mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-03 18:15:23 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
19 lines
562 B
TOML
19 lines
562 B
TOML
[advisory]
|
|
id = "RUSTSEC-2017-0003"
|
|
package = "security-framework"
|
|
date = "2017-03-15"
|
|
keywords = ["mitm"]
|
|
url = "https://github.com/sfackler/rust-security-framework/pull/27"
|
|
title = "Hostname verification skipped when custom root certs used"
|
|
description = """
|
|
If custom root certificates were registered with a `ClientBuilder`, the
|
|
hostname of the target server would not be validated against its presented leaf
|
|
certificate.
|
|
|
|
This issue was fixed by properly configuring the trust evaluation logic to
|
|
perform that check.
|
|
"""
|
|
|
|
[versions]
|
|
patched = [">= 0.1.12"]
|