OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,641 Commits 1 Branch 0 Tags
e1e8e92e89fadd9df8dc35e2b35fd7f5cca7d94b
Commit Graph

1641 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexis Mousset
e1e8e92e89 Add advisory for openssl CVE-2022-1473 (#1245) 2022-05-19 19:35:53 +02:00
David Knaack
a47cd63007 Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242) 2022-05-13 12:27:52 -06:00
Tony Arcieri
ca1383b258 Withdraw RUSTSEC-2020-0159: unsound localtime_r call in chrono (#1241) 
Per rustsec/advisory-db#1190, it would be good to move to a policy where
we don't file advisories against crates which perform unsynchronized
reads from the process environment, and instead focus only on crates
which modify the process environment in an unsynchronized manner.
 2022-05-12 09:45:54 -06:00
github-actions[bot]
ba96a13792 Assigned RUSTSEC-2022-0024 to double-checked-cell (#1240) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 23:13:02 +02:00
Niklas Fiekas
0653c8f324 Self-report double-checked-cell as unmaintained (#1239) 2022-05-11 23:05:53 +02:00
github-actions[bot]
7b009b96f7 Assigned RUSTSEC-2022-0023 to static_type_map (#1238) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 21:44:11 +02:00
Malobre
30e1ac3cd5 Create RUSTSEC-0000-0000.md (#1236) 2022-05-11 21:41:08 +02:00
github-actions[bot]
eb8c788bc0 Assigned RUSTSEC-2022-0022 to hyper (#1235) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 20:45:40 +02:00
Ralf Jung
6b7b129aef add hyper advisory (#1232) 2022-05-10 20:42:51 +02:00
github-actions[bot]
e78650dfe3 Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 17:20:48 +02:00
Ralf Jung
bf2e0598f5 add crossbeam advisories for incorrect (unsound) zeroed memory (#1231) 
* add crossbeam queue advisory

* also add crossbeam-channel issue
 2022-05-10 17:04:04 +02:00
github-actions[bot]
7975ad680c Assigned RUSTSEC-2022-0018 to totp-rs (#1230) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-09 20:08:13 +02:00
Cléo Rebert
fa5b6696cf Possible timing attack in totp-rs (#1229) 
* Create RUSTSEC-0000-0000.md

* Fix [affected.functions]
 2022-05-09 20:03:01 +02:00
Tony Arcieri
2875efb2f1 HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192) 
Initial guide on policy around what RustSec considers to be an
unmaintained crate as well as the policy for filing an advisory
 2022-05-01 14:16:16 -06:00
github-actions[bot]
83c13d8c0a Assigned RUSTSEC-2022-0017 to array-macro (#1225) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-04-27 21:05:18 +02:00
Konrad Borowski
c29b239a56 Add advisory for using impure constants in array-macro (#1224) 2022-04-27 19:55:44 +02:00
dylni
b2ba503c74 Add patch version for fruity (#1223) 2022-04-19 02:03:30 +02:00
Sergey "Shnatsel" Davidoff
00a1687a13 Update RUSTSEC-2020-0071.md (#1222) 2022-04-18 03:32:20 +02:00
Nikhil Benesch
ce150ef8cb RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220) 
As far as I can tell, v0.10.0+ was not affected by this bug [0]. The commit which
fixes the unsoundness landed in main before v0.10.0 was released.

[0]: 9d4342c5ff
 2022-04-05 17:24:42 +02:00
github-actions[bot]
fdc6858e60 Assigned RUSTSEC-2022-0016 to wasmtime (#1218) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-03-31 18:54:54 -04:00
Nick Fitzgerald
e6248efe2a Add CVE-2022-24791 for Wasmtime (#1217) 
* Add CVE-2022-24791 for Wasmtime

* Update CVE-2022-24791

* Update crates/wasmtime/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2022-03-31 18:41:14 -04:00
github-actions[bot]
1aca83f114 Assigned RUSTSEC-2022-0015 to pty (#1215) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-22 08:52:42 -06:00
Arne Beer
64335d3028 Add unmaintained advisory for pty (#1213) 2022-03-22 08:37:21 -06:00
github-actions[bot]
67704dcc47 Assigned RUSTSEC-2022-0014 to openssl-src (#1211) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-16 10:05:15 -04:00
Alexis Mousset
fe9edcce36 Add CVE-2022-0778 for openssl-src (#1210) 2022-03-16 08:00:11 -06:00
github-actions[bot]
81e4691173 Assigned RUSTSEC-2022-0013 to regex (#1208) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-08 08:14:30 -07:00
Pietro Albini
33aa20762e add cve-2022-24713 (#1207) 2022-03-08 08:09:59 -07:00
Sergey "Shnatsel" Davidoff
a4120c1dce mark RUSTSEC-2021-0019 fixed, add references (#1206) 
* Add references URLs to RUSTSEC-2021-0019

