Translate database into V3 advisory format (#420)

As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.

.github/workflows/validate.yml

@@ -16,12 +16,12 @@ jobs:
       uses: actions/cache@v1
       with:
         path: ~/.cargo/bin
-        key: rustsec-admin-v0.2.0
+        key: rustsec-admin-v0.3.0-pre
 
     - name: Install rustsec-admin
       run: |
         if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-            cargo install rustsec-admin
+            cargo install rustsec-admin --vers 0.3.0-pre
         fi
 
     - name: Lint advisories

crates/actix-codec/RUSTSEC-2020-0049.md

@@ -1,17 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0049"
 package = "actix-codec"
-date = "2020-01-30"
-title = "Use-after-free in Framed due to lack of pinning"
-url = "https://github.com/actix/actix-net/issues/91"
 categories = ["memory-corruption"]
+date = "2020-01-30"
+url = "https://github.com/actix/actix-net/issues/91"
+
+[versions]
+patched = [">= 0.3.0-beta.1"]
+```
+
+# Use-after-free in Framed due to lack of pinning
 
-description = """
 Affected versions of this crate did not require the buffer wrapped in `Framed` to be pinned,
 but treated it as if it had a fixed location in memory. This may result in a use-after-free.
  
 The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`.
-"""
-
-[versions]
-patched = [">= 0.3.0-beta.1"]

crates/actix-http/RUSTSEC-2020-0048.md

@@ -1,19 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0048"
 package = "actix-http"
-date = "2020-01-24"
-title = "Use-after-free in BodyStream due to lack of pinning"
-url = "https://github.com/actix/actix-web/issues/1321"
 categories = ["memory-corruption"]
+date = "2020-01-24"
+url = "https://github.com/actix/actix-web/issues/1321"
+
+[versions]
+patched = [">= 2.0.0-alpha.1"]
+```
+
+# Use-after-free in BodyStream due to lack of pinning
 
-description = """
 Affected versions of this crate did not require the buffer wrapped in `BodyStream` to be pinned,
 but treated it as if it had a fixed location in memory. This may result in a use-after-free.
  
 The flaw was corrected by making the trait `MessageBody` require `Unpin`
 and making `poll_next()` function accept `Pin<&mut Self>` instead of `&mut self`.
-"""
-
-# Versions which include fixes for this vulnerability (mandatory)
-[versions]
-patched = [">= 2.0.0-alpha.1"]

crates/actix-service/RUSTSEC-2020-0046.md

@@ -1,14 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0046"
 package = "actix-service"
-date = "2020-01-08"
-
-title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
-url = "https://github.com/actix/actix-net/pull/158"
 categories = ["memory-corruption"]
+date = "2020-01-08"
 informational = "unsound"
+url = "https://github.com/actix/actix-net/pull/158"
+
+[versions]
+patched = [">= 1.0.6"]
+```
+
+# bespoke Cell implementation allows obtaining several mutable references to the same data
 
-description = """
 The custom implementation of a Cell primitive in the affected versions of this crate
 does not keep track of mutable references to the underlying data.
 
@@ -16,7 +20,3 @@ This allows obtaining several mutable references to the same object
 which may result in arbitrary memory corruption, most likely use-after-free.
 
 The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
-"""
-
-[versions]
-patched = [">= 1.0.6"]

crates/actix-utils/RUSTSEC-2020-0045.md

@@ -1,14 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0045"
 package = "actix-utils"
-date = "2020-01-08"
-
-title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
-url = "https://github.com/actix/actix-net/issues/160"
 categories = ["memory-corruption"]
+date = "2020-01-08"
 informational = "unsound"
+url = "https://github.com/actix/actix-net/issues/160"
+
+[versions]
+patched = [">= 2.0.0"]
+```
+
+# bespoke Cell implementation allows obtaining several mutable references to the same data
 
-description = """
 The custom implementation of a Cell primitive in the affected versions of this crate
 does not keep track of mutable references to the underlying data.
 
@@ -16,7 +20,3 @@ This allows obtaining several mutable references to the same object
 which may result in arbitrary memory corruption, most likely use-after-free.
 
 The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
-"""
-
-[versions]
-patched = [">= 2.0.0"]

crates/actix-web/RUSTSEC-2018-0019.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0019"
 package = "actix-web"
-date = "2018-06-08"
-title = "Multiple memory safety issues"
-url = "https://github.com/actix/actix-web/issues/289"
 categories = ["memory-corruption"]
-description = """
+date = "2018-06-08"
+url = "https://github.com/actix/actix-web/issues/289"
+
+[versions]
+patched = [">= 0.7.15"]
+```
+
+# Multiple memory safety issues
+
 Affected versions contain multiple memory safety issues, such as:
 
  - Unsoundly coercing immutable references to mutable references
@@ -15,7 +21,3 @@ Affected versions contain multiple memory safety issues, such as:
 This may result in a variety of memory corruption scenarios, most likely use-after-free.
  
 A signficant refactoring effort has been conducted to resolve these issues.
-"""
-
-[versions]
-patched = [">= 0.7.15"]

crates/alg_ds/RUSTSEC-2020-0033.md

@@ -1,13 +1,15 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0033"
 package = "alg_ds"
 date = "2020-08-25"
-title = "Matrix::new() drops uninitialized memory"
 url = "https://gitlab.com/dvshapkin/alg-ds/-/issues/1"
-description = """
-`Matrix::new()` internally calls `Matrix::fill_with()` which uses `*ptr = value` pattern to initialize the buffer.
-This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.
-"""
 
 [versions]
 patched = []
+```
+
+# Matrix::new() drops uninitialized memory
+
+`Matrix::new()` internally calls `Matrix::fill_with()` which uses `*ptr = value` pattern to initialize the buffer.
+This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.

crates/alpm-rs/RUSTSEC-2020-0032.md

@@ -1,14 +1,16 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0032"
 package = "alpm-rs"
 date = "2020-08-20"
 informational = "unsound"
-title = "StrcCtx deallocates a memory region that it doesn't own"
 url = "https://github.com/pigeonhands/rust-arch/issues/2"
-description = """
-`StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`.
-This can introduce memory safety issues such as double-free and use-after-free to client programs.
-"""
 
 [versions]
 patched = []
+```
+
+# StrcCtx deallocates a memory region that it doesn't own
+
+`StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`.
+This can introduce memory safety issues such as double-free and use-after-free to client programs.

crates/ammonia/RUSTSEC-2019-0001.md

@@ -1,11 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0001"
 package = "ammonia"
+aliases = ["CVE-2019-15542"]
 date = "2019-04-27"
-title = "Uncontrolled recursion leads to abort in HTML serialization"
-url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
 keywords = ["stack-overflow", "crash"]
-description = """
+url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
+
+[affected.functions]
+"ammonia::Document::to_string" = ["< 2.1.0"]
+"ammonia::Document::write_to" = ["< 2.1.0"]
+"ammonia::clean" = ["< 2.1.0"]
+
+[versions]
+patched = [">= 2.1.0"]
+```
+
+# Uncontrolled recursion leads to abort in HTML serialization
+
 Affected versions of this crate did use recursion for serialization of HTML
 DOM trees.
 
@@ -13,13 +25,3 @@ This allows an attacker to cause abort due to stack overflow by providing
 a pathologically nested input.
 
 The flaw was corrected by serializing the DOM tree iteratively instead.
-"""
-aliases = ["CVE-2019-15542"]
-
-[affected.functions]
-"ammonia::clean" = ["< 2.1.0"]
-"ammonia::Document::to_string" = ["< 2.1.0"]
-"ammonia::Document::write_to" = ["< 2.1.0"]
-
-[versions]
-patched = [">= 2.1.0"]

crates/arr/RUSTSEC-2020-0034.md

@@ -1,16 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0034"
 package = "arr"
 date = "2020-08-25"
-title = "Multiple security issues including data race, buffer overflow, and uninitialized memory drop"
 url = "https://github.com/sjep/array/issues/1"
-description = """
+
+[versions]
+patched = []
+```
+
+# Multiple security issues including data race, buffer overflow, and uninitialized memory drop
+
 `arr` crate contains multiple security issues. Specifically,
 
 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
 2. `Index` and `IndexMut` implementation does not check the array bound.
 3. `Array::new_from_template()` drops uninitialized memory.
-"""
-
-[versions]
-patched = []

crates/array-queue/RUSTSEC-2020-0047.md

@@ -1,17 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0047"
 package = "array-queue"
 date = "2020-09-26"
-title = "array_queue pop_back() may cause a use-after-free"
+keywords = ["memory-corruption", "uninitialized-memory", "use-after-free"]
 url = "https://github.com/raviqqe/array-queue/issues/2"
-description = """
+
+[versions]
+patched = []
+unaffected = ["< 0.3.0"]
+```
+
+# array_queue pop_back() may cause a use-after-free
+
 array_queue implements a circular queue that wraps around an array. However, it
 fails to properly index into the array in the `pop_back` function allowing the
 reading of previously dropped or uninitialized memory.
-"""
-keywords = ["memory-corruption", "uninitialized-memory", "use-after-free"]
-
-[versions]
-
-patched = []
-unaffected = ["< 0.3.0"]

crates/arrayfire/RUSTSEC-2018-0011.md

@@ -1,12 +1,24 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0011"
 package = "arrayfire"
-date = "2018-12-18"
+aliases = ["CVE-2018-20998"]
-title = "Enum repr causing potential memory corruption"
-url = "https://github.com/arrayfire/arrayfire-rust/pull/177"
 categories = ["memory-corruption"]
+date = "2018-12-18"
 keywords = ["enum", "repr"]
-description = """
+url = "https://github.com/arrayfire/arrayfire-rust/pull/177"
+
+[affected]
+arch = ["x86_64"]
+os = ["windows"]
+
+[versions]
+patched = [">= 3.6.0"]
+unaffected = ["<= 3.5.0"]
+```
+
+# Enum repr causing potential memory corruption
+
 The attribute repr() added to enums to be compatible with C-FFI caused
 memory corruption on MSVC toolchain.
 
@@ -17,13 +29,3 @@ Rust version 1.28.
 The issue seems to be interlinked with which version of Rust is being used.
 
