OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
865 Commits 1 Branch 0 Tags
fbb1d34eebbf462c3e85f246e079f547fe032d74
Commit Graph

490 Commits

Author SHA1 Message Date
Jacob Rothstein
fbb1d34eeb File an advisory for async-h1 < 2.3.0 2020-12-17 17:50:01 -08:00
github-actions[bot]
ac20d3a702 Assigned RUSTSEC-2020-0092 to concread (#535) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2020-12-17 14:42:35 -05:00
Youngsuk Kim
56276f96a6 Add advisory for data race in concread (#532) 2020-12-17 14:39:03 -05:00
github-actions[bot]
f64c4fc8bb Assigned RUSTSEC-2020-0091 to arc-swap (#531) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-11 10:31:21 -08:00
Michal 'vorner' Vaner
80d45a8d18 Dangling reference in arc_swap::access::Map (#530) 2020-12-11 10:09:15 -08:00
Lyndon Brown
4e0c71a0d6 Fix wrong url (#529) 
Mistake from fb2a1a6c47
 2020-12-11 06:38:51 -08:00
github-actions[bot]
189213fa5e Assigned RUSTSEC-2020-0090 to thex (#527) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:44:25 -08:00
Ammar Askar
f71bc5a6d3 Add advisory for data race in thex (#523) 2020-12-09 07:41:23 -08:00
github-actions[bot]
a043a90d0c Assigned RUSTSEC-2020-0089 to nanorand (#526) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-09 07:33:38 -08:00
aspen
e90491ebc6 Add nanorand 0.5.0 RNG weakness (#525) 2020-12-09 07:32:30 -08:00
tarcieri
955ad994f1 Assigned RUSTSEC-2020-0088 to magnetic 2020-12-07 17:34:10 +00:00
Yechan Bae
bd3cb8dd83 Report 0050-magnetic to RustSec (#519) 2020-12-07 09:33:32 -08:00
github-actions[bot]
f17cd12f02 Assigned RUSTSEC-2020-0087 to try-mutex (#521) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:33:02 -08:00
Yechan Bae
639d1b1be1 Report 0047-try-mutex to RustSec (#517) 2020-12-07 09:27:27 -08:00
github-actions[bot]
ed9dba3262 Assigned RUSTSEC-2020-0083 to safe_app, RUSTSEC-2020-0084 to safe_authenticator, RUSTSEC-2020-0085 to safe_vault, RUSTSEC-2020-0086 to safe_core (#520) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-07 09:22:02 -08:00
Stephen Coyle
61d315ae6f Renamed crates (#518) 
- `safe_core` has been renamed to `sn_client`
- `safe_app` has been superseded by `sn_client`
- `safe_authenticator` has been superseded by `sn_client`.
- `safe_vault` has been renamed to `sn_node`.
 2020-12-07 09:17:30 -08:00
Matt Brubeck
dec05d79ab Minor changes to wording of RUSTSEC-2020-0082 (#516) 
This clarifies that UB can happen during unwinding, and not only after
catching a panic.
 2020-12-06 15:25:23 -05:00
Shnatsel
65c6ad732d Assigned RUSTSEC-2020-0082 to ordered-float 2020-12-06 20:11:29 +00:00
Matt Brubeck
1b49d499c4 ordered_float:NotNan may contain NaN after unwinding in assignment operators 
After using an assignment operators such as `NotNan::add_assign`,
`NotNan::mul_assign`, etc., it was possible for the resulting `NotNan`
value to contain a `NaN`.  This could cause undefined behavior in safe
code, because the safe `NotNan::cmp` method contains internal unsafe
code that assumes the value is never `NaN`.  (It could also cause
undefined behavior in third-party unsafe code that makes the same
assumption, as well as logic errors in safe code.)

This was mitigated starting in version 0.4.0, by panicking if the
assigned value is NaN.  However, in affected versions from 0.4.0 onward,
code that continued after using unwinding to catch this panic could
still observe the invalid value and trigger undefined behavior.

The flaw is fully corrected in versions 1.1.1 and 2.0.1, by ensuring
that the assignment operators panic without modifying the operand, if
the result would be `NaN`.

