rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

This time for real

Browse Source
This commit is contained in:
Sergey "Shnatsel" Davidoff
2022-12-02 00:42:13 +01:00
parent cdcba468f6
commit 533cee8048
1 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
EXAMPLE_ADVISORY.md
View File

@@ -1,7 +1,7 @@
```toml
# Before you submit a PR using this template, **please delete the comments**
# explaining each field, as well as any unused fields.
# All optional fields are commented out.
# Optional fields are commented out.
[advisory]
# Identifier for the advisory (mandatory). Will be assigned a "RUSTSEC-YYYY-NNNN"
@@ -15,14 +15,15 @@ package = "mycrate"
date = "2021-01-31"
# URL to a long-form description of this issue, e.g. a GitHub issue/PR,
# a change log entry, or a blogpost announcing the release (optional)
url = "https://github.com/mystuff/mycrate/issues/123"
# a change log entry, or a blogpost announcing the release (optional but recommended)
#url = "https://github.com/mystuff/mycrate/issues/123"
# URL to additional helpful references regarding the advisory (optional)
#references = ["https://github.com/mystuff/mycrate/discussions/1"]
# Optional: Indicates the type of informational security advisory
# - "unsound" for soundness issues
# Indicates the type of informational security advisory (surfaced as a warning, not an error)
# - "unsound" for soundness issues that can only be triggered by a programmer
# (as opposed to e.g. a malicious input), and/or require very contrived code to trigger.
# - "unmaintained" for crates that are no longer maintained
# - "notice" for other informational notices
#informational = "unmaintained"
@@ -37,18 +38,28 @@ url = "https://github.com/mystuff/mycrate/issues/123"
#cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
# Freeform keywords which describe this vulnerability, similar to Cargo (optional)
keywords = ["ssl", "mitm"]
# keywords = ["ssl", "mitm"]
# Vulnerability aliases, e.g. CVE IDs (optional but recommended)
# Request a CVE for your RustSec vulns: https://iwantacve.org/
# Vulnerability aliases, e.g. CVE IDs
# You can request a CVE for your vulns at https://iwantacve.org/
#aliases = ["CVE-2018-XXXX"]
# Related vulnerabilities (optional)
# e.g. CVE for a C library wrapped by a -sys crate)
#related = ["CVE-2018-YYYY", "CVE-2018-ZZZZ"]
# Optional: metadata which narrows the scope of what this advisory affects
# Metadata which narrows the scope of what this advisory affects
[affected]
# Versions which include fixes for this vulnerability (mandatory)
# Supported operators: < <= = >= > ^ ~
# use `patched = []` in case there is no fixed version
[versions]
patched = ["^ 1.1.7", ">= 1.2.5"]
# Versions which were never vulnerable
#unaffected = ["< 1.0.0"]
# CPU architectures impacted by this vulnerability (optional).
# Only use this if the vulnerability is specific to a particular CPU architecture,
# e.g. the vulnerability is in x86 assembly.
@@ -68,15 +79,7 @@ keywords = ["ssl", "mitm"]
# name (e.g. if the function was renamed between versions).
# The path syntax is `cratename::path::to::function`, without any
# parameters or additional information, followed by a list of version reqs.
functions = { "mycrate::MyType::vulnerable_function" = ["< 1.2.0, >= 1.1.0"] }
# Versions which include fixes for this vulnerability (mandatory)
# use patched = [] e.g. in case of unmaintained where there is no fix
[versions]
patched = [">= 1.2.0"]
# Versions which were never vulnerable (optional)
#unaffected = ["< 1.1.0"]
#functions = { "mycrate::MyType::vulnerable_function" = ["< 1.2.0, >= 1.1.0"] }
```
# RustSec Advisory Template - Advisory Title Goes Here