 The issue was fixed in crate 3.6.0.
-"""
-aliases = ["CVE-2018-20998"]
-
-[versions]
-patched = [">= 3.6.0"]
-unaffected = ["<= 3.5.0"]
-
-[affected]
-arch = ["x86_64"]
-os = ["windows"]

crates/asn1_der/RUSTSEC-2019-0007.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0007"
 package = "asn1_der"
+aliases = ["CVE-2019-15549"]
 date = "2019-06-13"
-title = "Processing of maliciously crafted length fields causes memory allocation SIGABRTs"
-url = "https://github.com/KizzyCode/asn1_der/issues/1"
 keywords = ["dos"]
-description = """
+url = "https://github.com/KizzyCode/asn1_der/issues/1"
+
+[versions]
+patched = [">= 0.6.2"]
+```
+
+# Processing of maliciously crafted length fields causes memory allocation SIGABRTs
+
 Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks.
 
 This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.
  
 The flaw was corrected by not preallocating memory.
-"""
-aliases = ["CVE-2019-15549"]
-
-[versions]
-patched = [">= 0.6.2"]

crates/atom/RUSTSEC-2020-0044.md

@@ -1,15 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0044"
 package = "atom"
 date = "2020-09-21"
 informational = "unsound"
-title = "Unsafe Send implementation in Atom allows data races"
 url = "https://github.com/slide-rs/atom/issues/13"
-description = """
-The `atom` crate contains a security issue revolving around its implementation
-of the Send trait. It incorrectly allows any arbitrary type to be sent across
-threads potentially leading to use-after-free issues through memory races.
-"""
 
 [versions]
 patched = []
+```
+
+# Unsafe Send implementation in Atom allows data races
+
+The `atom` crate contains a security issue revolving around its implementation
+of the Send trait. It incorrectly allows any arbitrary type to be sent across
+threads potentially leading to use-after-free issues through memory races.

crates/base64/RUSTSEC-2017-0004.md

@@ -1,12 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0004"
 package = "base64"
-date = "2017-05-03"
-url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
-title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf"
-keywords = ["memory-corruption"]
 aliases = ["CVE-2017-1000430"]
-description = """
+date = "2017-05-03"
+keywords = ["memory-corruption"]
+url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
+
+[versions]
+patched = [">= 0.5.2"]
+```
+
+# Integer overflow leads to heap-based buffer overflow in encode_config_buf
+
 Affected versions of this crate suffered from an integer overflow bug when
 calculating the size of a buffer to use when encoding base64 using the
 `encode_config_buf` and `encode_config` functions.  If the input string
@@ -17,7 +23,3 @@ and possibly the execution of arbitrary code.
 
 This flaw was corrected by using checked arithmetic to calculate
 the size of the buffer.
-"""
-
-[versions]
-patched = [">= 0.5.2"]

crates/bigint/RUSTSEC-2020-0025.md

@@ -1,14 +1,16 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0025"
 package = "bigint"
-title = "bigint is unmaintained, use uint instead"
-informational = "unmaintained"
 date = "2020-05-07"
+informational = "unmaintained"
 url = "https://github.com/paritytech/bigint/commit/7e71521a61b009afc94c91135353102658550d42"
-description = """
-The `bigint` crate is not maintained any more and contains several known bugs (including a soundness bug);
-use [`uint`](https://crates.io/crates/uint) instead.
-"""
 
 [versions]
 patched = []
+```
+
+# bigint is unmaintained, use uint instead
+
+The `bigint` crate is not maintained any more and contains several known bugs (including a soundness bug);
+use [`uint`](https://crates.io/crates/uint) instead.

crates/bitvec/RUSTSEC-2020-0007.md

@@ -1,15 +1,10 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0007"
 package = "bitvec"
-date = "2020-03-27"
-title = "use-after or double free of allocated memory"
-url = "https://github.com/myrrlyn/bitvec/issues/55"
 categories = ["memory-corruption"]
-description = """
+date = "2020-03-27"
-Conversion of `BitVec` to `BitBox` did not account for allocation movement.
+url = "https://github.com/myrrlyn/bitvec/issues/55"
-
-The flaw was corrected by using the address after resizing, rather than the original base address.
-"""
 
 [affected.functions]
 "bitvec::vec::BitVec::into_boxed_bitslice" = ["< 0.17.4, >= 0.11.0"]
@@ -17,3 +12,10 @@ The flaw was corrected by using the address after resizing, rather than the orig
 [versions]
 patched = [">= 0.17.4"]
 unaffected = ["< 0.11.0"]
+```
+
+# use-after or double free of allocated memory
+
+Conversion of `BitVec` to `BitBox` did not account for allocation movement.
+
+The flaw was corrected by using the address after resizing, rather than the original base address.

crates/blake2/RUSTSEC-2019-0019.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0019"
 package = "blake2"
-date = "2019-08-25"
+aliases = ["CVE-2019-16143"]
-title = "HMAC-BLAKE2 algorithms compute incorrect results"
-url = "https://github.com/RustCrypto/MACs/issues/19"
 categories = ["crypto-failure"]
-description = """
+date = "2019-08-25"
+url = "https://github.com/RustCrypto/MACs/issues/19"
+
+[versions]
+patched = [">= 0.8.1"]
+```
+
+# HMAC-BLAKE2 algorithms compute incorrect results
+
 When used in conjunction with the Hash-based Message Authentication Code (HMAC),
 the BLAKE2b and BLAKE2s implementations in `blake2` crate versions prior to
 v0.8.1 used an incorrect block size (32-bytes instead of 64-bytes for BLAKE2s,
@@ -16,8 +23,3 @@ The v0.8.1 release of the `blake2` crate uses the correct block sizes.
 
 Note that this advisory only impacts usage of BLAKE2 with HMAC, and does not
 impact `Digest` functionality.
-"""
-aliases = ["CVE-2019-16143"]
-
-[versions]
-patched = [">= 0.8.1"]

crates/block-cipher-trait/RUSTSEC-2020-0018.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0018"
 package = "block-cipher-trait"
-title = "crate has been renamed to `block-cipher`"
-informational = "unmaintained"
 date = "2020-05-26"
+informational = "unmaintained"
 url = "https://github.com/RustCrypto/traits/pull/139"
-description = """
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# crate has been renamed to `block-cipher`
+
 This crate has been renamed from `block-cipher-trait` to `block-cipher`.
 
 The new repository location is at:
 
 <https://github.com/RustCrypto/traits/tree/master/block-cipher>
-"""
-
-[versions]
-patched = []
-unaffected = []

crates/bumpalo/RUSTSEC-2020-0006.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0006"
 package = "bumpalo"
-date = "2020-03-24"
-title = "Flaw in `realloc` allows reading unknown memory"
-url = "https://github.com/fitzgen/bumpalo/issues/69"
 categories = ["memory-exposure"]
-description = """
+date = "2020-03-24"
+url = "https://github.com/fitzgen/bumpalo/issues/69"
+
+[versions]
+patched = [">= 3.2.1"]
+unaffected = ["< 3.0.0"]
+```
+
+# Flaw in `realloc` allows reading unknown memory
+
 When `realloc`ing, if we allocate new space, we need to copy the old
 allocation's bytes into the new space. There are `old_size` number of bytes in
 the old allocation, but we were accidentally copying `new_size` number of bytes,
@@ -35,8 +42,3 @@ additional steps:
    can only be indirectly called. This new quickcheck test exercises `realloc`
    via `bumpalo::collections::Vec::resize` and
    `bumpalo::collections::Vec::shrink_to_fit` calls.
-"""
-
-[versions]
-patched = [">= 3.2.1"]
-unaffected = ["< 3.0.0"]

crates/cassandra/RUSTSEC-2016-0006.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0006"
 package = "cassandra"
-title = "`cassandra` crate is unmaintained; use `cassandra-cpp` instead"
-informational = "unmaintained"
 date = "2016-12-15"
+informational = "unmaintained"
 url = "https://github.com/tupshin/cassandra-rs/issues/52"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.8.1"]
+```
+
+# `cassandra` crate is unmaintained; use `cassandra-cpp` instead
+
 The `cassandra` crate has not seen a release since December 2016, and its author
 is unresponsive.
 
 The `cassandra-cpp` crate is a maintained fork:
 
 https://github.com/Metaswitch/cassandra-rs
-"""
-
-[versions]
-patched = []
-unaffected = ["> 0.8.1"] # last release

crates/cbox/RUSTSEC-2020-0005.md

@@ -1,15 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0005"
 package = "cbox"
-date = "2020-03-19"
-title = "CBox API allows to de-reference raw pointers without `unsafe` code"
-url = "https://github.com/TomBebbington/cbox-rs/issues/2"
 categories = ["memory-corruption"]
-description = """
+date = "2020-03-19"
-`CBox` and `CSemiBox` are part of the public API of the cbox crate
+url = "https://github.com/TomBebbington/cbox-rs/issues/2"
-and they allow to create smart pointers from raw pointers and de-reference
-them without the need of `unsafe` code.
-"""
 
 [versions]
 patched = []
+```
+
+# CBox API allows to de-reference raw pointers without `unsafe` code
+
+`CBox` and `CSemiBox` are part of the public API of the cbox crate
+and they allow to create smart pointers from raw pointers and de-reference
+them without the need of `unsafe` code.

crates/chacha20/RUSTSEC-2019-0029.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0029"
 package = "chacha20"
-date = "2019-10-22"
-title = "ChaCha20 counter overflow can expose repetitions in the keystream"
-url = "https://github.com/RustCrypto/stream-ciphers/pull/64"
 categories = ["crypto-failure"]
-description = """
+date = "2019-10-22"
+url = "https://github.com/RustCrypto/stream-ciphers/pull/64"
+
+[versions]
+patched = [">= 0.2.3"]
+```
+
+# ChaCha20 counter overflow can expose repetitions in the keystream
+
 The ChaCha20 stream cipher can produce a maximum of 2^32 blocks (~256GB)
 before the 32-bit counter overflows. Releases of the `chacha20` crate prior
 to v0.2.3 allow generating keystreams larger than this, including seeking
@@ -19,7 +25,3 @@ and future releases will pursue returning an error in this case.
 Users of the `chacha20poly1305` crate are unaffected by this as this crate
 properly asserts the length of the plaintext is less than the maximum allowed
 (`P_MAX` as described in RFC 8439 Section 2.8).
-"""
-
-[versions]
-patched = [">= 0.2.3"]

crates/chan/RUSTSEC-2018-0014.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0014"
 package = "chan"
-title = "chan is end-of-life; use crossbeam-channel instead"
-informational = "unmaintained"
 date = "2018-07-31"
+informational = "unmaintained"
 url = "https://github.com/BurntSushi/chan/commit/0a5c0d4ad4adc90a54ee04a427389acf2e157275"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.1.23"]
+```
+
+# chan is end-of-life; use crossbeam-channel instead
+
 **`chan` has reached its end-of-life and is now deprecated.**
 
