[[advisory]]
id = "RUSTSEC-2017-0001"
package = "sodiumoxide"
patched_versions = [">= 0.0.14"]
dwf = []
date = "2017-01-26"
url = "https://github.com/dnaq/sodiumoxide/issues/154"
title = "scalarmult() vulnerable to degenerate public keys"
description = """
The `scalarmult()` function included in previous versions of this crate
accepted all-zero public keys, for which the resulting Diffie-Hellman shared
secret will always be zero regardless of the private key used.

This issue was fixed by checking for this class of keys and rejecting them
if they are used.
"""

[[advisory]]
id = "RUSTSEC-2017-0002"
package = "hyper"
patched_versions = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]
dwf = []
date = "2017-01-23"
url = "https://github.com/hyperium/hyper/wiki/Security-001"
title = "headers containing newline characters can split messages"
description = """
Serializing of headers to the socket did not filter the values for newline bytes (\r or \n),
which allowed for header values to split a request or response. People would not likely include
newlines in the headers in their own applications, so the way for most people to exploit this
is if an application constructs headers based on unsanitized user input.

This issue was fixed by replacing all newline characters with a space during serialization of
a header value.
"""

[[advisory]]
id = "RUSTSEC-2017-0003"
package = "security-framework"
patched_versions = [">= 0.1.12"]
dwf = []
date = "2017-03-15"
url = "https://github.com/sfackler/rust-security-framework/pull/27"
title = "Hostname verification skipped when custom root certs used"
description = """
If custom root certificates were registered with a `ClientBuilder`, the
hostname of the target server would not be validated against its presented leaf
certificate.

This issue was fixed by properly configuring the trust evaluation logic to
perform that check.
"""

[[advisory]]
id = "RUSTSEC-2017-0004"
package = "base64"
patched_versions = [">= 0.5.2"]
dwf = []
url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf"
date = "2017-05-03"
description = """
Affected versions of this crate suffered from an integer overflow bug when
calculating the size of a buffer to use when encoding base64 using the
`encode_config_buf` and `encode_config` functions.  If the input string
was large, this would cause a buffer to be allocated that was too small.
Since this function writes to the buffer using unsafe code, it would
allow an attacker to write beyond the buffer, causing memory corruption
and possibly the execution of arbitrary code.

This flaw was corrected by using checked arithmetic to calculate
the size of the buffer.
"""