OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 23:36:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,653 Commits 1 Branch 0 Tags
f79eb4bad96bc60b816c4e915bfcd836e46ebbf9
Commit Graph

1653 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
f79eb4bad9 Revert "Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242)" (#1258) 
This reverts commit a47cd63007.

The advisory was withdrawn based on discussions around whether read-only
environment variable access constitutes a vulnerability.

However, per the `time` crate's author @jhpratt, the crate also modifies
the environment and therefore the advisory should *not* be withdrawn:

https://github.com/rustsec/advisory-db/pull/1242#issuecomment-1144903688
 2022-06-02 08:37:44 -06:00
github-actions[bot]
29281434b7 Assigned RUSTSEC-2022-0028 to neon (#1257) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-05-23 16:11:11 -04:00
K.J. Valencik
b3bf55706f Use after free in Neon externally allocated JavaScript buffers (#1256) 2022-05-23 16:05:22 -04:00
Tony Arcieri
ef71758448 README.md: maintained as of Q2 2022 2022-05-23 08:11:59 -06:00
Tony Arcieri
c1d94fd681 Bump rustsec-admin to v0.7.0 (#1255) 
Release notes: https://github.com/rustsec/rustsec/pull/575
 2022-05-23 07:50:54 -06:00
Ralf Jung
b4d8786707 fix hyper patched version number (#1250) 2022-05-20 13:16:20 +02:00
Alexis Mousset
0abe74330b Fix category of RUSTSEC-2022-0025 (#1249) 2022-05-19 22:32:59 +02:00
github-actions[bot]
bdc5813f40 Assigned RUSTSEC-2022-0027 to openssl-src (#1248) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:41:25 +02:00
Alexis Mousset
c9177664c2 Add advisory for openssl CVE-2022-1343 (#1243) 2022-05-19 19:39:38 +02:00
github-actions[bot]
52b29cd771 Assigned RUSTSEC-2022-0026 to openssl-src (#1247) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:39:22 +02:00
Alexis Mousset
999edf8809 Add advisory for openssl CVE-2022-1434 (#1244) 2022-05-19 19:37:32 +02:00
github-actions[bot]
4e24c897b5 Assigned RUSTSEC-2022-0025 to openssl-src (#1246) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-19 19:37:21 +02:00
Alexis Mousset
e1e8e92e89 Add advisory for openssl CVE-2022-1473 (#1245) 2022-05-19 19:35:53 +02:00
David Knaack
a47cd63007 Withdraw RUSTSEC-2020-0071: Potential segfault in the time crate (#1242) 2022-05-13 12:27:52 -06:00
Tony Arcieri
ca1383b258 Withdraw RUSTSEC-2020-0159: unsound localtime_r call in chrono (#1241) 
Per rustsec/advisory-db#1190, it would be good to move to a policy where
we don't file advisories against crates which perform unsynchronized
reads from the process environment, and instead focus only on crates
which modify the process environment in an unsynchronized manner.
 2022-05-12 09:45:54 -06:00
github-actions[bot]
ba96a13792 Assigned RUSTSEC-2022-0024 to double-checked-cell (#1240) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 23:13:02 +02:00
Niklas Fiekas
0653c8f324 Self-report double-checked-cell as unmaintained (#1239) 2022-05-11 23:05:53 +02:00
github-actions[bot]
7b009b96f7 Assigned RUSTSEC-2022-0023 to static_type_map (#1238) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-11 21:44:11 +02:00
Malobre
30e1ac3cd5 Create RUSTSEC-0000-0000.md (#1236) 2022-05-11 21:41:08 +02:00
github-actions[bot]
eb8c788bc0 Assigned RUSTSEC-2022-0022 to hyper (#1235) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 20:45:40 +02:00
Ralf Jung
6b7b129aef add hyper advisory (#1232) 2022-05-10 20:42:51 +02:00
github-actions[bot]
e78650dfe3 Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-10 17:20:48 +02:00
Ralf Jung
bf2e0598f5 add crossbeam advisories for incorrect (unsound) zeroed memory (#1231) 
* add crossbeam queue advisory

* also add crossbeam-channel issue
 2022-05-10 17:04:04 +02:00
github-actions[bot]
7975ad680c Assigned RUSTSEC-2022-0018 to totp-rs (#1230) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-05-09 20:08:13 +02:00
Cléo Rebert
fa5b6696cf Possible timing attack in totp-rs (#1229) 
* Create RUSTSEC-0000-0000.md