 The intended successor of this crate is
@@ -13,8 +20,3 @@ The intended successor of this crate is
 Its API is strikingly similar, but comes with a much better `select!` macro,
 better performance, a better test suite and an all-around better
 implementation.
-"""
-
-[versions]
-unaffected = ["> 0.1.23"] # last release
-patched = []

crates/chttp/RUSTSEC-2019-0016.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0016"
 package = "chttp"
+aliases = ["CVE-2019-16140"]
 date = "2019-09-01"
-title = "Use-after-free in buffer conversion implementation"
+keywords = ["memory-management", "memory-corruption"]
-description = """
+url = "https://github.com/sagebind/isahc/issues/2"
+
+[versions]
+patched = [">= 0.1.3"]
+unaffected = ["< 0.1.1"]
+```
+
+# Use-after-free in buffer conversion implementation
+
 The From<Buffer> implementation for Vec<u8> was not properly implemented,
 returning a vector backed by freed memory. This could lead to memory corruption
 or be exploited to cause undefined behavior.
  
 A fix was published in version 0.1.3.
-"""
-url = "https://github.com/sagebind/isahc/issues/2"
-keywords = ["memory-management", "memory-corruption"]
-aliases = ["CVE-2019-16140"]
-
-[versions]
-patched = [">= 0.1.3"]
-unaffected = ["< 0.1.1"]

crates/chunky/RUSTSEC-2020-0035.md

@@ -1,13 +1,15 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0035"
 package = "chunky"
 date = "2020-08-25"
 informational = "unsound"
-title = "Chunk API does not respect align requirement"
 url = "https://github.com/aeplay/chunky/issues/2"
-description = """
-Chunk API does not respect the align requirement of types. Unaligned reference can be created with the API, which is an undefined behavior.
-"""
 
 [versions]
 patched = []
+```
+
+# Chunk API does not respect align requirement
+
+Chunk API does not respect the align requirement of types. Unaligned reference can be created with the API, which is an undefined behavior.

crates/claxon/RUSTSEC-2018-0004.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0004"
 package = "claxon"
+aliases = ["CVE-2018-20992"]
 date = "2018-08-25"
-title = "Malicious input could cause uninitialized memory to be exposed"
-url = "https://github.com/ruuda/claxon/commit/8f28ec275e412dd3af4f3cda460605512faf332c"
 keywords = ["uninitialized-memory"]
-description = """
+url = "https://github.com/ruuda/claxon/commit/8f28ec275e412dd3af4f3cda460605512faf332c"
+
+[versions]
+patched = ["=0.3.2", ">= 0.4.1"]
+```
+
+# Malicious input could cause uninitialized memory to be exposed
+
 Affected versions of Claxon made an invalid assumption about the decode buffer
 size being a multiple of a value read from the bitstream. This could cause parts
 of the decode buffer to not be overwritten. If the decode buffer was newly
@@ -18,8 +25,3 @@ The flaw was corrected by checking that the value read from the bistream divides
 the decode buffer size, and returning a format error if it does not. If an error
 is returned, the decode buffer is not exposed. Regression tests and an
 additional fuzzer have been added to prevent similar flaws in the future.
-"""
-aliases = ["CVE-2018-20992"]
-
-[versions]
-patched = ["=0.3.2", ">= 0.4.1"]

crates/compact_arena/RUSTSEC-2019-0015.md

@@ -1,12 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0015"
 package = "compact_arena"
-date = "2019-05-21"
+aliases = ["CVE-2019-16139"]
-title = "Flaw in generativity allows out-of-bounds access"
-url = "https://github.com/llogiq/compact_arena/issues/22"
 categories = ["memory-corruption"]
+date = "2019-05-21"
 keywords = ["uninitialized-memory"]
-description = """
+url = "https://github.com/llogiq/compact_arena/issues/22"
+
+[affected.functions]
+"compact_arena::SmallArena::new" = ["< 0.4.0"]
+
+[versions]
+patched = [">= 0.4.0"]
+```
+
+# Flaw in generativity allows out-of-bounds access
+
 Affected versions of this crate did not properly implement the generativity,
 because the invariant lifetimes were not necessarily `drop`ped.
 
@@ -15,11 +25,3 @@ arena with another one. This might lead to an out-of-bounds read or write
 access into the memory reserved for the arena.
 
 The flaw was corrected by implementing generativity correctly in version 0.4.0.
-"""
-aliases = ["CVE-2019-16139"]
-
-[affected.functions]
-"compact_arena::SmallArena::new" = ["< 0.4.0"]
-
-[versions]
-patched = [">= 0.4.0"]

crates/cookie/RUSTSEC-2017-0005.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0005"
 package = "cookie"
+aliases = ["CVE-2017-18589"]
+date = "2017-05-06"
 keywords = ["crash"]
 url = "https://github.com/alexcrichton/cookie-rs/pull/86"
-title = "Large cookie Max-Age values can cause a denial of service"
+
-date = "2017-05-06"
+[versions]
-description = """
+patched = ["< 0.6.0", "^0.6.2", ">= 0.7.6"]
+```
+
+# Large cookie Max-Age values can cause a denial of service
+
 Affected versions of this crate use the `time` crate and the method
 `Duration::seconds` to parse the `Max-Age` duration cookie setting. This method
 will panic if the value is greater than 2^64/1000 and less than or equal to
@@ -13,8 +20,3 @@ will panic if the value is greater than 2^64/1000 and less than or equal to
 
 This flaw was corrected by explicitly checking for the `Max-Age` being in this
 integer range and clamping the value to the maximum duration value.
-"""
-aliases = ["CVE-2017-18589"]
-
-[versions]
-patched = ["< 0.6.0", "^0.6.2", ">= 0.7.6"]

crates/crayon/RUSTSEC-2020-0037.md

@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0037"
+package = "crayon"
+date = "2020-08-31"
+informational = "unsound"
+url = "https://github.com/shawnscode/crayon/issues/87"
+
+[versions]
+patched = []
+```
+
+# Misbehaving `HandleLike` implementation can lead to memory safety violation
+
+Unsafe code in `ObjectPool` has time-of-check to time-of-use (TOCTOU) bug that
+can eventually lead to a memory safety violation. `ObjectPool` and `HandlePool`
+implicitly assumes that `HandleLike` trait methods are pure, i.e., they always
+return the same value. However, this assumption is unsound since `HandleLike`
+is a safe, public trait that allows a custom implementation.

crates/crayon/RUSTSEC-2020-0037.toml

@@ -1,13 +0,0 @@
-[advisory]
-id = "RUSTSEC-2020-0037"
-package = "crayon"
-date = "2020-08-31"
-informational = "unsound"
-title = "Misbehaving `HandleLike` implementation can lead to memory safety violation"
-url = "https://github.com/shawnscode/crayon/issues/87"
-description = """
-Unsafe code in `ObjectPool` has time-of-check to time-of-use (TOCTOU) bug that can eventually lead to a memory safety violation. `ObjectPool` and `HandlePool` implicitly assumes that `HandleLike` trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since `HandleLike` is a safe, public trait that allows a custom implementation.
-"""
-
-[versions]
-patched = []

crates/crossbeam/RUSTSEC-2018-0009.md

@@ -1,11 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0009"
 package = "crossbeam"
+aliases = ["CVE-2018-20996"]
 date = "2018-12-09"
-title = "MsQueue and SegQueue suffer from double-free"
-url = "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82"
 keywords = ["concurrency", "memory-management", "memory-corruption"]
-description = """
+url = "https://github.com/crossbeam-rs/crossbeam-epoch/issues/82"
+
+[versions]
+patched = [">= 0.4.1"]
+unaffected = ["< 0.4.0"]
+```
+
+# MsQueue and SegQueue suffer from double-free
+
 Even if an element is popped from a queue, crossbeam would run its
 destructor inside the epoch-based garbage collector. This is a source
 of double frees.
@@ -14,9 +22,3 @@ The flaw was corrected by wrapping elements inside queues in a
 `ManuallyDrop`.
 
 Thanks to @c0gent for reporting the issue.
-"""
-aliases = ["CVE-2018-20996"]
-
-[versions]
-patched = [">= 0.4.1"]
-unaffected = ["< 0.4.0"]

crates/crust/RUSTSEC-2019-0032.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0032"
 package = "crust"
-title = "crust repo has been archived; use libp2p instead"
-informational = "unmaintained"
 date = "2019-11-21"
+informational = "unmaintained"
 url = "https://github.com/maidsafe/crust"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.32.1"]
+```
+
+# crust repo has been archived; use libp2p instead
+
 ** The `crust` crate repo was archived with no warning or explanation.**
 
 Given that it was archived with no warning or successor, there's not an
 official replacement but [`rust-libp2p`](https://github.com/libp2p/rust-libp2p)
 looks like it's got a similar feature set and is actively maintained.
-"""
-
-[versions]
-unaffected = ["> 0.32.1"] # last release
-patched = []

crates/dync/RUSTSEC-2020-0050.md

@@ -1,14 +1,16 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0050"
 package = "dync"
 date = "2020-09-27"
 informational = "unsound"
-title = "VecCopy allows misaligned access to elements"
 url = "https://github.com/elrnv/dync/issues/4"
-description = """
-`VecCopy::data` is created as a Vec of u8 but can be used to store and retrieve
-elements of different types leading to misaligned access.
-"""
 
 [versions]
 patched = []
+```
+
+# VecCopy allows misaligned access to elements
+
+`VecCopy::data` is created as a Vec of u8 but can be used to store and retrieve
+elements of different types leading to misaligned access.

crates/failure/RUSTSEC-2019-0036.md

@@ -1,21 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0036"
-aliases = ["CVE-2020-25575"]
 package = "failure"
+aliases = ["CVE-2020-25575"]
 date = "2019-11-13"
 informational = "unsound"
-title = "Type confusion if __private_get_type_id__ is overriden"
-url = "https://github.com/rust-lang-nursery/failure/issues/336"
 keywords = ["unsound"]
-description = """
+url = "https://github.com/rust-lang-nursery/failure/issues/336"
+
+[affected.functions]
+"failure::Fail::__private_get_type_id__" = [">= 0.1.0"]
+
+[versions]
+patched = []
+```
+
+# Type confusion if __private_get_type_id__ is overriden
+
 Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause
 type confusion when downcasting, which is an undefined behavior.
 
