OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-28 15:28:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bfcf9e99c2bc6d09a6a9e00a62862c6a08b0586f
advisory-db/README.md
Tony Arcieri 05af1866b1 Revert "Merge pull request #8 from RustSec/rename-package-to-crate-name" 
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"

This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
2017-02-26 00:26:22 -08:00

1.7 KiB
Raw Blame History

RustSec Advisory Database Build Status

The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io

Advisory metadata is stored in TOML format for cargo-audit and other automated tools to consume.

Format

Each advisory contains information in TOML format:

[advisory]
package = "mypackage"

# Versions which were never vulnerable
unaffected_versions = ["< 1.1.0"]

# Versions which include fixes for this vulnerability
patched_versions = [">= 1.2.0"]

# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]

# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = false

# Single-line description of a vulnerability
title = "Flaw in X allows Y"

# Disclosure date of the advisory (RFC 3339)
date = "2017-02-25"

# Enter a short-form description of the vulnerability here (required)
description = """
Affected versions of this crate did not properly X.

This allows an attacker to Y.
 
The flaw was corrected by Z.
"""

License

All content in this repository is placed in the public domain.

Public Domain