mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-08 20:47:14 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
25 lines
915 B
TOML
25 lines
915 B
TOML
[advisory]
|
|
id = "RUSTSEC-2018-0003"
|
|
package = "smallvec"
|
|
url = "https://github.com/servo/rust-smallvec/issues/96"
|
|
keywords = ["memory-corruption"]
|
|
title = "Possible double free during unwinding in SmallVec::insert_many"
|
|
date = "2018-07-19"
|
|
description = """
|
|
If an iterator passed to `SmallVec::insert_many` panicked in `Iterator::next`,
|
|
destructors were run during unwinding while the vector was in an inconsistent
|
|
state, possibly causing a double free (a destructor running on two copies of
|
|
the same value).
|
|
|
|
This is fixed in smallvec 0.6.3 by ensuring that the vector's length is not
|
|
updated to include moved items until they have been removed from their
|
|
original positions. Items may now be leaked if `Iterator::next` panics, but
|
|
they will not be dropped more than once.
|
|
|
|
Thank you to @Vurich for reporting this bug.
|
|
"""
|
|
|
|
[versions]
|
|
unaffected = ["< 0.3.2"]
|
|
patched = [">= 0.6.3", "^0.3.4", "^0.4.5", "^0.5.1"]
|