 Users who derive `Fail` trait are not affected.
-"""
-
-[affected]
-functions = { "failure::Fail::__private_get_type_id__" = [">= 0.1.0"] }
-
-[versions]
-patched = []

crates/failure/RUSTSEC-2020-0036.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0036"
 package = "failure"
-title = "failure is officially deprecated/unmaintained"
-informational = "unmaintained"
 date = "2020-05-02"
+informational = "unmaintained"
 url = "https://github.com/rust-lang-nursery/failure/pull/347"
-description = """
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# failure is officially deprecated/unmaintained
+
 The `failure` crate is officially end-of-life: it has been marked as deprecated
 by the former maintainer, who has announced that there will be no updates or
 maintenance work on it going forward.
@@ -17,8 +24,3 @@ The following are some suggested actively developed alternatives to switch to:
 - [`fehler`](https://crates.io/crates/fehler)
 - [`snafu`](https://crates.io/crates/snafu)
 - [`thiserror`](https://crates.io/crates/thiserror)
-"""
-
-[versions]
-unaffected = []
-patched = []

crates/fake-static/RUSTSEC-2020-0013.md

@@ -1,9 +1,15 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0013"
 package = "fake-static"
 date = "2020-04-24"
-title = "fake-static allows converting any reference into a `'static` reference"
+
-description = """
+[versions]
+patched = []
+```
+
+# fake-static allows converting any reference into a `'static` reference
+
 fake-static allows converting a refernce with any lifetime into
 a reference with `'static` lifetime without the `unsafe` keyword.
 
@@ -11,7 +17,3 @@ Internally, this crate does not use unsafe code, it instead
 exploits a soundness bug in rustc:
 
 https://github.com/rust-lang/rust/issues/25860
-"""
-
-[versions]
-patched = []

crates/flatbuffers/RUSTSEC-2019-0028.md

@@ -1,15 +1,9 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0028"
 package = "flatbuffers"
 date = "2019-10-20"
 url = "https://github.com/google/flatbuffers/issues/5530"
-title = "Unsound `impl Follow for bool`"
-description = """
-The implementation of `impl Follow for bool` allows to reinterpret arbitrary bytes as a `bool`.
-
-In Rust `bool` has stringent requirements for its in-memory representation. Use of this function
-allows to violate these requirements and invoke undefined behaviour in safe code.
-"""
 
 [affected.functions]
 "flatbuffers::Follow::follow" = [">= 0.4.0", "<= 0.6.0"]
@@ -17,3 +11,11 @@ allows to violate these requirements and invoke undefined behaviour in safe code
 [versions]
 patched = [">= 0.6.1"]
 unaffected = ["< 0.4.0"]
+```
+
+# Unsound `impl Follow for bool`
+
+The implementation of `impl Follow for bool` allows to reinterpret arbitrary bytes as a `bool`.
+
+In Rust `bool` has stringent requirements for its in-memory representation. Use of this function
+allows to violate these requirements and invoke undefined behaviour in safe code.

crates/flatbuffers/RUSTSEC-2020-0009.md

@@ -1,10 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0009"
 package = "flatbuffers"
 date = "2020-04-11"
-title = "`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks"
 url = "https://github.com/google/flatbuffers/issues/5825"
-description = """
+
+[affected.functions]
+"flatbuffers::read_scalar" = [">= 0.4.0"]
+"flatbuffers::read_scalar_at" = [">= 0.4.0"]
+
+[versions]
+patched = []
+unaffected = ["< 0.4.0"]
+```
+
+# `read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks
+
 The `read_scalar` and `read_scalar_at` functions are unsound
 because they allow transmuting values without `unsafe` blocks.
 
