OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
71 Commits 1 Branch 0 Tags
ffbf3cf971ec5219ade8b558148c47ab4c2fd3ea
Commit Graph

71 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
ffbf3cf971 Merge pull request #40 from RustSec/rustsec-0-7 
Update 'rustsec' crate to 0.7
 2018-07-22 17:59:28 -07:00
Tony Arcieri
f5d0ea12a2 Update 'rustsec' crate to 0.7 2018-07-22 17:51:45 -07:00
Tony Arcieri
5920a40e72 Merge pull request #39 from RustSec/rustsec-0-7-0-alpha3 
Update to 'rustsec' crate v0.7.0-alpha3
 2018-07-22 13:38:25 -07:00
Tony Arcieri
f9af1317ac Update to 'rustsec' crate v0.7.0-alpha3 
Testing the alpha crate on the live repository prior to a final release
 2018-07-22 13:29:03 -07:00
Tony Arcieri
cd58ff39f8 Merge pull request #38 from RustSec/remove-dwf-tag-in-favor-of-aliases 
Rename "dwf" TOML tag to "aliases" (closes #36)
 2018-07-21 20:12:38 -07:00
Tony Arcieri
cb81d3ceaa Rename "dwf" TOML tag to "aliases" (closes #36) 
Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
 2018-07-21 19:47:30 -07:00
Tony Arcieri
cf97bdac6e Merge pull request #37 from RustSec/add-ids-to-all-advisories 
crates: Add 'id' attribute to all advisories
 2018-07-21 15:31:29 -07:00
Tony Arcieri
79fd13ac6f crates: Add 'id' attribute to all advisories 
This is needed to parse them with serde directly from these files (as
opposed to using Advisories.toml)
 2018-07-21 15:22:39 -07:00
Tony Arcieri
953f4ca263 Merge pull request #35 from mbrubeck/smallvec 
More patched versions released for smallvec
 2018-07-20 10:38:02 -07:00
Matt Brubeck
194883b71e More patched versions released for smallvec 2018-07-20 10:31:28 -07:00
Tony Arcieri
f5cba30107 Merge pull request #33 from RustSec/maintained-badge 
README.md: Add a 'maintained' shield from shields.io
 2018-07-19 20:26:04 -07:00
Tony Arcieri
2c7428eeaf README.md: Add a 'maintained' shield from shields.io 2018-07-19 20:01:05 -07:00
Tony Arcieri
5036eee5ae Merge pull request #32 from RustSec/code-of-conduct 
Adopt the Contributor Covenant (version 1.4)
 2018-07-19 19:41:37 -07:00
Tony Arcieri
faf18b8d1d Adopt the Contributor Covenant (version 1.4) 
https://www.contributor-covenant.org/
 2018-07-19 19:34:09 -07:00
Tony Arcieri
81d7c1feda Merge pull request #31 from RustSec/fix-rustsec-2018-0002 
Advisories.toml: Fix RUSTSEC-2018-0002
 2018-07-19 19:31:25 -07:00
Tony Arcieri
0a1d62c88d Advisories.toml: Fix RUSTSEC-2018-0002 
`RUSTSEC-2018-0002` was previously assigned to `tar`, but never added to
`Advisories.toml`.

The merge workflow for this could definitely use some
improvements/automation.
 2018-07-19 19:26:08 -07:00
Tony Arcieri
7855ffa911 Assign RUSTSEC-2018-0003 to smallvec 
Original PR:

https://github.com/RustSec/advisory-db/pull/30
 2018-07-19 19:20:54 -07:00
Tony Arcieri
569e6ad8b0 Merge pull request #30 from mbrubeck/smallvec 
Advisory: Possible double free in SmallVec::insert_many
 2018-07-19 19:00:02 -07:00
Matt Brubeck
fd11c62bc5 Advisory: Possible double free in SmallVec::insert_many 
For details, see:

* servo/rust-smallvec#96 - original bug report
* servo/rust-smallvec#103 - fix
 2018-07-19 15:00:38 -07:00
Tony Arcieri
c21aa4af35 Merge pull request #26 from alexcrichton/tar 
Aribtrary filesystem writes in tar 0.4.15 and older
 2018-06-30 10:34:06 +01:00
Alex Crichton
1e553ef856 Aribtrary filesystem writes in tar 0.4.15 and older 
More details inside!
 2018-06-29 13:19:26 -07:00
Tony Arcieri
3c0458d26b Assign RUSTSEC-2018-0001 to untrusted 
Original PR:

