri	03eebdf3d2	README.md: Reorder advisory example	2018-07-26 21:10:29 -07:00
Tony Arcieri	1296249cfb	RUSTSEC-2016-0002.toml: use 'affected_os' attribute Replaces the 'affected_platforms' attribute in rustsec v0.9.	2018-07-26 21:02:15 -07:00
Tony Arcieri	4efb940080	README.md: Documented `affected_arch` and `affected_os` These are new attributes as of `rustsec` crate v0.9.0 which use enums from the `platforms` crate to represent CPU architectures and operating systems. This replaces the previous `affected_platforms` attribute (only used in one advisory)	2018-07-26 21:00:11 -07:00
Tony Arcieri	2f2af6807c	Merge pull request #52 from RustSec/rustsec-0-9 Upgrade to "rustsec" crate v0.9.0	2018-07-26 20:47:41 -07:00
Tony Arcieri	7d9d0973cc	Upgrade to "rustsec" crate v0.9.0	2018-07-26 20:42:51 -07:00
Tony Arcieri	31502e1ce6	Merge pull request #51 from RustSec/add-new-advisories-to-advisories-toml Advisories.toml: Add RUSTSEC-2016-0001 and RUSTSEC-2016-0002	2018-07-24 16:55:11 -07:00
Tony Arcieri	32103ed82b	Advisories.toml: Add RUSTSEC-2016-0001 and RUSTSEC-2016-0002 Adds the newly merged (but oldest chronological!) advisories into the `Advisories.toml` file (which can go away pending #29)	2018-07-24 16:49:01 -07:00
Tony Arcieri	773685e2fb	Merge pull request #50 from RustSec/keywords Keywords	2018-07-24 16:07:10 -07:00
Tony Arcieri	2d9a2632a7	Keywords Documents the new `keywords` attribute and adds keywords to all current advisories. These can be consumed by the web UI.	2018-07-24 16:02:35 -07:00
Tony Arcieri	ac0e00251b	Merge pull request #49 from RustSec/affected-platforms Affected Platforms	2018-07-24 15:58:57 -07:00
Tony Arcieri	2632340526	Affected Platforms Documents the use of the `affected_platforms` attribute in advisories, and adds it to a relevant advisory.	2018-07-24 15:53:43 -07:00
Tony Arcieri	20d789b68d	Merge pull request #48 from RustSec/cleanups Documentation cleanups	2018-07-24 15:42:18 -07:00
Tony Arcieri	ad872b63b2	README.md: Move title/description up in advisory example	2018-07-24 15:36:23 -07:00
Tony Arcieri	0a4f0ee960	CONTRIBUTING.md: Fix link	2018-07-24 15:35:07 -07:00
Tony Arcieri	085b3a4eb6	Merge pull request #47 from RustSec/rustsec-0-8 Upgrade to rustsec 0.8	2018-07-24 15:34:04 -07:00
Tony Arcieri	f7e514c0c8	Upgrade to rustsec 0.8 Adds support for `affected_platforms` and `keywords` attributes on security advisories.	2018-07-24 15:28:57 -07:00
Tony Arcieri	c791a95146	Merge pull request #18 from RustSec/hyper-hostname-verification Advisory: hyper HTTPS MitM due to lack of hostname verification	2018-07-24 12:39:00 -07:00
Tony Arcieri	07219b8d17	Assign RUSTSEC-2016-0002 to hyper Original PR: https://github.com/RustSec/advisory-db/pull/18	2018-07-24 12:33:49 -07:00
Tony Arcieri	8678a77455	Advisory: hyper HTTPS MitM due to lack of hostname verification	2018-07-24 12:03:59 -07:00
Tony Arcieri	68c1d72384	Merge pull request #19 from RustSec/rust-openssl-hostname-verification Advisory: rust-openssl hostname verification	2018-07-24 11:05:31 -07:00
Tony Arcieri	09e3a9eb76	Assign RUSTSEC-2016-0001 to openssl Original PR: https://github.com/RustSec/advisory-db/pull/19	2018-07-24 10:48:20 -07:00
Tony Arcieri	72a4178ca1	Advisory: openssl <0.9.0 may be vulnerable to MitM due to weak defaults	2018-07-24 10:47:29 -07:00
Tony Arcieri	607d038c42	Merge pull request #46 from RustSec/readme-template-fixups README.md: Fixups for TOML template	2018-07-24 08:20:29 -07:00
Tony Arcieri	9c2f9c39a7	README.md: Fixups for TOML template Add `id` field, cleanup comments, mandatory/optional notes, and ordering	2018-07-24 08:07:28 -07:00
Tony Arcieri	ad30725335	Merge pull request #45 from RustSec/readme-cleanups README.md: Better highlight cargo-audit and cleanup copy	2018-07-23 17:31:28 -07:00
Tony Arcieri	992eff3473	README.md: Better highlight cargo-audit and cleanup copy	2018-07-23 17:26:14 -07:00
Tony Arcieri	278cd5b7ce	Merge pull request #44 from RustSec/readme-vuln-reporting README.md: Add vuln reporting instructions	2018-07-23 16:42:13 -07:00
Tony Arcieri	5afa669831	README.md: Add vuln reporting instructions	2018-07-23 16:35:33 -07:00
Tony Arcieri	50686ad52d	Merge pull request #43 from RustSec/contributing CONTRIBUTING.md: Vulnerability reporting instructions and criteria	2018-07-23 14:10:50 -07:00
Tony Arcieri	2505020c63	CONTRIBUTING.md: Vulnerability reporting instructions and criteria This is long overdue! (see #25) It provides basic instructions for filing advisories against the database, and also some guidelines for what types of vulnerabilities qualify.	2018-07-23 13:44:47 -07:00
Tony Arcieri	bb7ef0697c	Merge pull request #42 from RustSec/convert-check-to-bin Convert CI check process to use a bin instead of testing a lib	2018-07-23 12:36:02 -07:00
Tony Arcieri	b139f2db89	Convert CI check process to use a bin instead of testing a lib This allows us to add some additional commands to the Rust-based part of this crate.	2018-07-23 12:28:10 -07:00
Tony Arcieri	187c9feef5	Merge pull request #41 from RustSec/readme-gitter-badge README.md: Add gitter badge	2018-07-23 11:42:35 -07:00
Tony Arcieri	2777a29883	README.md: Add gitter badge	2018-07-23 11:34:22 -07:00
Tony Arcieri	ffbf3cf971	Merge pull request #40 from RustSec/rustsec-0-7 Update 'rustsec' crate to 0.7	2018-07-22 17:59:28 -07:00
Tony Arcieri	f5d0ea12a2	Update 'rustsec' crate to 0.7	2018-07-22 17:51:45 -07:00
Tony Arcieri	5920a40e72	Merge pull request #39 from RustSec/rustsec-0-7-0-alpha3 Update to 'rustsec' crate v0.7.0-alpha3	2018-07-22 13:38:25 -07:00
Tony Arcieri	f9af1317ac	Update to 'rustsec' crate v0.7.0-alpha3 Testing the alpha crate on the live repository prior to a final release	2018-07-22 13:29:03 -07:00

1 2 3

117 Commits