@@ -21,12 +32,3 @@ fn main() {
     println!("{:?}", flatbuffers::read_scalar::<S>(&[1; std::mem::size_of::<S>()]));
 }
 ```
-"""
-
-[affected.functions]
-"flatbuffers::read_scalar" = [">= 0.4.0"]
-"flatbuffers::read_scalar_at" = [">= 0.4.0"]
-
-[versions]
-patched = []
-unaffected = ["< 0.4.0"]

crates/generator/RUSTSEC-2019-0020.md

@@ -1,19 +1,21 @@
-[advisory]
+```toml
-id = "RUSTSEC-2019-0020"
+[advisory]
-package = "generator"
+id = "RUSTSEC-2019-0020"
-date = "2019-09-06"
+package = "generator"
-title = "fix unsound APIs that could lead to UB"
+date = "2019-09-06"
-url = "https://github.com/Xudong-Huang/generator-rs/issues/9"
+keywords = ["memory-corruption"]
-keywords = ["memory-corruption"]
+url = "https://github.com/Xudong-Huang/generator-rs/issues/9"
-description = """
+
-Affected versions of this crate API could use uninitialized memory with some APIs in special
+[versions]
-cases, like use the API in none generator context. This could lead to UB.
+patched = [">= 0.6.18"]
-The flaw was corrected by <https://github.com/Xudong-Huang/generator-rs/issues/9>
+```
-                          <https://github.com/Xudong-Huang/generator-rs/issues/11>
+
-                          <https://github.com/Xudong-Huang/generator-rs/issues/13>
+# fix unsound APIs that could lead to UB
-                          <https://github.com/Xudong-Huang/generator-rs/issues/14>                                                  
+
-This patch fixes all those issues above.
+Affected versions of this crate API could use uninitialized memory with some APIs in special
-"""
+cases, like use the API in none generator context. This could lead to UB.
-
+The flaw was corrected by <https://github.com/Xudong-Huang/generator-rs/issues/9>
-[versions]
+                          <https://github.com/Xudong-Huang/generator-rs/issues/11>
-patched = [">= 0.6.18"]
+                          <https://github.com/Xudong-Huang/generator-rs/issues/13>
+                          <https://github.com/Xudong-Huang/generator-rs/issues/14>                                                  
+This patch fixes all those issues above.

crates/http/RUSTSEC-2019-0033.md

@@ -1,13 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0033"
-aliases = ["CVE-2020-25574"]
 package = "http"
-date = "2019-11-16"
+aliases = ["CVE-2020-25574"]
-title = "Integer Overflow in HeaderMap::reserve() can cause Denial of Service"
-url = "https://github.com/hyperium/http/issues/352"
 categories = ["denial-of-service"]
+date = "2019-11-16"
 keywords = ["http", "integer-overflow", "DoS"]
-description = """
+url = "https://github.com/hyperium/http/issues/352"
+
+[affected.functions]
+"http::header::HeaderMap::reserve" = ["< 0.1.20"]
+
+[versions]
+patched = [">= 0.1.20"]
+```
+
+# Integer Overflow in HeaderMap::reserve() can cause Denial of Service
+
 `HeaderMap::reserve()` used `usize::next_power_of_two()` to calculate the increased capacity.
 However, `next_power_of_two()` silently overflows to 0 if given a sufficently large number
 in release mode.
@@ -18,10 +27,3 @@ This allows an attacker who controls the argument to `reserve()`
 to cause a potential denial of service (DoS).
 
 The flaw was corrected in 0.1.20 release of `http` crate.
-"""
-
-[affected.functions]
-"http::header::HeaderMap::reserve" = ["< 0.1.20"]
-
-[versions]
-patched = [">= 0.1.20"]

crates/http/RUSTSEC-2019-0034.md

@@ -1,11 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0034"
 package = "http"
-date = "2019-11-16"
-title = "HeaderMap::Drain API is unsound"
 categories = ["memory-corruption"]
+date = "2019-11-16"
 keywords = ["memory-safety", "double-free", "unsound"]
-description = """
+
+[affected.functions]
+"http::header::HeaderMap::drain" = ["< 0.1.20"]
+
+[versions]
+patched = [">= 0.1.20"]
+```
+
+# HeaderMap::Drain API is unsound
+
 Affected versions of this crate incorrectly used raw pointer,
 which introduced unsoundness in its public safe API.
 
@@ -13,10 +22,3 @@ which introduced unsoundness in its public safe API.
 and [it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation](https://github.com/hyperium/http/issues/355).
 
 The flaw was corrected in 0.1.20 release of `http` crate.
-"""
-
-[affected.functions]
-"http::header::HeaderMap::drain" = ["< 0.1.20"]
-
-[versions]
-patched = [">= 0.1.20"]

crates/hyper/RUSTSEC-2016-0002.md

@@ -1,13 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0002"
 package = "hyper"
-date = "2016-05-09"
+aliases = ["CVE-2016-10932"]
-url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
-title = "HTTPS MitM vulnerability due to lack of hostname verification"
 categories = ["crypto-failure"]
+date = "2016-05-09"
 keywords = ["ssl", "mitm"]
 references = ["RUSTSEC-2016-0001"]
-description = """
+url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
+
+[affected]
+os = ["windows"]
+
+[versions]
+patched = [">= 0.9.4"]
+```
+
+# HTTPS MitM vulnerability due to lack of hostname verification
+
 When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
 perform hostname verification when making HTTPS requests.
 
@@ -16,11 +26,3 @@ CA-issued certificate, even if there's a hostname mismatch.
 
 The problem was addressed by leveraging rust-openssl's built-in support for
 hostname verification.
-"""
-aliases = ["CVE-2016-10932"]
-
-[affected]
-os = ["windows"]
-
-[versions]
-patched = [">= 0.9.4"]

crates/hyper/RUSTSEC-2017-0002.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0002"
 package = "hyper"
+aliases = ["CVE-2017-18587"]
 date = "2017-01-23"
 url = "https://github.com/hyperium/hyper/wiki/Security-001"
-title = "headers containing newline characters can split messages"
+
-description = """
+[versions]
-Serializing of headers to the socket did not filter the values for newline bytes (`\\r` or `\\n`),
+patched = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]
+```
+
+# headers containing newline characters can split messages
+
+Serializing of headers to the socket did not filter the values for newline bytes (`\r` or `\n`),
 which allowed for header values to split a request or response. People would not likely include
 newlines in the headers in their own applications, so the way for most people to exploit this
 is if an application constructs headers based on unsanitized user input.
 
 This issue was fixed by replacing all newline characters with a space during serialization of
 a header value.
-"""
-aliases = ["CVE-2017-18587"]
-
-[versions]
-patched = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]

crates/hyper/RUSTSEC-2020-0008.md

@@ -1,13 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0008"
 package = "hyper"
-date = "2020-03-19"
-title = "Flaw in hyper allows request smuggling by sending a body in GET requests"
-url = "https://github.com/hyperium/hyper/issues/1925"
 categories = ["format-injection"]
+date = "2020-03-19"
 keywords = ["http", "request-smuggling"]
+url = "https://github.com/hyperium/hyper/issues/1925"
+
+[versions]
+patched = [">= 0.12.34"]
+unaffected = ["< 0.11.0"]
+```
+
+# Flaw in hyper allows request smuggling by sending a body in GET requests
 
-description = """
 Vulnerable versions of hyper allow GET requests to have bodies, even if there is
 no Transfer-Encoding or Content-Length header.  As per the HTTP 1.1
 specification, such requests do not have bodies, so the body will be interpreted
@@ -21,8 +27,3 @@ vulnerabilities, such as an exploitable web server listening on loopback, it may
 allow remote code execution.
 
 The flaw was corrected in hyper version 0.12.34.
-"""
-
-[versions]
-patched = [">= 0.12.34"]
-unaffected = ["< 0.11.0"]

crates/image/RUSTSEC-2019-0014.md

@@ -1,11 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0014"
 package = "image"
+aliases = ["CVE-2019-16138"]
 date = "2019-08-21"
-title = "Flaw in interface may drop uninitialized instance of arbitrary types"
-url = "https://github.com/image-rs/image/pull/985"
 keywords = ["drop", "use-after-free"]
-description = """
+url = "https://github.com/image-rs/image/pull/985"
+
+[affected.functions]
+"image::hdr::HDRDecoder::read_image_transform" = ["< 0.21.3, >= 0.10.2"]
+
+[versions]
+patched = [">= 0.21.3"]
+unaffected = ["< 0.10.2"]
+```
+
+# Flaw in interface may drop uninitialized instance of arbitrary types
+
 Affected versions of this crate would call `Vec::set_len` on an uninitialized
 vector with user-provided type parameter, in an interface of the HDR image
 format decoder. They would then also call other code that could panic before
@@ -21,12 +32,3 @@ called in case of panic, though.
 Starting from version `0.22`, a breaking change to the interface requires
 callers to pre-allocate the output buffer and pass a mutable slice instead,
 avoiding all unsafe code.
-"""
-aliases = ["CVE-2019-16138"]
-
-[affected.functions]
-"image::hdr::HDRDecoder::read_image_transform" = ["< 0.21.3, >= 0.10.2"]
-
-[versions]
-patched = [">= 0.21.3"]
-unaffected = ["< 0.10.2"]

crates/internment/RUSTSEC-2020-0017.md

@@ -1,17 +1,10 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0017"
 package = "internment"
-date = "2020-05-28"
-title = "Use after free in ArcIntern::drop"
-url = "https://github.com/droundy/internment/issues/11"
 categories = ["memory-corruption"]
-description = """
+date = "2020-05-28"
-`ArcIntern::drop` has a race condition where it can release memory
+url = "https://github.com/droundy/internment/issues/11"
-which is about to get another user. The new user will get a reference
-to freed memory.
-
-Versions prior to 0.3.12 used stronger locking which avoided the problem.
-"""
 
 [affected.functions]
 "internment::ArcIntern::drop" = [">= 0.3.12"]
@@ -19,3 +12,12 @@ Versions prior to 0.3.12 used stronger locking which avoided the problem.
 [versions]
 patched = []
 unaffected = ["< 0.3.12"]
+```
+
+# Use after free in ArcIntern::drop
+
+`ArcIntern::drop` has a race condition where it can release memory
+which is about to get another user. The new user will get a reference
+to freed memory.
+
+Versions prior to 0.3.12 used stronger locking which avoided the problem.

crates/libflate/RUSTSEC-2019-0010.md

@@ -1,18 +1,11 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0010"
 package = "libflate"
-date = "2019-07-04"
-title = "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code"
-url = "https://github.com/sile/libflate/issues/35"
-keywords = ["drop", "use-after-free"]
-description = """
-Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`.
-
-This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution.
-
-The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within `MultiDecoder::read()`. The issue was discovered and fixed by Shnatsel.
-"""
 aliases = ["CVE-2019-15552"]
+date = "2019-07-04"
+keywords = ["drop", "use-after-free"]
+url = "https://github.com/sile/libflate/issues/35"
 
 [affected.functions]
 "libflate::gzip::MultiDecoder::read" = ["< 0.1.25, >= 0.1.14"]
@@ -20,3 +13,12 @@ aliases = ["CVE-2019-15552"]
 [versions]
 patched = [">= 0.1.25"]
 unaffected = ["< 0.1.14"]
+```
+
+# MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code
+
+Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in `MultiDecoder::read()` and reverted it to the original value after the function completed. However, execution of `MultiDecoder::read()` could be interrupted by a panic in caller-supplied `Read` implementation. This would cause `drop()` to be called on uninitialized memory of a generic type implementing `Read`.
+
