OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,741 Commits 1 Branch 0 Tags
f3cc4cd03e04540c57bbf244fd34d0e757cec379
Commit Graph

1741 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
LingMan
f3cc4cd03e Add a dependabot config (#1371) 
Dependabot will watch the workflow files in .github/workflows and
automatically file PRs if there are updates available for any of the used
Actions.
 2022-08-18 07:44:02 -06:00
pinkforest(she/her)
863d0e654f Document empty versions (#1370) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-18 14:30:36 +10:00
René Kijewski
b75822a011 RUSTSEC-2022-0049: recategorize as memory-exposure (#1368) 
Because of the bug random data was read, but still written into a sane
buffer.
 2022-08-17 03:08:30 +10:00
github-actions[bot]
84997ea578 Assigned RUSTSEC-2022-0049 to iana-time-zone (#1367) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-17 02:53:54 +10:00
René Kijewski
afc10f8aa1 Use after free in MacOS / iOS implementation (#1366) 
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of `CFRelease()` and `str::to_owned()`,
random memory would be copied.
 2022-08-17 02:52:54 +10:00
pinkforest(she/her)
8bf0011f39 Document withdrawn (#1355) 
* Document yanked and withdrawn

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Yank the yanked

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:40:50 +10:00
pinkforest(she/her)
d3eccc4072 Remove yanked 2 (#1364) 
* Remove yanked 2

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Test cache

* Cache back on

* Bump audit cache

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:38:08 +10:00
github-actions[bot]
7b8185d1df Assigned RUSTSEC-2022-0048 to xml-rs (#1365) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-15 12:13:06 +10:00
pinkforest(she/her)
4e5153b854 Add unmaintained xml-rs (#1356) 2022-08-15 12:12:16 +10:00
pinkforest(she/her)
fd7df6ae1c Bump rustsec-admin deprecate yanked (#1363) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-14 18:44:13 -06:00
pinkforest(she/her)
15d6985304 Document references field (#1354) 
* Add references to README.md example

* TOML syntax

* Comment out optional field

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-15 03:55:18 +10:00
pinkforest(she/her)
d86ec54729 Document the Markdown in README example (#1352) 
* Explain the Markdown in README example

* Proper LF
 2022-08-15 03:54:21 +10:00
github-actions[bot]
9739cb7f1e Assigned RUSTSEC-2021-0138 to mz-avro (#1346) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-13 15:17:38 +10:00
Jorge Leitao
4c1283751a Added informal advisory to mz-avro (#1144) 
* Added informal advisory to mz-avro

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Updated date; fixed patch bracket; added note on unlikelyness.
 2022-08-13 15:16:44 +10:00
Sergey "Shnatsel" Davidoff
d052179237 Advertise GHSA integrations, add more tools (#1343) 2022-08-12 18:42:03 +02:00
github-actions[bot]
3ee42e2f72 Assigned RUSTSEC-2022-0047 to oqs (#1345) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:57:37 +02:00
Thom Wiggers
e6ddcfcd98 oqs: PQC signature scheme Rainbow level I parameterset broken (#1337) 2022-08-11 15:54:17 +02:00
Thom Wiggers
cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340) 
* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose
 2022-08-11 15:45:48 +02:00
github-actions[bot]
db3a09a691 Assigned RUSTSEC-2022-0046 to rocksdb (#1344) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-08-11 15:30:57 +02:00
Niklas Fiekas
94e8af7c0c Add out-of-bounds read advisory for rocksdb (#1237) 2022-08-11 15:30:02 +02:00
Andrew Chin
dda8c048b6 Updated README with info on informational advisories (#1341) 2022-08-10 08:19:00 -06:00
github-actions[bot]
0846a34539 Assigned RUSTSEC-2021-0137 to sodiumoxide (#1342) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-10 14:01:59 +10:00
pinkforest(she/her)
8c0fc9759b Add sodiumoxide unmaintained (#1334) 
* Add sodiumoxide unmaintained

* dryoc url

* Add Awesome Rust Cryptography

* Address @tarcieri feedback :thumbsUp:

