OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,983 Commits 1 Branch 0 Tags
ee9ec5f605a729db41f5adfb8dabdf0ea138c8df
Commit Graph

1983 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Neal H. Walfield
ee9ec5f605 Add advisory for sequoia-openpgp (#1696) 
Attacker-controlled input can lead to an out-of-bounds index, which
causes sequoia-openpgp to panic.  This has been fixed in versions
1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.
 2023-05-31 22:54:59 +02:00
Ralph Giles
e162556b9e Suggest kuchikiki as an alternative to kuchiki (#1698) 
The `kuchiki` crate has been marked unmaintained. We're continuing
to support a fork under then name `kuchikiki` which we intend to
remain semver-compatible with our former upstream.

Suggest this as an alternative in RUSTSEC-2023-0019 since it is
a direct replacement; the other alternatives involve significant
porting effort.
 2023-05-23 14:17:25 -06:00
github-actions[bot]
0e97e6e71f Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-05-16 21:02:51 -06:00
Tony Arcieri
dc083e6955 xsalsa20poly1305 is unmaintained (#1694) 
See https://github.com/RustCrypto/AEADs/pull/525
 2023-05-16 21:01:49 -06:00
Kornel
50bed3ba40 xml-rs is maintained (#1691) 2023-05-05 09:39:54 +02:00
github-actions[bot]
d72795ee51 Assigned RUSTSEC-2023-0036 to tree_magic (#1689) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-24 21:08:42 -06:00
Sanpi
cb9a1fea8e Add unmaintained tree_magic crate (#1678) 2023-04-24 20:54:26 -06:00
github-actions[bot]
5f4eca1362 Assigned RUSTSEC-2023-0035 to enumflags2 (#1688) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-23 14:33:42 -06:00
Maja Kądziołka
0444576c2a enumflags2::make_bitflags unsoundness (#1686) 2023-04-23 14:32:26 -06:00
github-actions[bot]
cab69cc909 Assigned RUSTSEC-2023-0034 to h2 (#1687) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-20 13:17:55 -06:00
Kisaragi
7ca4586eb8 Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Co-authored-by: Sean McArthur <sean@seanmonstar.com>
 2023-04-20 13:16:09 -06:00
Max Ammann
23ff35f825 Fix typos in RUSTSEC-2023-0033 (#1685) 
* Fix typos in RUSTSEC-2023-0033.md

* Update RUSTSEC-2023-0033.md
 2023-04-13 17:43:33 +00:00
github-actions[bot]
f2f107fb96 Assigned RUSTSEC-2023-0033 to borsh (#1683) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-04-13 17:03:15 +00:00
Max Ammann
c4a10fa281 Add notice for borsh issue (#1682) 
* Create RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Update crates/borsh/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-04-13 17:02:24 +00:00
dependabot[bot]
c358dc290a Bump peter-evans/create-pull-request from 4 to 5 (#1677) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 09:47:56 -06:00
Rodolphe Bréard
e6600338c8 Withdraw RUSTSEC-2021-0147 (#1676) 
On Feb 19 2023, the author started to maintain the `daemonize` crate
again. Version 0.5.0 has been released on Feb 25 2023. Therefore, this
crate in no longer unmaintained.
rel #1543
 2023-04-08 21:49:55 +02:00
github-actions[bot]
6078097fb6 Assigned RUSTSEC-2023-0032 to ntru (#1674) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-04-06 20:57:33 +10:00
jcaesar
1eab8594ea Add unsound ntru (#1652) 
* Add ntru unsoundness advisory

* Remove redundant unaffected

* Remove non-versions

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-04-06 20:55:26 +10:00
github-actions[bot]
b0e918536d Assigned RUSTSEC-2023-0031 to spin (#1673) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-04-04 06:56:24 +10:00
Joshua Barretto
8d868299ea Added unsound spin (#1671) 
* Added advisory for spin

* Remove withdrawn artifact

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-04-04 06:55:45 +10:00
github-actions[bot]
719587479a Assigned RUSTSEC-2023-0030 to versionize (#1669) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-25 12:18:50 +00:00
Patrick Roy
63a2f95771 Add advisory for versionize crate (#1662) 
Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
 2023-03-25 12:17:08 +00:00
github-actions[bot]
dea5184a2b Assigned RUSTSEC-2023-0029 to nats (#1668) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 22:37:35 +11:00
pinkforest(she/her)
127e4e658f Fix nats directory (#1667) 
* Fix nats directory

* Fix patched
 2023-03-25 22:36:46 +11:00
Paolo Barbolini
0a1c2353f9 nats MitM vulnerability (#1665) 
* nats MitM vulnerability

* Suggest switching to `async-nats`
 2023-03-25 22:27:07 +11:00
github-actions[bot]
735bd0286f Assigned RUSTSEC-2023-0027 to async-nats, RUSTSEC-2023-0028 to buf_redux (#1664) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:42:41 +11:00
Ossi Herrala
b3d6563b3b Add unmaintained buf_redux (#1614) 
* Add unmaintained advisory of buf_redux

