OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 07:46:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
453 Commits 1 Branch 0 Tags
df7657d332faaa4b1b3b95dcaefb92d7945a974b
Commit Graph

453 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
df7657d332 Fix broken/malformatted outbound links 2020-01-27 07:52:31 -08:00
Tony Arcieri
a6d99fb52e Merge pull request #231 from RustSec/RUSTSEC-2020-0004 
Assign RUSTSEC-2020-0004 to lucet-runtime-internals
 2020-01-27 07:30:39 -08:00
Tony Arcieri
d8e872fd93 Assign RUSTSEC-2020-0004 to lucet-runtime-internals 
Original PR: https://github.com/RustSec/advisory-db/pull/229
 2020-01-27 07:19:15 -08:00
Tony Arcieri
723abd4d2b Merge pull request #229 from jfoote/master 
Add lucet-runtime-internals sigstack allocation vuln advisory
 2020-01-27 07:18:20 -08:00
Tony Arcieri
81d10a945b Merge pull request #230 from RustSec/RUSTSEC-2020-0003 
Assign RUSTSEC-2020-0003 (informational) to rust_sodium
 2020-01-27 07:17:37 -08:00
Tony Arcieri
2b82281e54 Assign RUSTSEC-2020-0003 (informational) to rust_sodium 
Original PR: https://github.com/RustSec/advisory-db/pull/225
 2020-01-27 07:09:23 -08:00
Tony Arcieri
5d16b10103 Merge pull request #225 from S-Coyle/rust_sodium 
Add unmaintained crate informational advisory: rust_sodium
 2020-01-27 07:06:13 -08:00
Tony Arcieri
e5eeccda02 Merge branch 'master' into rust_sodium 2020-01-27 06:44:52 -08:00
Jonathan Foote
0271003e2e Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:36:06 -05:00
Jonathan Foote
3f1f71de9b Update crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml 
Correct quote characters

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
 2020-01-24 15:35:58 -05:00
Jonathan Foote
f8ff9cfc6f Add lucet-runtime-internals sigstack allocation vuln advisory 2020-01-24 15:27:56 -05:00
Stephen Coyle
b300fa84d7 Add unmaintained crate informational advisory: rust_sodium 2020-01-21 12:17:20 +00:00
Tony Arcieri
b88eb18c3b Merge pull request #227 from RustSec/RUSTSEC-2018-0016 
Assign RUSTSEC-2018-0016 to quickersort
 2020-01-20 07:18:00 -08:00
Tony Arcieri
17e82e13d6 Assign RUSTSEC-2018-0016 to quickersort 
Original PR: https://github.com/RustSec/advisory-db/pull/210
 2020-01-20 07:05:35 -08:00
Tony Arcieri
e78d311ee1 Merge pull request #210 from EmbarkStudios/quickersort 
Add advisory for deprecated/unmaintained quickersort
 2020-01-20 06:37:58 -08:00
Tony Arcieri
9fb65308a6 Merge pull request #224 from RustSec/RUSTSEC-2016-0005/add-note-about-rust-crypto-crate-vs-org 
RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto
 2020-01-19 11:37:20 -08:00
Tony Arcieri
e30a06a6b2 RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto 
The `rust-crypto` crate and RustCrypto org have confusingly similar
names, which has caused confusion about this advisory in practice:

https://www.reddit.com/r/rust/comments/e29sxc/ann_rustcryptoaead_v020_heapless_symmetric_aead/f8ujyxm/

This commit adds a small note to disambiguate them and note that
RustCrypto-the-GitHub-org is still maintained.
 2020-01-19 11:07:44 -08:00
Johan Andersson
8b0725132b Fix typo 
Co-Authored-By: Randy Taylor <tehgecKozzz@gmail.com>
 2020-01-17 22:17:06 +01:00
Tony Arcieri
3aa5df1bbc Merge pull request #223 from RustSec/RUSTSEC-2020-0002 
Assign RUSTSEC-2020-0002 to prost
 2020-01-16 13:50:07 -08:00
Tony Arcieri
a5b6099b9d Assign RUSTSEC-2020-0002 to prost 
Original PR: https://github.com/RustSec/advisory-db/pull/222
 2020-01-16 12:52:00 -08:00
Tony Arcieri
35c829803e Merge pull request #222 from dbrgn/prost-stackoverflow 
Add advisory for prost stack overflow
 2020-01-16 12:50:53 -08:00
Danilo Bargen
7a0d254bbe fixup! Add advisory for prost stack overflow 2020-01-16 20:23:41 +01:00
Danilo Bargen
57f553ee45 Add advisory for prost stack overflow 2020-01-16 20:22:21 +01:00
Tony Arcieri
4d051434f0 Merge pull request #221 from roy-work/roy/fix-http-affected-ranges 
Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20
 2020-01-09 14:56:31 -05:00
Roy Wellington Ⅳ
200651cff2 Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 
I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: https://github.com/hyperium/http/issues/352
In that bug, the fixing PR was https://github.com/hyperium/http/pull/360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: 81ceb611cf

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http #354 and http #355.