Fix details:

https://github.com/reem/rust-ordered-float/pull/20
https://github.com/reem/rust-ordered-float/pull/71
 2020-12-06 12:07:22 -08:00
Shnatsel
af8dc79e89 Assigned RUSTSEC-2020-0081 to mio 2020-12-02 23:54:17 +00:00
Linus Färnstrand
3d7ea41f31 Add unaffected field for older mio 2020-12-03 00:51:55 +01:00
Linus Färnstrand
5f0bbd36c1 Add advisory on mio SocketAddr casting 2020-12-03 00:46:32 +01:00
Shnatsel
548b170bba Assigned RUSTSEC-2020-0080 to miow 2020-12-02 23:44:19 +00:00
Linus Färnstrand
6484507a67 Add advisory on miow SocketAddr casting 2020-12-03 00:41:13 +01:00
Shnatsel
7fb2641888 Assigned RUSTSEC-2020-0079 to socket2 2020-12-02 23:37:25 +00:00
Linus Färnstrand
83b9bfa55a Add advisory on socket2 about casting SocketAddr 2020-12-03 00:33:07 +01:00
Shnatsel
3fafefc320 Assigned RUSTSEC-2020-0078 to net2 2020-12-02 23:22:49 +00:00
Linus Färnstrand
4ddf6680a7 Remove deprecation/upgrade text 2020-12-03 00:21:06 +01:00
Linus Färnstrand
4876ce3b91 Add informational field about unsoundness 2020-12-03 00:01:03 +01:00
Linus Färnstrand
8e4861d90c Reword advisory description 2020-12-02 23:48:43 +01:00
Linus Färnstrand
4c2a45a1db Add advisory on net2 making invalid memory assumptions 2020-12-02 22:56:21 +01:00
github-actions[bot]
fc6aabb66e Assigned RUSTSEC-2020-0077 to memmap (#502) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 11:15:42 -08:00
Kaitlyn Kenwell
5c8b2e64a2 Create advisory for memmap (#501) 2020-12-02 11:13:46 -08:00
github-actions[bot]
5f98540c7e Assigned RUSTSEC-2020-0076 to routing (#500) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-12-02 09:59:27 -08:00
Stephen Coyle
cd269c4848 Add unmaintained crate advisory for routing (#499) 
Has been renamed to `sn_routing`.
 2020-12-02 09:58:32 -08:00
github-actions[bot]
5c449df553 Assigned RUSTSEC-2020-0075 to branca (#498) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-29 06:52:44 -08:00
Johannes
19e7661dae Add advisory for branca (#497) 2020-11-29 06:51:25 -08:00
Shnatsel
798056aa57 Assigned RUSTSEC-2020-0074 to pyo3 2020-11-28 21:17:57 +00:00
Alex Gaynor
b9eed83776 Added advisory for pyo3 reference counting issue 2020-11-28 15:43:56 -05:00
Taiki Endo
4c6de3973f Fix patched version of RUSTSEC-2019-0037 (#494) 2020-11-27 18:51:11 -08:00
Tony Arcieri
84f130870b Rename references fields to related (#492) 
This frees up `references` to be used for tracking multiple URLs with
additional information.

See also: RustSec/advisory-db#429
 2020-11-23 07:55:17 -08:00
Ammar Askar
cd034f750b Add patched version for futures-intrusive's RUSTSEC-2020-0072 (#490) 2020-11-20 09:46:39 -08:00
github-actions[bot]
57ccc941b6 Assigned RUSTSEC-2020-0073 to image (#489) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-20 07:07:55 -08:00
HeroicKatora
5b68bd5a1f Advisory for image issue 1357 (#488) 2020-11-20 07:06:26 -08:00
github-actions[bot]
f958b20831 Assigned RUSTSEC-2020-0072 to futures-intrusive (#487) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:22:59 -08:00
Ammar Askar
15125a950c Report soundness bug with concurrency in futures-intrusive (#482) 2020-11-18 18:22:11 -08:00
github-actions[bot]
1d7066d6d1 Assigned RUSTSEC-2020-0071 to time (#486) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 18:21:00 -08:00
Jacob Pratt
793301b134 Potential segfault in the time crate (#485) 2020-11-18 18:19:28 -08:00
github-actions[bot]
78ad57d13b Assigned RUSTSEC-2020-0070 to lock_api (#484) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2020-11-18 10:06:59 -08:00
Ammar Askar
7b5e78867f Report soundness bug with lock_api (#483) 2020-11-18 10:04:30 -08:00