+This is equivalent to a use-after-free vulnerability and could allow an attacker to gain arbitrary code execution.
+
+The flaw was corrected by aborting immediately instead of unwinding the stack in case of panic within `MultiDecoder::read()`. The issue was discovered and fixed by Shnatsel.

crates/libp2p-core/RUSTSEC-2019-0004.md

@@ -1,16 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0004"
 package = "libp2p-core"
-date = "2019-05-15"
-title = "Failure to properly verify ed25519 signatures makes any signature valid"
-description = """
-Affected versions of this crate did not properly verify ed25519 signatures.
-Any signature with a correct length was considered valid.
-
-This allows an attacker to impersonate any node identity.
-"""
 aliases = ["CVE-2019-15545"]
+date = "2019-05-15"
 
 [versions]
 patched = ["^0.7.1", ">= 0.8.1"]
 unaffected = ["< 0.3"]
+```
+
+# Failure to properly verify ed25519 signatures makes any signature valid
+
+Affected versions of this crate did not properly verify ed25519 signatures.
+Any signature with a correct length was considered valid.
+
+This allows an attacker to impersonate any node identity.

crates/libsecp256k1/RUSTSEC-2019-0027.md

@@ -1,11 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0027"
 package = "libsecp256k1"
-date = "2019-10-14"
-title = "Flaw in Scalar::check_overflow allows side-channel timing attack"
 categories = ["crypto-failure"]
+date = "2019-10-14"
 keywords = ["crypto", "sidechannel"]
-description = """
+
+[affected.functions]
+"libsecp256k1::Scalar::check_overflow" = ["< 0.3.1"]
+
+[versions]
+patched = [">= 0.3.1"]
+```
+
+# Flaw in Scalar::check_overflow allows side-channel timing attack
+
 Versions of `libsecp256k1` prior to `0.3.1` did not execute
 Scalar::check_overflow in constant time.
 
@@ -13,10 +22,3 @@ This allows an attacker to potentially leak information via a timing attack.
 
 The flaw was corrected by modifying Scalar::check_overflow to execute in
 constant time.
-"""
-
-[affected.functions]
-"libsecp256k1::Scalar::check_overflow" = ["< 0.3.1"]
-
-[versions]
-patched = [">= 0.3.1"]

crates/libusb/RUSTSEC-2016-0004.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0004"
 package = "libusb"
-title = "libusb is unmaintained; use rusb instead"
-informational = "unmaintained"
 date = "2016-09-10"
+informational = "unmaintained"
 url = "https://github.com/dcuddeback/libusb-rs/issues/33"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.3.0"]
+```
+
+# libusb is unmaintained; use rusb instead
+
 The `libusb` crate has not seen a release since September 2016, and its author
 is unresponsive.
 
 The `rusb` crate is a maintained fork:
 
 https://github.com/a1ien/rusb
-"""
-
-[versions]
-patched = []
-unaffected = ["> 0.3.0"] # last release

crates/linea/RUSTSEC-2019-0021.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0021"
 package = "linea"
-date = "2019-09-14"
+aliases = ["CVE-2019-16880"]
-title = "`Matrix::zip_elements` causes double free"
-url = "https://github.com/strake/linea.rs/issues/2"
 categories = ["memory-corruption"]
+date = "2019-09-14"
 keywords = ["double free"]
-description = """
+url = "https://github.com/strake/linea.rs/issues/2"
+
+[versions]
+patched = ["> 0.9.4"]
+```
+
+# `Matrix::zip_elements` causes double free
+
 Affected versions of this crate did not properly implements the `Matrix::zip_elements` method, which causes an double free when the given trait implementation might panic.
 
 This allows an attacker to corrupt or take control of the memory.
  
 The flaw was corrected by Phosphorus15.
-"""
-aliases = ["CVE-2019-16880"]
-
-[versions]
-patched = ["> 0.9.4"]

crates/linked-hash-map/RUSTSEC-2020-0026.md

@@ -1,19 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0026"
-aliases = ["CVE-2020-25573"]
 package = "linked-hash-map"
+aliases = ["CVE-2020-25573"]
 date = "2020-06-23"
 informational = "unsound"
-
-title = "linked-hash-map creates uninitialized NonNull pointer"
 url = "https://github.com/contain-rs/linked-hash-map/pull/100"
 
-description = """
+[versions]
+patched = [">= 0.5.3"]
+```
+
+# linked-hash-map creates uninitialized NonNull pointer
+
 Affected versions of this crate called `mem::uninitialized()` to create a `NonNull<T>`,
 which is undefined behavior.
  
 The flaw was corrected by avoiding the use of `mem::uninitialized()`.
-"""
-
-[versions]
-patched = [">= 0.5.3"]

crates/lucet-runtime-internals/RUSTSEC-2020-0004.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0004"
 package = "lucet-runtime-internals"
-date = "2020-01-24"
-title = "sigstack allocation bug can cause memory corruption or leak"
-url = "https://github.com/bytecodealliance/lucet/pull/401"
 categories = ["memory-corruption", "memory-exposure"]
-description = """
+date = "2020-01-24"
+url = "https://github.com/bytecodealliance/lucet/pull/401"
+
+[versions]
+patched = ["< 0.5.0, >= 0.4.3", ">= 0.5.1"]
+```
+
+# sigstack allocation bug can cause memory corruption or leak
+
 An embedding using affected versions of lucet-runtime configured to use
 non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode
 without optimizations, could leak data from the signal handler stack to guest
@@ -13,7 +19,3 @@ programs. This can potentially cause data from the embedding host to leak to
 guest programs or cause corruption of guest program memory.
 
 This flaw was resolved by correcting the sigstack allocation logic.
-"""
-
-[versions]
-patched = ["< 0.5.0, >= 0.4.3", ">= 0.5.1"]

crates/lz4-compress/RUSTSEC-2017-0007.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0007"
 package = "lz4-compress"
-title = "lz4-compress is unmaintained"
+date = "2017-04-17"
 informational = "unmaintained"
-date = "2017-04-17" # last release on crates.io
 url = "https://gitlab.redox-os.org/redox-os/tfs/issues/89"
-description = """
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# lz4-compress is unmaintained
+
 [According to the developers](https://gitlab.redox-os.org/redox-os/tfs/issues/89) this crate is no longer maintained.
 
 The suggested alternative is [`lz4-compression`](https://crates.io/crates/lz4-compression), a maintained fork of `lz4-compress`.
 
 See also [lz-fear](https://crates.io/crates/lz-fear) which is compatible with the reference LZ4 implementation in C, but not with lz4-compress.
-"""
-
-[versions]
-unaffected = []
-patched = []

crates/memoffset/RUSTSEC-2019-0011.md

@@ -1,17 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0011"
 package = "memoffset"
+aliases = ["CVE-2019-15553"]
 date = "2019-07-16"
 informational = "unsound"
-title = "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code"
 url = "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
-description = """
+
+[versions]
+patched = [">= 0.5.0"]
+```
+
+# Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code
+
 Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references.
 They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic.
 
 The flaw was corrected by using `MaybeUninit`.
-"""
-aliases = ["CVE-2019-15553"]
-
-[versions]
-patched = [">= 0.5.0"]

crates/mozwire/RUSTSEC-2020-0030.md

@@ -1,12 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0030"
 package = "mozwire"
-date = "2020-08-18"
-title = "Missing sanitazion in mozwire allows local file overwrite of files ending in .conf"
-url = "https://github.com/NilsIrl/MozWire/issues/14"
 categories = []
+date = "2020-08-18"
 keywords = ["file-overwrite"]
-description = """
+url = "https://github.com/NilsIrl/MozWire/issues/14"
+
+[versions]
+patched = ["> 0.4.1"]
+```
+
+# Missing sanitazion in mozwire allows local file overwrite of files ending in .conf
+
 The client software downloaded a list of servers from mozilla's servers and created local files named
 after the hostname field in the json document.
 
@@ -15,6 +21,3 @@ No verification of the content of the string was made, and it could therefore ha
 This allows an attacker in controll of mozilla's servers to overwrite/create local files named .conf.
 
 The flaw was corrected by sanitizing the hostname field.
-"""
-[versions]
-patched = ["> 0.4.1"]

crates/ncurses/RUSTSEC-2019-0006.md

@@ -1,10 +1,24 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0006"
 package = "ncurses"
+aliases = ["CVE-2019-15547", "CVE-2019-15548"]
 date = "2019-06-15"
-title = "Buffer overflow and format vulnerabilities in functions exposed without unsafe"
 url = "https://github.com/RustSec/advisory-db/issues/106"
-description = """
+
+[affected.functions]
+"ncurses::instr" = [">= 0"]
+"ncurses::mvprintw" = [">= 0"]
+"ncurses::mvwinstr" = [">= 0"]
+"ncurses::mvwprintw" = [">= 0"]
+"ncurses::printw" = [">= 0"]
+
+[versions]
+patched = []
+```
+
+# Buffer overflow and format vulnerabilities in functions exposed without unsafe
+
 `ncurses` exposes functions from the ncurses library which:
 
 - Pass buffers without length to C functions that may write an arbitrary amount of
@@ -12,15 +26,3 @@ description = """
 - Passes rust &str to strings expecting C format arguments, allowing hostile
   input to execute a format string attack, which trivially allows writing
   arbitrary data to stack memory (functions in the `printw` family).
-"""
-aliases = ["CVE-2019-15547", "CVE-2019-15548"]
-
-[affected.functions]
-"ncurses::instr" = [">= 0"]
-"ncurses::mvwinstr" = [">= 0"]
-"ncurses::printw" = [">= 0"]
-"ncurses::mvprintw" = [">= 0"]
-"ncurses::mvwprintw" = [">= 0"]
-
-[versions]
-patched = []

crates/net2/RUSTSEC-2020-0016.md

@@ -1,15 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0016"
 package = "net2"
-date = "2020-05-01" # date when deprecation was announced on project README
+date = "2020-05-01"
-title = "`net2` crate has been deprecated; use `socket2` instead"
 informational = "unmaintained"
 url = "https://github.com/deprecrated/net2-rs/commit/3350e3819adf151709047e93f25583a5df681091"
-description = """
-The [`net2`](https://crates.io/crates/net2) crate has been deprecated
-and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.
-"""
 
 [versions]
-unaffected = []
 patched = []
+unaffected = []
+```
+
+# `net2` crate has been deprecated; use `socket2` instead
+
+The [`net2`](https://crates.io/crates/net2) crate has been deprecated
+and users are encouraged to considered [`socket2`](https://crates.io/crates/socket2) instead.

crates/obstack/RUSTSEC-2020-0040.md

@@ -1,13 +1,14 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0040"
 package = "obstack"
 date = "2020-09-03"
 informational = "unsound"
-title = "Obstack generates unaligned references"
 url = "https://github.com/petertodd/rust-obstack/issues/4"
-description = """
-Obstack generates unaligned references for types that require a large alignment.
-"""
-
 [versions]
 patched = [">= 0.1.4"]
+```
+
+# Obstack generates unaligned references
+
+Obstack generates unaligned references for types that require a large alignment.

crates/once_cell/RUSTSEC-2019-0017.md

@@ -1,25 +1,27 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0017"
 package = "once_cell"
+aliases = ["CVE-2019-16141"]
 date = "2019-09-01"
-title = "Panic during initialization of Lazy<T> might trigger undefined behavior"
-url = "https://github.com/matklad/once_cell/issues/46"
 keywords = ["undefined_behavior"]
-description = """
+url = "https://github.com/matklad/once_cell/issues/46"
+
+[affected.functions]
+"once_cell::sync::Lazy::deref" = ["< 1.0.1, >= 0.2.5"]
+"once_cell::sync::Lazy::force" = ["< 1.0.1, >= 0.2.5"]
+"once_cell::unsync::Lazy::deref" = ["< 1.0.1, >= 0.2.5"]
