OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 10:05:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,758 Commits 1 Branch 0 Tags
df51dcdf972bebb7d2b1c4ae5861cc0f63dc60e6
Commit Graph

1758 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexis Mousset
df51dcdf97 Remove reference mention from description (#1393) 2022-08-28 23:00:20 +02:00
Sergey "Shnatsel" Davidoff
d998cb999d bump rustsec-admin to 0.8.2 in web workflow (#1392) 2022-08-28 13:42:04 +02:00
github-actions[bot]
c4d6e937dc Assigned RUSTSEC-2022-0053 to mapr (#1387) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:03:54 +10:00
pinkforest(she/her)
49290fcb90 Add unmaintained mapr (#1382) 2022-08-27 16:03:23 +10:00
github-actions[bot]
011edf4cc6 Assigned RUSTSEC-2022-0052 to os_socketaddr (#1386) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-27 16:02:35 +10:00
a-ba
2b84c61925 Add unsoundness in os_socketaddr (#1384) 2022-08-27 16:01:53 +10:00
github-actions[bot]
e0f55ed7b5 Assigned RUSTSEC-2022-0051 to lz4-sys (#1385) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-26 20:18:18 +02:00
Niklas Fiekas
e0b768ba73 lz4-sys: Forward CVE-2021-3520 (#1383) 2022-08-26 20:17:00 +02:00
Volker Mische
f42031da81 Remove mapr as alternative from RUSTSEC-2020-0077 (#1381) 
With the merge of https://github.com/RazrFalcon/memmap2-rs/pull/52 into `memmap2`,
all changes from `mapr` are ported upstream. Hence `memmap2` is now the single best
alternative.
 2022-08-25 17:09:30 +10:00
Armin Ronacher
d8b50de4d4 Added console to RUSTSEC-2021-0139 (#1380) 2022-08-22 00:16:31 +02:00
github-actions[bot]
af9781a543 Assigned RUSTSEC-2021-0139 to ansi_term (#1377) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 18:20:44 +10:00
pinkforest(she/her)
3231714ffe Add unmaintained ansi_term (#1372) 2022-08-19 18:19:41 +10:00
github-actions[bot]
d452043dbb Assigned RUSTSEC-2022-0050 to interledger-packet (#1376) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-19 15:34:11 +10:00
pinkforest(she/her)
7e04331f1e Add unmaintained interledger (#1369) 2022-08-19 15:33:27 +10:00
dependabot[bot]
811c7c256c Bump peter-evans/create-pull-request from 3 to 4 (#1375) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:31 -06:00
dependabot[bot]
57c8f476a1 Bump actions/checkout from 2 to 3 (#1374) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:18 -06:00
dependabot[bot]
b562a37254 Bump actions/cache from 1 to 3 (#1373) 
Bumps [actions/cache](https://github.com/actions/cache) from 1 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 07:55:03 -06:00
LingMan
f3cc4cd03e Add a dependabot config (#1371) 
Dependabot will watch the workflow files in .github/workflows and
automatically file PRs if there are updates available for any of the used
Actions.
 2022-08-18 07:44:02 -06:00
pinkforest(she/her)
863d0e654f Document empty versions (#1370) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-18 14:30:36 +10:00
René Kijewski
b75822a011 RUSTSEC-2022-0049: recategorize as memory-exposure (#1368) 
Because of the bug random data was read, but still written into a sane
buffer.
 2022-08-17 03:08:30 +10:00
github-actions[bot]
84997ea578 Assigned RUSTSEC-2022-0049 to iana-time-zone (#1367) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-17 02:53:54 +10:00
René Kijewski
afc10f8aa1 Use after free in MacOS / iOS implementation (#1366) 
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of `CFRelease()` and `str::to_owned()`,
random memory would be copied.
 2022-08-17 02:52:54 +10:00
pinkforest(she/her)
8bf0011f39 Document withdrawn (#1355) 
* Document yanked and withdrawn

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Yank the yanked

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:40:50 +10:00
pinkforest(she/her)
d3eccc4072 Remove yanked 2 (#1364) 
* Remove yanked 2

