rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove range overlaps, fix some range specifications (#930)

Browse Source 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
This commit is contained in:
Sergey "Shnatsel" Davidoff
2021-06-04 23:26:23 +02:00
committed by GitHub
parent 3e51834f36
commit 40afced5fb
6 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/arc-swap/RUSTSEC-2020-0091.md
View File

@@ -9,7 +9,7 @@ keywords = ["dangling reference"]
aliases = ["CVE-2020-35711"]
[versions]
patched = [">= 1.1.0", ">= 0.4.8"]
patched = [">= 0.4.8, < 1.0.0-0", ">= 1.1.0"]
unaffected = ["< 0.4.2"]
[affected]

2
crates/claxon/RUSTSEC-2018-0004.md
View File

@@ -8,7 +8,7 @@ keywords = ["uninitialized-memory"]
url = "https://github.com/ruuda/claxon/commit/8f28ec275e412dd3af4f3cda460605512faf332c"
[versions]
patched = ["=0.3.2", ">= 0.4.1"]
patched = ["^0.3.2", ">= 0.4.1"]
```
# Malicious input could cause uninitialized memory to be exposed

2
crates/cranelift-codegen/RUSTSEC-2021-0067.md
View File

@@ -9,7 +9,7 @@ keywords = ["miscompile", "sandbox", "wasm"]
aliases = ["CVE-2021-32629"]
[versions]
patched = [">= 0.73.1", ">= 0.74"]
patched = [">= 0.73.1"]
[affected]
arch = ["x86"]

2
crates/miow/RUSTSEC-2020-0080.md
View File

@@ -9,7 +9,7 @@ keywords = ["memory", "layout", "cast"]
informational = "unsound"
[versions]
patched = [">= 0.2.2", ">= 0.3.6"]
patched = ["^ 0.2.2", ">= 0.3.6"]
```
# `miow` invalidly assumes the memory layout of std::net::SocketAddr

2
crates/rand_core/RUSTSEC-2019-0035.md
View File

@@ -12,7 +12,7 @@ url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#05
"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
[versions]
patched = [">= 0.3.1", ">= 0.4.2"]
patched = ["^ 0.3.1", ">= 0.4.2"]
```
# Unaligned memory access

2
crates/trust-dns-proto/RUSTSEC-2018-0007.md
View File

@@ -7,7 +7,7 @@ date = "2018-10-09"
keywords = ["stack-overflow", "crash"]
[versions]
patched = ["^0.4.3", ">= 0.5.0-alpha.3"]
patched = [">= 0.4.3"]
```
# Stack overflow when parsing malicious DNS packet