Fixes #1602

* Fil in the advisory

* Wording fixes

* Typo fix

* Wording fixes

* Grammar

* Alloc not core crate for Vec

* Add fork option

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-25 02:39:27 +11:00
Paolo Barbolini
6035ece499 async-nats MitM vulnerability (#1661) 
* Create RUSTSEC-0000-0000.md

* Add category

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* Improve title

* Improve the description and reintroduce formatting

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2023-03-24 15:38:47 +00:00
github-actions[bot]
c48913e44d Assigned RUSTSEC-2023-0025 to git-hash, RUSTSEC-2023-0026 to git-path (#1663) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:33:49 +11:00
Kyle Huey
83e7443d27 Add "unmaintained" advisories for all old Gitoxide crates. (#1644) 
* Add "unmaintained" advisories for all old Gitoxide crates.

Gitoxide mass renamed its crates from git-<crate> to gix-<crate>,
and the old crate names are no longer receiving updates. Create
advisories for all of them with messages pointing to the new crates.

* Reduce to main leaf crates trigger points

Co-authored-by: Sebastian Thiel <sebastian.thiel@icloud.com>

* git-features uses git-hash

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Sebastian Thiel <sebastian.thiel@icloud.com>
 2023-03-25 02:33:23 +11:00
Sergey "Shnatsel" Davidoff
d6377e0188 Fix CI always using an outdated version of rustsec-admin (#1660) 
* Fix CI always using an outdated version of rustsec-admin

* Bump the cache key in tandem with version bump

* Dummy commit to make sure CI works on subsequent runs

* Check that the required version is installed, reinstall if not

* Fix shell syntax

* Dummy commit to make sure CI works on subsequent runs
 2023-03-24 14:38:59 +00:00
github-actions[bot]
cda37f498a Assigned RUSTSEC-2023-0024 to openssl (#1659) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:55:44 -04:00
Paul Kehrer
be5a1c9d27 X509Extension::new and X509Extension::new_nid null ptr deref (#1658) 2023-03-23 22:55:14 -04:00
github-actions[bot]
221585e32d Assigned RUSTSEC-2023-0023 to openssl (#1657) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:47:26 -04:00
Paul Kehrer
5a9bbcceed openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read (#1656) 
* openssl file disclosure

* Update crates/openssl/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2023-03-23 22:46:37 -04:00
github-actions[bot]
f863caf8fd Assigned RUSTSEC-2023-0022 to openssl (#1655) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-03-23 22:21:14 -04:00
Paul Kehrer
929acd512d openssl X509NameBuilder::build thread safety (#1654) 
* openssl X509NameBuilder::build thread safety

* Update crates/openssl/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

---------

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2023-03-23 22:20:39 -04:00
Tony Arcieri
7fcf849f8d README.md: update maintained badge (#1653) 2023-03-23 08:25:13 -06:00
github-actions[bot]
64bba30087 Assigned RUSTSEC-2022-0092 to rmp-serde (#1651) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-22 21:06:54 +00:00
sidunder
458519d840 Add advisory rmp-serde (#1650) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-22 21:03:41 +00:00
github-actions[bot]
802c58bc5b Assigned RUSTSEC-2023-0021 to stb_image (#1648) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-19 15:53:19 +00:00
Matt Brubeck
06a7d1fd04 NULL pointer dereference in stb_image (#1647) 2023-03-19 15:52:01 +00:00
MOZGIII
0888b44843 Update 2022-0076 wasmtime v1 accessor #1645 (#1646) 
* A follow-up after #1645

This is technically required for correctness, as v1 doesn't have this fn at all.

* Update RUSTSEC-2022-0076.md

* Update RUSTSEC-2022-0076.md

Proper v1 fn

* Comma to the rescue

* TOML Tables

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-16 10:49:40 +11:00
MOZGIII
0d3e22c5c8 Update RUSTSEC-2022-0076.md with v1 patch (#1645) 
* Update RUSTSEC-2022-0076.md

The details page at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg says the v1 also has a patched release.

* Correct versions

* Affected fn SemVers

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-16 10:21:27 +11:00
github-actions[bot]
eb28e72f18 Assigned RUSTSEC-2023-0020 to const-cstr (#1642) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-13 05:38:56 +11:00
Ossi Herrala
5c4217537b Add unsound const-cstr (#1613) 
* Add unmaintained advisory for const-cstr

* Fill advisory

* Adjust date

* Fix typo

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Nugine <nugine@foxmail.com>
 2023-03-13 05:36:53 +11:00
github-actions[bot]
fa80f68070 Assigned RUSTSEC-2021-0153 to encoding (#1641) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 18:17:34 +11:00
sidunder
2284b69dd8 Add advisory encoding (#1608) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-12 18:16:58 +11:00
github-actions[bot]
10278a154a Assigned RUSTSEC-2019-0040 to boxfnonce (#1640) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-12 18:15:02 +11:00
sidunder
4bb7a93998 Add boxfnonce informational advisory (#1609) 
Co-authored-by: sidunder <sidunder@users.noreply.github.com>
 2023-03-12 18:14:13 +11:00