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Test cache

* Cache back on

* Bump audit cache

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:38:08 +10:00
github-actions[bot]
7b8185d1df Assigned RUSTSEC-2022-0048 to xml-rs (#1365) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-15 12:13:06 +10:00
pinkforest(she/her)
4e5153b854 Add unmaintained xml-rs (#1356) 2022-08-15 12:12:16 +10:00
pinkforest(she/her)
fd7df6ae1c Bump rustsec-admin deprecate yanked (#1363) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-14 18:44:13 -06:00
pinkforest(she/her)
15d6985304 Document references field (#1354) 
* Add references to README.md example

* TOML syntax

* Comment out optional field

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-15 03:55:18 +10:00
pinkforest(she/her)
d86ec54729 Document the Markdown in README example (#1352) 
* Explain the Markdown in README example

* Proper LF
 2022-08-15 03:54:21 +10:00
github-actions[bot]
9739cb7f1e Assigned RUSTSEC-2021-0138 to mz-avro (#1346) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-13 15:17:38 +10:00
Jorge Leitao
4c1283751a Added informal advisory to mz-avro (#1144) 
* Added informal advisory to mz-avro

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Updated date; fixed patch bracket; added note on unlikelyness.
 2022-08-13 15:16:44 +10:00
Sergey "Shnatsel" Davidoff
d052179237 Advertise GHSA integrations, add more tools (#1343) 2022-08-12 18:42:03 +02:00
github-actions[bot]
3ee42e2f72 Assigned RUSTSEC-2022-0047 to oqs (#1345) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:57:37 +02:00
Thom Wiggers
e6ddcfcd98 oqs: PQC signature scheme Rainbow level I parameterset broken (#1337) 2022-08-11 15:54:17 +02:00
Thom Wiggers
cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340) 
* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose
 2022-08-11 15:45:48 +02:00
github-actions[bot]
db3a09a691 Assigned RUSTSEC-2022-0046 to rocksdb (#1344) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:30:57 +02:00
Niklas Fiekas
94e8af7c0c Add out-of-bounds read advisory for rocksdb (#1237) 2022-08-11 15:30:02 +02:00
Andrew Chin
dda8c048b6 Updated README with info on informational advisories (#1341) 2022-08-10 08:19:00 -06:00
github-actions[bot]
0846a34539 Assigned RUSTSEC-2021-0137 to sodiumoxide (#1342) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-10 14:01:59 +10:00
pinkforest(she/her)
8c0fc9759b Add sodiumoxide unmaintained (#1334) 
* Add sodiumoxide unmaintained

* dryoc url

* Add Awesome Rust Cryptography

* Address @tarcieri feedback :thumbsUp:

* Add singatory and ring

* Add Ed25519 libs
 2022-08-10 14:01:23 +10:00
github-actions[bot]
8c261ff246 Assigned RUSTSEC-2022-0045 to oqs (#1339) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-09 12:26:05 +02:00
Thom Wiggers
6629c1333a oqs: SIKE and SIDH are insecure (#1338) 2022-08-09 12:24:53 +02:00
Sergey "Shnatsel" Davidoff
a8ebada593 bump rustsec-admin in publish-web workflow (#1335) 
Required for the changes from https://github.com/rustsec/rustsec/pull/633 to propagate
 2022-08-09 00:30:49 +02:00
Sergey "Shnatsel" Davidoff
c5864c24b5 Fix "ghost" ID assignment PRs (#1332) 2022-08-08 16:21:09 +02:00
github-actions[bot]
744a565d54 Assigned RUSTSEC-2018-0022 to temporary (#1331) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 21:03:27 +10:00
5225225
bacc597558 Add advisory for temporary (#1196) 
Thanks @5225225
 2022-08-08 21:02:14 +10:00
github-actions[bot]
19bb42eae6 Assigned RUSTSEC-2022-0044 to markdown (#1330) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 20:21:17 +10:00
Dylan Anthony
f3a8bd7e5b List markdown as unmaintained (#1191) 
* List `markdown` as unmaintained

The `markdown` crate is, naturally, the first one that comes up if you're searching crates.io for "markdown". Unfortunately, that particular crate has not received any updates since November of 2020 despite several known issues with open PRs. I opened https://github.com/johannhof/markdown.rs/issues/48 to request an update on maintenance status nearing a month ago and have no heard anything back.
 2022-08-08 20:20:28 +10:00
Sergey "Shnatsel" Davidoff
d21aadd965 Mention OSV API in the README (#1328) 2022-08-08 11:45:38 +02:00
pinkforest(she/her)
3b3160baec Fix async-graphql patched (#1326) 2022-08-06 16:41:24 +10:00