For the first: the issue: https://github.com/hyperium/http/issues/354
In that bug, the fixing PR was https://github.com/hyperium/http/pull/357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: 82d53dbdfd

For the second: the issue: https://github.com/hyperium/http/issues/355
In that bug, the fixing PR was https://github.com/hyperium/http/pull/362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: 8ffe094df1
 2020-01-09 12:20:27 -05:00
Tony Arcieri
289948245e Merge pull request #220 from RustSec/RUSTSEC-2019-0034 
Assign RUSTSEC-2019-0034 to http
 2020-01-09 12:09:54 -05:00
Tony Arcieri
526892a193 Assign RUSTSEC-2019-0034 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/218
 2020-01-09 11:24:52 -05:00
Tony Arcieri
2aad27e243 Merge pull request #218 from Qwaz/http2 
Add advisory for hyperium/http/issues/354,355
 2020-01-09 11:20:19 -05:00
Tony Arcieri
52e0b4e186 Merge branch 'master' into http2 2020-01-09 10:49:26 -05:00
Tony Arcieri
f35bd92631 Merge pull request #219 from RustSec/RUSTSEC-2019-0033 
Assign RUSTSEC-2019-0033 to http
 2020-01-09 10:49:07 -05:00
Tony Arcieri
0e59ecb72d Assign RUSTSEC-2019-0033 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/217
 2020-01-09 10:37:55 -05:00
Tony Arcieri
8c9c29bbb7 Merge pull request #217 from Qwaz/http1 
Add advisory for hyperium/http/issues/352
 2020-01-09 10:27:46 -05:00
Yechan Bae
ba2df66b30 hyperium/http/issues/354,355 2020-01-09 00:48:06 -05:00
Yechan Bae
36b8de692c hyperium/http/issues/352 2020-01-09 00:45:59 -05:00
Tony Arcieri
891a872b73 Merge pull request #216 from RustSec/RUSTSEC-2020-0001 
Assign RUSTSEC-2020-0001 to trust-dns-server
 2020-01-07 13:17:58 -05:00
Tony Arcieri
e043405eab Assign RUSTSEC-2020-0001 to trust-dns-server 
Original PR: https://github.com/RustSec/advisory-db/pull/215
 2020-01-07 12:57:20 -05:00
Tony Arcieri
628f821b2d Merge pull request #215 from bluejekyll/master 
trust-dns-server additionals processing overflows stack
 2020-01-07 12:55:49 -05:00
Benjamin Fry
1af3b6eea6 trust-dns-server additions processing overflows stack 2020-01-06 13:12:19 -08:00
Tony Arcieri
4a7d05d5d8 Merge pull request #214 from RustSec/readme/bump-maintained-date 
README.md: Bump maintained date to Q1 2020
 2020-01-03 14:06:13 -05:00
Tony Arcieri
b1c200fb52 README.md: Bump maintained date to Q1 2020 2020-01-03 13:49:23 -05:00
Tony Arcieri
5ca94a4b4a Merge pull request #213 from RustSec/RUSTSEC-2019-0031/add-conquer-once 
RUSTSEC-2019-0031: add `conquer-once` as an alternative to `spin`
 2020-01-03 13:48:13 -05:00
Tony Arcieri
694f07e241 RUSTSEC-2019-0031: add conquer-once as an alternative to spin 
https://github.com/oliver-giersch/conquer-once
 2020-01-03 13:32:51 -05:00
Tony Arcieri
d96db2b3d6 Merge pull request #211 from basvandijk/RUSTSEC-2019-0023-string-interner-0.6.4 
string-interner-0.6.4 also fixes RUSTSEC-2019-0023
 2019-12-21 08:30:20 -08:00
Bas van Dijk
158c986aa4 string-interner-0.6.4 also fixes RUSTSEC-2019-0023 
The fix https://github.com/Robbepop/string-interner/pull/10
released in 0.7.1 was also backported to the 0.6 release line in
https://github.com/Robbepop/string-interner/pull/14 and released in 0.6.4.
 2019-12-21 11:43:05 +01:00
Johan Andersson
6da6344b00 Add advisory for deprecated/unmaintained quickersort 
The author of the `quickersort` crate has deprecated it and do not
recommend using it anymore.

Everything in it has been incorporated into std::sort_unstable in the
standard library as of Rust 1.20.
 2019-12-19 00:26:05 +01:00
Tony Arcieri
7bc1753de3 Merge pull request #209 from RustSec/RUSTSEC-2019-0032 
Assign RUSTSEC-2019-0032 to crust
 2019-12-17 07:43:10 -08:00
Tony Arcieri
c2c2e8e1a7 Assign RUSTSEC-2019-0032 to crust 
Original PR: https://github.com/RustSec/advisory-db/pull/204
 2019-12-17 07:32:36 -08:00
Tony Arcieri
63f1b5f0cd Merge pull request #208 from RustSec/RUSTSEC-2019-0031/spin 
Assign RUSTSEC-2019-0031 to spin
 2019-12-17 07:08:45 -08:00
Tony Arcieri
91b9e060e2 Assign RUSTSEC-2019-0031 to spin 
Unmaintained per its author:

https://github.com/mvdnes/spin-rs/commit/7516c80
 2019-12-17 06:42:04 -08:00
Tony Arcieri
159a7a3b55 Merge pull request #204 from simlay/crust-archived 
Added RUSTSEC advisory for crust as an archived/unmaintained.
 2019-11-21 16:38:17 -08:00