* Add singatory and ring

* Add Ed25519 libs
 2022-08-10 14:01:23 +10:00
github-actions[bot]
8c261ff246 Assigned RUSTSEC-2022-0045 to oqs (#1339) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-09 12:26:05 +02:00
Thom Wiggers
6629c1333a oqs: SIKE and SIDH are insecure (#1338) 2022-08-09 12:24:53 +02:00
Sergey "Shnatsel" Davidoff
a8ebada593 bump rustsec-admin in publish-web workflow (#1335) 
Required for the changes from https://github.com/rustsec/rustsec/pull/633 to propagate
 2022-08-09 00:30:49 +02:00
Sergey "Shnatsel" Davidoff
c5864c24b5 Fix "ghost" ID assignment PRs (#1332) 2022-08-08 16:21:09 +02:00
github-actions[bot]
744a565d54 Assigned RUSTSEC-2018-0022 to temporary (#1331) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 21:03:27 +10:00
5225225
bacc597558 Add advisory for temporary (#1196) 
Thanks @5225225
 2022-08-08 21:02:14 +10:00
github-actions[bot]
19bb42eae6 Assigned RUSTSEC-2022-0044 to markdown (#1330) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-08 20:21:17 +10:00
Dylan Anthony
f3a8bd7e5b List markdown as unmaintained (#1191) 
* List `markdown` as unmaintained

The `markdown` crate is, naturally, the first one that comes up if you're searching crates.io for "markdown". Unfortunately, that particular crate has not received any updates since November of 2020 despite several known issues with open PRs. I opened https://github.com/johannhof/markdown.rs/issues/48 to request an update on maintenance status nearing a month ago and have no heard anything back.
 2022-08-08 20:20:28 +10:00
Sergey "Shnatsel" Davidoff
d21aadd965 Mention OSV API in the README (#1328) 2022-08-08 11:45:38 +02:00
pinkforest(she/her)
3b3160baec Fix async-graphql patched (#1326) 2022-08-06 16:41:24 +10:00
pinkforest(she/her)
c5aa9e0364 Add Triage Labels Guide (#1323) 
* Add Triage Labels Guide

* Clarify period of objection - it depends

* Clear out grammar

* Link to radiate to intent

* Mark labels as optional

* Move optional to end
 2022-08-06 03:12:27 +02:00
Sergey "Shnatsel" Davidoff
d5c278e8dd Elaborate on informational="unsound" (#1322) 
* Elaborate on `informational="unsound"`

* wodring
 2022-08-05 03:00:49 +02:00
pinkforest(she/her)
bd30502590 Move tower-http out from year 2021 (#1319) 
* Move tower-http out from year 2021

* Yank tower-http 2021
 2022-08-05 00:07:54 +02:00
github-actions[bot]
cfdc01461d Assigned RUSTSEC-2022-0043 to tower-http (#1321) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-05 00:07:43 +02:00
pinkforest(she/her)
2827f80af4 Add tower-http 2022 version (#1320) 2022-08-05 00:06:52 +02:00
github-actions[bot]
0db59724bf Assigned RUSTSEC-2022-0042 to rustdecimal (#1318) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-08-04 23:10:46 +02:00
pinkforest(she/her)
4f53bcba87 Add malicious crate rustdecimal (#1317) 2022-08-04 23:09:40 +02:00
pinkforest(she/her)
a6e020424c Remove redundant lint check from assign-ids (#1315) 2022-08-04 23:01:11 +02:00
Sergey "Shnatsel" Davidoff
259257927a Revert "Add advisory rustdecimal (#1312)" (#1313) 
This reverts commit 52cb9759dc.
 2022-08-04 22:29:06 +02:00
pinkforest(she/her)
52cb9759dc Add advisory rustdecimal (#1312) 2022-08-04 22:20:29 +02:00
Tony Arcieri
36705ccc1d RUSTSEC-2020-0159: remove "withdrawn" (#1310) 
Now that there's an actionable fix, we should encourage people to upgrade
 2022-08-04 13:52:46 -06:00
pinkforest(she/her)
163b82246e Bump rust-admin 0.8.0 --skip-namecheck rustdecimal (#1308) 2022-08-05 04:34:27 +10:00
Sergey "Shnatsel" Davidoff
d87417aea0 useless signed commit to fix toolign that expects signed commits 2022-08-04 20:21:19 +02:00
pinkforest
db78ca0149 Revert "Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal" 2022-08-05 04:11:15 +10:00
pinkforest
63f44b37e5 Adopt rust-admin 0.8.0 --skip-namecheck rustdecimal 2022-08-05 04:10:34 +10:00
Tony Arcieri
6f3502cf6d RUSTSEC-2020-0159 (chrono): add patched version (#1306) 
The 0.4.20 release of `chrono` includes a pure-Rust replacement for
`localtime_r` which eliminates this issue.
 2022-08-04 10:20:07 -06:00
github-actions[bot]
f1c5d4de52 Assigned RUSTSEC-2022-0041 to crossbeam-utils (#1305) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-08-04 23:56:30 +10:00