rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

mark RUSTSEC-2021-0019 fixed, add references (#1206)

Browse Source 
* Add references URLs to RUSTSEC-2021-0019

* update links to rust-x-bindings/ instead of rtbo/ which 404

* Fixed in v1.0
This commit is contained in:
Sergey "Shnatsel" Davidoff
2022-03-06 12:11:48 +01:00
committed by GitHub
parent 5bf3891522
commit a4120c1dce
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
crates/xcb/RUSTSEC-2021-0019.md
View File

@@ -10,10 +10,11 @@ aliases = [
]
date = "2021-02-04"
url = "https://github.com/RustSec/advisory-db/issues/653"
references = ["https://github.com/rust-x-bindings/rust-xcb/issues/78", "https://github.com/rust-x-bindings/rust-xcb/issues/94", "https://github.com/rust-x-bindings/rust-xcb/issues/95", "https://github.com/rust-x-bindings/rust-xcb/issues/96"]
categories = ["memory-corruption", "memory-exposure"]
[versions]
patched = []
patched = [">= 1.0"]
```
# Multiple soundness issues
@@ -26,7 +27,7 @@ X11 server without any validity checks. The X11 server only prevents interior
null bytes, but otherwise allows any X11 client to create an atom for arbitrary
bytes.
This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/96
This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/96
## `xcb::xproto::GetPropertyReply::value()` allows arbitrary return types
@@ -37,7 +38,7 @@ the X11 server are interpreted as the requested type.
The users of the `xcb` crate are advised to only call this function with the
intended types. These are `u8`, `u16`, and `u32`.
This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/95
This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/95
## Out of bounds read in `xcb::xproto::change_property()`
@@ -53,7 +54,7 @@ end of the `data` slice is performed and the bytes are sent to the X11 server.
The users of the `xcb` crate are advised to only call this function with one of
the intended argument combinations.
This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/94
This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/94
## 'Safe' wrapper around `std::mem::transmute()`
@@ -69,4 +70,4 @@ X11 events are mostly always 32 bytes large and this function works as intended.
Users are advised to only cast to the event structs provided by the `xcb` crate
(and hope for the best).
This issue is tracked here: https://github.com/rtbo/rust-xcb/issues/78
This issue is tracked here: https://github.com/rust-x-bindings/rust-xcb/issues/78