mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
23 lines
761 B
TOML
23 lines
761 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0034"
|
|
package = "http"
|
|
date = "2019-11-16"
|
|
title = "HeaderMap::Drain API is unsound"
|
|
categories = ["memory-corruption"]
|
|
keywords = ["memory-safety", "double-free", "unsound"]
|
|
description = """
|
|
Affected versions of this crate incorrectly used raw pointer,
|
|
which introduced unsoundness in its public safe API.
|
|
|
|
[Failing to drop the Drain struct causes double-free](https://github.com/hyperium/http/issues/354),
|
|
and [it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation](https://github.com/hyperium/http/issues/355).
|
|
|
|
The flaw was corrected in 0.1.20 release of `http` crate.
|
|
"""
|
|
|
|
[affected.functions]
|
|
"http::header::HeaderMap::drain" = ["< 0.1.20"]
|
|
|
|
[versions]
|
|
patched = [">= 0.1.20"]
|