mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
64c17acfe3
As announced in #228, this commit migrates all advisories to the new V2 format, which splits version information into a separate section, and now has a structure which corresponds to the internal code structure of the `rustsec` crate. This is a breaking change for users of `cargo-audit` < 0.9, and anyone who has written a 3rd party advisory format parser.
20 lines
618 B
TOML
20 lines
618 B
TOML
[advisory]
|
|
id = "RUSTSEC-2017-0001"
|
|
package = "sodiumoxide"
|
|
aliases = ["CVE-2017-1000168"]
|
|
date = "2017-01-26"
|
|
keywords = ["cryptography"]
|
|
url = "https://github.com/dnaq/sodiumoxide/issues/154"
|
|
title = "scalarmult() vulnerable to degenerate public keys"
|
|
description = """
|
|
The `scalarmult()` function included in previous versions of this crate
|
|
accepted all-zero public keys, for which the resulting Diffie-Hellman shared
|
|
secret will always be zero regardless of the private key used.
|
|
|
|
This issue was fixed by checking for this class of keys and rejecting them
|
|
if they are used.
|
|
"""
|
|
|
|
[versions]
|
|
patched = [">= 0.0.14"]
|