https://github.com/RustSec/advisory-db/pull/24
 2018-06-26 00:13:01 +01:00
Tony Arcieri
0c1ba96e69 Merge pull request #24 from oherrala/untrusted-0-6-2 
Advisory: An integer underflow in untrusted 0.6.1 and older which could lead to panic
 2018-06-26 00:05:13 +01:00
Ossi Herrala
f5c8d09051 An integer underflow in untrusted 0.6.1 and older 2018-06-25 21:56:39 +03:00
Tony Arcieri
e8b8bf897a Merge pull request #23 from frewsxcv/patch-1 
RUSTSEC-2017-0004 is also known as CVE-2017-1000430
 2017-12-30 07:45:20 -08:00
Corey Farwell
18d848d456 RUSTSEC-2017-0004 is also known as CVE-2017-1000430 2017-12-29 13:49:40 -08:00
Tony Arcieri
ce29282ad4 RUSTSEC-2017-0001 is also known as CVE-2017-1000168 2017-08-24 08:45:54 -07:00
Tony Arcieri
fafc60ceee Assign RUSTSEC-2017-0005 to cookie 
Original PR:

https://github.com/RustSec/advisory-db/pull/22
 2017-05-08 07:56:46 -07:00
Tony Arcieri
f61627af74 Merge pull request #22 from erickt/master 
Advisory: cookie denial of service
 2017-05-08 07:55:00 -07:00
Erick Tryzelaar
bfcf9e99c2 Advisory: cookie denial of service 2017-05-07 16:06:21 -07:00
Tony Arcieri
524d876a8a Assign RUSTSEC-2017-0004 to base64 
Original PR:

https://github.com/RustSec/advisory-db/pull/21
 2017-05-04 09:52:29 -07:00
Tony Arcieri
9680afb237 Merge pull request #21 from AGWA-forks/master 
Advisory: base64 heap-based buffer overflow
 2017-05-04 09:49:47 -07:00
Andrew Ayer
b9a0862f48 Advisory: base64 heap-based buffer overflow 2017-05-03 17:05:46 -07:00
Tony Arcieri
7e9846989a Merge pull request #17 from RustSec/RUSTSEC-2017-0003 
Assign RUSTSEC-2017-0003 to security-framework
 2017-03-15 22:37:09 -07:00
Tony Arcieri
e6b5f1a74f Assign RUSTSEC-2017-0003 to security-framework 
Original PR:

https://github.com/RustSec/advisory-db/pull/16
 2017-03-15 22:34:43 -07:00
Tony Arcieri
7148181bb8 Merge pull request #16 from sfackler/security-framework 
Advisory: security-framework hostname verification bypass
 2017-03-15 22:29:35 -07:00
Steven Fackler
ffb475d466 Advisory: security-framework hostname verification bypass 2017-03-15 11:47:14 -07:00
Tony Arcieri
fb69bfb65b Merge pull request #14 from RustSec/RUSTSEC-2017-0002 
Assign RUSTSEC-2017-0002 to hyper
 2017-02-28 09:08:22 -08:00
Tony Arcieri
e867ef7194 Assign RUSTSEC-2017-0002 to hyper 
Original PR:

https://github.com/RustSec/advisory-db/pull/12
 2017-02-28 09:02:18 -08:00
Tony Arcieri
57d1036a95 Merge pull request #13 from RustSec/update-to-rustsec-0-5-2 
Update 'rustsec' crate to 0.5.2
 2017-02-28 09:00:09 -08:00
Tony Arcieri
38bc975264 Update 'rustsec' crate to 0.5.2 
This version includes a complete rewrite of the advisory parser
 2017-02-28 08:53:10 -08:00
Tony Arcieri
96b7e7b293 Merge pull request #12 from seanmonstar/patch-1 
add advisory for hyper message splitting vulnerability
 2017-02-28 08:50:49 -08:00
Sean McArthur
4597f51b45 add advisory for hyper message splitting vulnerability 2017-02-27 15:13:17 -08:00
Tony Arcieri
49389c7252 Merge pull request #11 from RustSec/update-rustsec-crate 
Update rustsec crate to ^0.3
 2017-02-26 00:46:09 -08:00
Tony Arcieri
62a4647850 Update rustsec crate 
The latest version handles the `crate_name` -> `package` revert
 2017-02-26 00:43:14 -08:00
Tony Arcieri
ccdccb74cb Merge pull request #10 from RustSec/revert-crate-name 
Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name"
 2017-02-26 00:27:47 -08:00
Tony Arcieri
05af1866b1 Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name" 
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"

This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
 2017-02-26 00:26:22 -08:00
Tony Arcieri
c8e8676d1a Add build status badges to README.md 2017-02-25 23:58:45 -08:00
Tony Arcieri
752d18e5df Add description and license to Cargo.toml 2017-02-25 23:56:39 -08:00
Tony Arcieri
e9232d2962 Merge pull request #9 from RustSec/test-for-well-formed-advisory-db 
Add test to ensure Advisories.toml is well-formed
 2017-02-25 23:52:50 -08:00