+"once_cell::unsync::Lazy::force" = ["< 1.0.1, >= 0.2.5"]
+
+[versions]
+patched = [">= 1.0.1"]
+unaffected = ["< 0.2.5"]
+```
+
+# Panic during initialization of Lazy<T> might trigger undefined behavior
+
 If during the first dereference of Lazy<T> the initialization function panics,
 subsequent derefernces will execute `std::hints::unreachable_unchecked`.
 
 Applications with `panic = "abort"` are not affected, as there will be no
 subsequent dereferences.
-"""
-aliases = ["CVE-2019-16141"]
-
-[affected.functions]
-"once_cell::unsync::Lazy::force" = ["< 1.0.1, >= 0.2.5"]
-"once_cell::unsync::Lazy::deref" = ["< 1.0.1, >= 0.2.5"]
-"once_cell::sync::Lazy::force" = ["< 1.0.1, >= 0.2.5"]
-"once_cell::sync::Lazy::deref" = ["< 1.0.1, >= 0.2.5"]
-
-[versions]
-patched = [">= 1.0.1"]
-unaffected = ["< 0.2.5"]

crates/openssl-src/RUSTSEC-2020-0015.md

@@ -1,18 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0015"
 package = "openssl-src"
-date = "2020-04-25"
-title = "Crash causing Denial of Service attack"
-url = "https://www.openssl.org/news/secadv/20200421.txt"
-categories = ["denial-of-service"]
-description = """
-Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 
-handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 
-"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature 
-algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of 
-Service attack."""
 aliases = ["CVE-2020-1967"]
+categories = ["denial-of-service"]
+date = "2020-04-25"
+url = "https://www.openssl.org/news/secadv/20200421.txt"
 
 [versions]
 patched = [">= 111.9.0+1.1.1g"]
 unaffected = ["< 111.6.0+1.1.1d"]
+```
+
+# Crash causing Denial of Service attack
+
+Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 
+handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 
+"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature 
+algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of 
+Service attack.

crates/openssl/RUSTSEC-2016-0001.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0001"
 package = "openssl"
+aliases = ["CVE-2016-10931"]
 date = "2016-11-05"
 keywords = ["ssl", "mitm"]
 url = "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0"
-title = "SSL/TLS MitM vulnerability due to insecure defaults"
+[versions]
-description = """
+patched = [">= 0.9.0"]
+```
+
+# SSL/TLS MitM vulnerability due to insecure defaults
+
 All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults
 including off-by-default certificate verification and no API to perform hostname
 verification.
@@ -17,8 +23,3 @@ The problem was addressed in newer versions by enabling certificate verification
 by default and exposing APIs to perform hostname verification. Use the
 `SslConnector` and `SslAcceptor` types to take advantage of these new features
 (as opposed to the lower-level `SslContext` type).
-"""
-aliases = ["CVE-2016-10931"]
-
-[versions]
-patched = [">= 0.9.0"]

crates/openssl/RUSTSEC-2018-0010.md

@@ -1,13 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0010"
 package = "openssl"
-date = "2018-06-01"
-title = "Use after free in CMS Signing"
-url = "https://github.com/sfackler/rust-openssl/pull/942"
-keywords = ["memory-corruption"]
-description = "Affected versions of the OpenSSL crate used structures after they'd been freed."
 aliases = ["CVE-2018-20997"]
+date = "2018-06-01"
+keywords = ["memory-corruption"]
+url = "https://github.com/sfackler/rust-openssl/pull/942"
 
 [versions]
 patched = [">= 0.10.9"]
 unaffected = ["< 0.10.8"]
+```
+
+# Use after free in CMS Signing
+
+Affected versions of the OpenSSL crate used structures after they'd been freed.

crates/ordnung/RUSTSEC-2020-0038.md

@@ -1,15 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0038"
 package = "ordnung"
 date = "2020-09-03"
-title = "Memory safety issues in `compact::Vec`"
 url = "https://github.com/maciejhirsz/ordnung/issues/8"
-description = """
+
+[versions]
+patched = []
+```
+
+# Memory safety issues in `compact::Vec`
+
 `compact::Vec` contains multiple memory safety issues.
 
 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit.
 2. `remove()` is not panic-safe and causes double-free when an index larger than the length is provided.
-"""
-
-[versions]
-patched = []

crates/orion/RUSTSEC-2018-0012.md

@@ -1,17 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0012"
 package = "orion"
+aliases = ["CVE-2018-20999"]
 date = "2018-12-20"
-title = "Flaw in streaming state reset() functions can create incorrect results."
 url = "https://github.com/brycx/orion/issues/46"
-description = """
+
+[versions]
+patched = [">= 0.11.2"]
+```
+
+# Flaw in streaming state reset() functions can create incorrect results.
+
 Affected versions of this crate did not properly reset a streaming state.
 
 Resetting a streaming state, without finalising it first, creates incorrect results.
  
 The flaw was corrected by not first checking if the state had already been reset, when calling reset().
-"""
-aliases = ["CVE-2018-20999"]
-
-[versions]
-patched = [">= 0.11.2"]

crates/os_str_bytes/RUSTSEC-2020-0012.md

@@ -1,10 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0012"
 package = "os_str_bytes"
 date = "2020-04-24"
-title = "Relies on undefined behavior of `char::from_u32_unchecked`"
 url = "https://github.com/dylni/os_str_bytes/pull/1"
-description = """
+
+[affected]
+os = ["windows"]
+
+[versions]
+patched = [">= 2.0.0"]
+```
+
+# Relies on undefined behavior of `char::from_u32_unchecked`
+
 The Windows implementation of this crate relied on the behavior of
 `std::char::from_u32_unchecked` when its safety clause is violated.
 Even though this worked with Rust versions up to 1.42 (at least),
@@ -12,10 +21,3 @@ that behavior could change with any new Rust version, possibly leading
 a security issue.
 
 The flaw was corrected in version 2.0.0.
-"""
-
-[affected]
-os = ["windows"]
-
-[versions]
-patched = [">= 2.0.0"]

crates/ozone/RUSTSEC-2020-0022.md

@@ -1,12 +1,14 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0022"
 package = "ozone"
 date = "2020-07-04"
-title = "Ozone contains several memory safety issues"
-description = """
-Ozone contains several memory safety issues including [out-of-bound access](https://github.com/bqv/ozone/blob/e21f948b0178ab305f644118f18d87a838c618e0/src/buffer.rs#L38-L48)
-and dropping of [uninitialized memory](https://github.com/bqv/ozone/blob/e21f948b0178ab305f644118f18d87a838c618e0/src/map.rs#L94-L101).
-"""
 
 [versions]
 patched = []
+```
+
+# Ozone contains several memory safety issues
+
+Ozone contains several memory safety issues including [out-of-bound access](https://github.com/bqv/ozone/blob/e21f948b0178ab305f644118f18d87a838c618e0/src/buffer.rs#L38-L48)
+and dropping of [uninitialized memory](https://github.com/bqv/ozone/blob/e21f948b0178ab305f644118f18d87a838c618e0/src/map.rs#L94-L101).

crates/pancurses/RUSTSEC-2019-0005.md

@@ -1,15 +1,10 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0005"
 package = "pancurses"
-date = "2019-06-15"
-title = "Format string vulnerabilities in `pancurses`"
-url = "https://github.com/RustSec/advisory-db/issues/106"
-description = """
-`pancurses::mvprintw` and `pancurses::printw` passes a pointer from a rust `&str` to C,
-allowing hostile input to execute a format string attack, which trivially allows writing
-arbitrary data to stack memory.
-"""
 aliases = ["CVE-2019-15546"]
+date = "2019-06-15"
+url = "https://github.com/RustSec/advisory-db/issues/106"
 
 [affected.functions]
 "pancurses::mvprintw" = [">= 0"]
@@ -17,3 +12,10 @@ aliases = ["CVE-2019-15546"]
 
 [versions]
 patched = []
+```
+
+# Format string vulnerabilities in `pancurses`
+
+`pancurses::mvprintw` and `pancurses::printw` passes a pointer from a rust `&str` to C,
+allowing hostile input to execute a format string attack, which trivially allows writing
+arbitrary data to stack memory.

crates/plutonium/RUSTSEC-2020-0011.md

@@ -1,15 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0011"
 package = "plutonium"
 date = "2020-04-23"
-yanked = true
 informational = "notice"
-title = "Library exclusively intended to obfuscate code."
 url = "https://docs.rs/plutonium/0.2.2/plutonium/"
-description = """
+yanked = true
+
+[versions]
+patched = []
+```
+
+# Library exclusively intended to obfuscate code.
+
 This crate allows you to write safe functions with unsafe bodies without the `unsafe` keyword.
 
 The value this adds is questionable, and hides `unsafe` usages from naive analysis.
-"""
-[versions]
-patched = []

crates/pnet/RUSTSEC-2019-0037.md

@@ -1,18 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0037"
 package = "pnet"
-date = "2019-06-11"
-title = "Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT"
-url = "https://github.com/libpnet/libpnet/issues/449"
 categories = ["memory-corruption"]
 cvss = "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"
+date = "2019-06-11"
 keywords = ["segfault"]
-description = """
+url = "https://github.com/libpnet/libpnet/issues/449"
-Affected versions of this crate were optimized out by compiler,
-which caused dereference of uninitialized file descriptor which caused segfault.
-"""
 [affected.functions]
 "pnet::transport::IcmpTransportChannelIterator" = ["< 0.26.0"]
-
 [versions]
-patched = [">= 0.26.0"] # no patch exists yet
+patched = [">= 0.26.0"]
+```
+
+# Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT
+
+Affected versions of this crate were optimized out by compiler,
+which caused dereference of uninitialized file descriptor which caused segfault.

crates/portaudio-rs/RUSTSEC-2019-0022.md

@@ -1,12 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0022"
 package = "portaudio-rs"
-date = "2019-09-14"
+aliases = ["CVE-2019-16881"]
-title = "Stream callback function is not unwind safe"
-url = "https://github.com/mvdnes/portaudio-rs/issues/20"
 categories = ["code-execution", "memory-corruption"]
+date = "2019-09-14"
 keywords = ["audio", "ffi"]
-description = """
+url = "https://github.com/mvdnes/portaudio-rs/issues/20"
+
+[versions]
+patched = ["> 0.3.1"]
+```
+
+# Stream callback function is not unwind safe
+
 Affected versions of this crate is not panic safe within callback functions `stream_callback` and `stream_finished_callback`.
 
 The call to user-provided closure might panic before a `mem::forget` call, which then causes a use after free that grants attacker to control the callback function pointer.
@@ -14,8 +21,3 @@ The call to user-provided closure might panic before a `mem::forget` call, which
 This allows an attacker to construct an arbitrary code execution .
  
 The flaw was reported by Phosphorus15.
-"""
-aliases = ["CVE-2019-16881"]
-
-[versions]
-patched = ["> 0.3.1"]

crates/portaudio/RUSTSEC-2016-0003.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0003"
 package = "portaudio"
+aliases = ["CVE-2016-10933"]
 date = "2016-08-01"
-title = "HTTP download and execution allows MitM RCE"
-url = "https://github.com/RustAudio/rust-portaudio/issues/144"
 keywords = ["ssl", "mitm"]
-description = """
+url = "https://github.com/RustAudio/rust-portaudio/issues/144"
+
+[versions]
+patched = []
+```
+
+# HTTP download and execution allows MitM RCE
+
 The build script in the portaudio crate will attempt to download via HTTP
 the portaudio source and build it.
 
 A Mallory in the middle can intercept the download with their own archive
 and get RCE.
-"""
-aliases = ["CVE-2016-10933"]
-
-[versions]
-patched = []

crates/prost/RUSTSEC-2020-0002.md

@@ -1,12 +1,18 @@