* Fix [affected.functions]
 2022-05-09 20:03:01 +02:00
Tony Arcieri
2875efb2f1 HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192) 
Initial guide on policy around what RustSec considers to be an
unmaintained crate as well as the policy for filing an advisory
 2022-05-01 14:16:16 -06:00
github-actions[bot]
83c13d8c0a Assigned RUSTSEC-2022-0017 to array-macro (#1225) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-04-27 21:05:18 +02:00
Konrad Borowski
c29b239a56 Add advisory for using impure constants in array-macro (#1224) 2022-04-27 19:55:44 +02:00
dylni
b2ba503c74 Add patch version for fruity (#1223) 2022-04-19 02:03:30 +02:00
Sergey "Shnatsel" Davidoff
00a1687a13 Update RUSTSEC-2020-0071.md (#1222) 2022-04-18 03:32:20 +02:00
Nikhil Benesch
ce150ef8cb RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220) 
As far as I can tell, v0.10.0+ was not affected by this bug [0]. The commit which
fixes the unsoundness landed in main before v0.10.0 was released.

[0]: 9d4342c5ff
 2022-04-05 17:24:42 +02:00
github-actions[bot]
fdc6858e60 Assigned RUSTSEC-2022-0016 to wasmtime (#1218) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-03-31 18:54:54 -04:00
Nick Fitzgerald
e6248efe2a Add CVE-2022-24791 for Wasmtime (#1217) 
* Add CVE-2022-24791 for Wasmtime

* Update CVE-2022-24791

* Update crates/wasmtime/RUSTSEC-0000-0000.md

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 2022-03-31 18:41:14 -04:00
github-actions[bot]
1aca83f114 Assigned RUSTSEC-2022-0015 to pty (#1215) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-22 08:52:42 -06:00
Arne Beer
64335d3028 Add unmaintained advisory for pty (#1213) 2022-03-22 08:37:21 -06:00
github-actions[bot]
67704dcc47 Assigned RUSTSEC-2022-0014 to openssl-src (#1211) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-16 10:05:15 -04:00
Alexis Mousset
fe9edcce36 Add CVE-2022-0778 for openssl-src (#1210) 2022-03-16 08:00:11 -06:00
github-actions[bot]
81e4691173 Assigned RUSTSEC-2022-0013 to regex (#1208) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-08 08:14:30 -07:00
Pietro Albini
33aa20762e add cve-2022-24713 (#1207) 2022-03-08 08:09:59 -07:00
Sergey "Shnatsel" Davidoff
a4120c1dce mark RUSTSEC-2021-0019 fixed, add references (#1206) 
* Add references URLs to RUSTSEC-2021-0019

* update links to rust-x-bindings/ instead of rtbo/ which 404

* Fixed in v1.0
 2022-03-06 12:11:48 +01:00
Sergey "Shnatsel" Davidoff
5bf3891522 RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200) 
The author of `recursive_referene` has reached out to me and clarified that it does not serve the same use cases as `rental`
 2022-03-06 12:02:04 +01:00
github-actions[bot]
d5b3ecf4b5 Assigned RUSTSEC-2022-0012 to arrow2 (#1205) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-03-04 19:17:34 +01:00
Jorge Leitao
7b3eed6924 Added advisory for arrow2::ffi::Ffi_ArrowArray double free (#1204) 
* Added advisory for Arrow2 FFI_ArrowArray

* add "memory-corruption" category

* Fix version

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-03-04 19:08:01 +01:00
github-actions[bot]
616ecfe7a3 Assigned RUSTSEC-2022-0011 to rust-crypto (#1202) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2022-03-01 09:17:42 -07:00
Max Dymond
6ffb74d491 rust-crypto: miscomputation when performing AES encryption (#1201) 2022-03-01 09:15:40 -07:00
Sebastian Klose
0ff38eb722 Update RUSTSEC-2020-0150.md (#1199) 
This CVE has been fixed in version 0.3. Please see https://github.com/sklose/disrustor/issues/1 for details.
 2022-02-21 16:23:42 -05:00
github-actions[bot]
6627556189 Assigned RUSTSEC-2022-0010 to enum-map (#1198) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-02-18 23:15:59 +01:00
Konrad Borowski
52b96a91c2 Add unsoundness advisory for enum-map (#1197) 
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-18 23:00:29 +01:00
Sergey "Shnatsel" Davidoff
97388358de Suggest maintained alternatives for Rental advisory (#1187) 
* Suggest maintained alternatives for Rental advisory

* move `ouroboros` higher on the list as by far the most popular

* add `escher`; thanks to Nick12 for suggesting
 2022-02-09 15:34:03 +01:00
Thomas Eizinger
9079010767 Update RUSTSEC-2022-0009.md (#1186) 
* Update RUSTSEC-2022-0009.md

We published a semver compatible upgrade that includes the security fix.

* A 0.30.x point release has been issued; include it

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-02-07 15:18:27 +01:00