* update links to rust-x-bindings/ instead of rtbo/ which 404

* Fixed in v1.0
 2022-03-06 12:11:48 +01:00
Sergey "Shnatsel" Davidoff
5bf3891522 RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200) 
The author of `recursive_referene` has reached out to me and clarified that it does not serve the same use cases as `rental`
 2022-03-06 12:02:04 +01:00
github-actions[bot]
d5b3ecf4b5 Assigned RUSTSEC-2022-0012 to arrow2 (#1205) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-03-04 19:17:34 +01:00
Jorge Leitao
7b3eed6924 Added advisory for arrow2::ffi::Ffi_ArrowArray double free (#1204) 
* Added advisory for Arrow2 FFI_ArrowArray

* add "memory-corruption" category

* Fix version

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-03-04 19:08:01 +01:00
github-actions[bot]
616ecfe7a3 Assigned RUSTSEC-2022-0011 to rust-crypto (#1202) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-01 09:17:42 -07:00
Max Dymond
6ffb74d491 rust-crypto: miscomputation when performing AES encryption (#1201) 2022-03-01 09:15:40 -07:00
Sebastian Klose
0ff38eb722 Update RUSTSEC-2020-0150.md (#1199) 
This CVE has been fixed in version 0.3. Please see https://github.com/sklose/disrustor/issues/1 for details.
 2022-02-21 16:23:42 -05:00
github-actions[bot]
6627556189 Assigned RUSTSEC-2022-0010 to enum-map (#1198) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-18 23:15:59 +01:00
Konrad Borowski
52b96a91c2 Add unsoundness advisory for enum-map (#1197) 
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-18 23:00:29 +01:00
Sergey "Shnatsel" Davidoff
97388358de Suggest maintained alternatives for Rental advisory (#1187) 
* Suggest maintained alternatives for Rental advisory

* move `ouroboros` higher on the list as by far the most popular

* add `escher`; thanks to Nick12 for suggesting
 2022-02-09 15:34:03 +01:00
Thomas Eizinger
9079010767 Update RUSTSEC-2022-0009.md (#1186) 
* Update RUSTSEC-2022-0009.md

We published a semver compatible upgrade that includes the security fix.

* A 0.30.x point release has been issued; include it

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-07 15:18:27 +01:00
github-actions[bot]
17946d71c3 Assigned RUSTSEC-2020-0162 to tokio-proto (#1185) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-07 03:25:36 +01:00
Ben Kimock
ff3a52648c Mark tokio-proto as deprecated (#1184) 
* Mark tokio-proto as deprecated

* Note that the repo is archived
 2022-02-07 03:23:42 +01:00
github-actions[bot]
8f550f1235 Assigned RUSTSEC-2022-0009 to libp2p-core (#1183) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-07 01:53:14 +01:00
Thomas Eizinger
ec4cc26a33 Add entry for libp2p-core vulnerability (#1182) 
* Add entry for libp2p-core vulnerability

* Update crates/libp2p-core/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

* Update crates/libp2p-core/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-07 01:49:19 +01:00
Sergey "Shnatsel" Davidoff
b2a864d3d9 Add patched version to DashMap advisory (#1181) 2022-02-06 18:02:38 +01:00
github-actions[bot]
c9a98f3b36 Assigned RUSTSEC-2022-0008 to windows (#1178) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-04 16:22:53 +01:00
Konrad Borowski
989da55082 Add advisory for windows (#1177) 2022-02-04 16:00:05 +01:00
github-actions[bot]
9da1eb7ef4 Assigned RUSTSEC-2022-0007 to qcell (#1172) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-24 18:41:17 +01:00
Jim Peters
3c8a9dc31d Add qcell crate advisory (#1171) 
Co-authored-by: Jim Peters <jim@uazu.net>
 2022-01-24 18:38:17 +01:00
github-actions[bot]
9839c6ee0f Assigned RUSTSEC-2022-0006 to thread_local (#1170) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-24 15:39:43 +01:00
Ibraheem Ahmed
1ecfb4a345 Add advisory for Amanieu/thread_local-rs#33 (#1169) 
* Create RUSTSEC-0000-0000.md

* Correct folder

* Revert "Correct folder"

This reverts commit 0dbbd24844e040f8ed95f21f91740781a3317136.

* Correct package name

Co-authored-by: Sergey "Shnatsel" Davidoff <sdavydov@google.com>
 2022-01-24 15:36:41 +01:00
github-actions[bot]
0ca65bbdd4 Assigned RUSTSEC-2022-0005 to ftd2xx-embedded-hal (#1168) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-01-22 19:27:42 +01:00