mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
25 lines
840 B
TOML
25 lines
840 B
TOML
[advisory]
|
|
id = "RUSTSEC-2018-0001"
|
|
package = "untrusted"
|
|
url = "https://github.com/briansmith/untrusted/pull/20"
|
|
keywords = ["crash"]
|
|
title = "An integer underflow could lead to panic"
|
|
date = "2018-06-21"
|
|
description = """
|
|
A mistake in error handling in untrusted before 0.6.2 could lead to an integer
|
|
underflow and panic if a user of the crate didn't properly check for errors
|
|
returned by untrusted.
|
|
|
|
Combination of these two programming errors (one in untrusted and another by
|
|
user of this crate) could lead to a panic and maybe a denial of service of
|
|
affected software.
|
|
|
|
The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also
|
|
advisable that users of untrusted check for their sources for cases where errors
|
|
returned by untrusted are not handled correctly.
|
|
"""
|
|
|
|
[versions]
|
|
patched = [">= 0.6.2"]
|
|
unaffected = []
|