+```toml
 [advisory]
+categories = ["denial-of-service", "memory-corruption"]
+date = "2020-01-16"
 id = "RUSTSEC-2020-0002"
 package = "prost"
-date = "2020-01-16"
-title = "Parsing a specially crafted message can result in a stack overflow"
-url = "https://github.com/danburkert/prost/issues/267"
-categories = ["denial-of-service", "memory-corruption"]
 keywords = ["stack overflow"]
-description = """
+url = "https://github.com/danburkert/prost/issues/267"
+
+[versions]
+patched = [">= 0.6.1"]
+```
+
+# Parsing a specially crafted message can result in a stack overflow
+
 Affected versions of this crate contained a bug in which decoding untrusted
 input could overflow the stack.
 
@@ -16,7 +22,3 @@ overflowing the stack is unsound and can result in potential memory corruption
 (or even RCE).
  
 The flaw was quickly corrected by @danburkert and released in version 0.6.1.
-"""
-
-[versions]
-patched = [">= 0.6.1"]

crates/protobuf/RUSTSEC-2019-0003.md

@@ -1,21 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0003"
 package = "protobuf"
-date = "2019-06-08"
-title = "Out of Memory in stream::read_raw_bytes_into()"
-url = "https://github.com/stepancheg/rust-protobuf/issues/411"
-categories = ["denial-of-service"]
-keywords = ["oom", "panic"]
-description = """
-Affected versions of this crate called Vec::reserve() on user-supplied input.
-
-This allows an attacker to cause an Out of Memory condition while calling the
-vulnerable method on untrusted data.
-"""
 aliases = ["CVE-2019-15544"]
+categories = ["denial-of-service"]
+date = "2019-06-08"
+keywords = ["oom", "panic"]
+url = "https://github.com/stepancheg/rust-protobuf/issues/411"
 
 [affected.functions]
 "protobuf::stream::read_raw_bytes_into" = ["< 2.6.0"]
 
 [versions]
 patched = ["^1.7.5", ">= 2.6.0"]
+```
+
+# Out of Memory in stream::read_raw_bytes_into()
+
+Affected versions of this crate called Vec::reserve() on user-supplied input.
+
+This allows an attacker to cause an Out of Memory condition while calling the
+vulnerable method on untrusted data.

crates/quickersort/RUSTSEC-2018-0016.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0016"
 package = "quickersort"
 date = "2018-06-30"
-title = "quickersort is deprecated and unmaintained"
 informational = "unmaintained"
 url = "https://github.com/notriddle/quickersort/commit/0bc164366315801f0c6b31f4081b7df9fc894076"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 3.0.1"]
+```
+
+# quickersort is deprecated and unmaintained
+
 The author of the `quickersort` crate has deprecated it and does not recommend using it anymore.
 
 Everything in it has been incorporated into [std::sort_unstable] in the standard library as of Rust 1.20.
 
 [std::sort_unstable]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.sort_unstable
-"""
-
-[versions]
-patched = []
-unaffected = ["> 3.0.1"]

crates/rand_core/RUSTSEC-2019-0035.md

@@ -1,21 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0035"
-aliases = ["GHSA-mmc9-pwm7-qj5w", "CVE-2020-25576"]
 package = "rand_core"
+aliases = ["GHSA-mmc9-pwm7-qj5w", "CVE-2020-25576"]
 date = "2019-04-19"
 informational = "unsound"
-title = "Unaligned memory access"
+url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
-description = """
+
+[affected.functions]
+"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
+"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
+
+[versions]
+patched = [">= 0.4.2"]
+```
+
+# Unaligned memory access
+
 Affected versions of this crate violated alignment when casting byte slices to
 integer slices, resulting in undefined behavior.
 
 The flaw was corrected by Ralf Jung and Diggory Hardy.
-"""
-url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
-
-[affected.functions]
-"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
-"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
-
-[versions]
-patched = [">= 0.4.2"]

crates/renderdoc/RUSTSEC-2019-0018.md

@@ -1,11 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0018"
 package = "renderdoc"
+aliases = ["CVE-2019-16142"]
 date = "2019-09-02"
-title = "Internally mutating methods take immutable ref self"
-url = "https://github.com/ebkalderon/renderdoc-rs/pull/32"
 keywords = ["undefined_behavior"]
-description = """
+url = "https://github.com/ebkalderon/renderdoc-rs/pull/32"
+
+[affected.functions]
+"renderdoc::api::RenderDocV110::trigger_multi_frame_capture" = ["< 0.5.0"]
+"renderdoc::api::RenderDocV120::set_capture_file_comments" = ["< 0.5.0"]
+
+[versions]
+patched = [">= 0.5.0"]
+```
+
+# Internally mutating methods take immutable ref self
+
 Affected versions of this crate exposed several methods which took `self` by
 immutable reference, despite the requesting the RenderDoc API to set a mutable
 value internally.
@@ -14,12 +25,3 @@ This is technically unsound and calling these methods from multiple threads
 without synchronization could lead to unexpected and unpredictable behavior.
 
 The flaw was corrected in release 0.5.0.
-"""
-aliases = ["CVE-2019-16142"]
-
-[affected.functions]
-"renderdoc::api::RenderDocV110::trigger_multi_frame_capture" = ["< 0.5.0"]
-"renderdoc::api::RenderDocV120::set_capture_file_comments" = ["< 0.5.0"]
-
-[versions]
-patched = [">= 0.5.0"]

crates/rgb/RUSTSEC-2020-0029.md

@@ -1,13 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0029"
-aliases = ["CVE-2020-25016"]
 package = "rgb"
+aliases = ["CVE-2020-25016"]
 date = "2020-06-14"
-title = "Allows viewing and modifying arbitrary structs as bytes"
-url = "https://github.com/kornelski/rust-rgb/issues/35"
 informational = "unsound"
 keywords = ["type confusion"]
-description = """
+url = "https://github.com/kornelski/rust-rgb/issues/35"
+
+[versions]
+patched = [">= 0.8.20"]
+unaffected = ["< 0.5.4"]
+```
+
+# Allows viewing and modifying arbitrary structs as bytes
+
 Affected versions of rgb crate allow viewing and modifying data of any type `T` wrapped in `RGB<T>` as bytes,
 and do not correctly constrain `RGB<T>` and other wrapper structures to the types for which it is safe to do so.
 
@@ -18,7 +25,3 @@ Safety violation possible for a type wrapped in `RGB<T>` and similar wrapper str
  * Any safety and/or validity invariants for `T` may be violated.
  
 The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
-"""
-[versions]
-patched = [">= 0.8.20"]
-unaffected = ["< 0.5.4"]

crates/rio/RUSTSEC-2020-0021.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
+categories = ["memory-corruption", "memory-exposure"]
+date = "2020-05-11"
 id = "RUSTSEC-2020-0021"
 package = "rio"
-date = "2020-05-11"
-title = "rio allows a use-after-free buffer access when a future is leaked"
 url = "https://github.com/spacejam/rio/issues/11"
-categories = ["memory-corruption", "memory-exposure"]
+
-description = """
+[versions]
+patched = []
+```
+
+# rio allows a use-after-free buffer access when a future is leaked
+
 When a `rio::Completion` is leaked, its drop code will not run. The drop code
 is responsible for waiting until the kernel completes the I/O operation into, or
 out of, the buffer borrowed by `rio::Completion`. Leaking the struct will allow
@@ -13,7 +19,3 @@ one to access and/or drop the buffer, which can lead to a use-after-free,
 data races or leaking secrets.
 
 Upstream is not interested in fixing the issue.
-"""
-
-[versions]
-patched = []

crates/rmpv/RUSTSEC-2017-0006.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0006"
 package = "rmpv"
-date = "2017-11-21"
-title = "Unchecked vector pre-allocation"
-url = "https://github.com/3Hren/msgpack-rust/issues/151"
 categories = ["denial-of-service"]
+date = "2017-11-21"
 keywords = ["memory", "dos", "msgpack", "serialization", "deserialization"]
-description = """
+url = "https://github.com/3Hren/msgpack-rust/issues/151"
+
+[versions]
+patched = [">= 0.4.2"]
+```
+
+# Unchecked vector pre-allocation
+
 Affected versions of this crate pre-allocate memory on deserializing raw
 buffers without checking whether there is sufficient data available.
 
 This allows an attacker to do denial-of-service attacks by sending small
 msgpack messages that allocate gigabytes of memory.
-"""
-
-[versions]
-patched = [">= 0.4.2"]

crates/rocket/RUSTSEC-2020-0028.md

@@ -1,20 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0028"
 package = "rocket"
 date = "2020-05-27"
 informational = "unsound"
-title = "`LocalRequest::clone` creates multiple mutable references to the same object"
 url = "https://github.com/SergioBenitez/Rocket/issues/1312"
-description = """
-The affected version of `rocket` contains a `Clone` trait implementation of
-`LocalRequest` that reuses the pointer to inner `Request` object.
-This causes data race in rare combinations of APIs if the original and the
-cloned objects are modified at the same time.
-"""
 
-[affected]
+[affected.functions]
-functions = { "rocket::local::LocalRequest::clone" = ["< 0.4.5, >= 0.4.0"] }
+"rocket::local::LocalRequest::clone" = ["< 0.4.5, >= 0.4.0"]
 
 [versions]
 patched = [">= 0.4.5"]
 unaffected = ["< 0.4.0"]
+```
+
+# `LocalRequest::clone` creates multiple mutable references to the same object
+
+The affected version of `rocket` contains a `Clone` trait implementation of
+`LocalRequest` that reuses the pointer to inner `Request` object.
+This causes data race in rare combinations of APIs if the original and the
+cloned objects are modified at the same time.

crates/rulinalg/RUSTSEC-2020-0023.md

@@ -1,23 +1,23 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0023"
 package = "rulinalg"
 date = "2020-02-11"
-title = "Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect"
 url = "https://github.com/AtheMathmo/rulinalg/issues/201"
-description = """
+
+[affected.functions]
+"rulinalg::matrix::RowMut::raw_slice" = [">= 0.4.0"]
+"rulinalg::matrix::RowMut::raw_slice_mut" = [">= 0.4.0"]
+
+[versions]
+patched = []
+unaffected = ["< 0.4.0"]
+```
+
+# Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect
+
 The affected version of `rulinalg` has incorrect lifetime boundary definitions
 for `RowMut::raw_slice` and `RowMut::raw_slice_mut`. They do not conform with
 Rust's borrowing rule and allows the user to create multiple mutable references
 to the same location. This may result in unexpected calculation result and data
 race if both references are used at the same time.
-"""
-
-[affected]
-
-    [affected.functions]
-    "rulinalg::matrix::RowMut::raw_slice" = [">= 0.4.0"]
-    "rulinalg::matrix::RowMut::raw_slice_mut" = [">= 0.4.0"]
-
-[versions]
-patched = []
-unaffected = ["< 0.4.0"]

crates/rusqlite/RUSTSEC-2020-0014.md

@@ -1,24 +1,25 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0014"
 package = "rusqlite"
 date = "2020-04-23"
-title = "Various memory safety issues"
 url = "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0"
 
-description = """
+[affected.functions]
+"rusqlite::Connection::get_aux" = ["< 0.23.0"]
+"rusqlite::Connection::set_aux" = ["< 0.23.0"]
+"rusqlite::session::Session::attach" = ["< 0.23.0"]
+"rusqlite::session::Session::diff" = ["< 0.23.0"]
+"rusqlite::trace::log" = ["< 0.23.0"]
+"rusqlite::vtab::create_module" = ["< 0.23.0"]
+
+[versions]
+patched = [">= 0.23.0"]
+```
+
+# Various memory safety issues
+
 Several memory safety issues have been uncovered in an audit of
 rusqlite.
 
 See https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list.
-"""
-
-[affected.functions]
-"rusqlite::trace::log" = ["< 0.23.0"]
-"rusqlite::Connection::set_aux" = ["< 0.23.0"]
-"rusqlite::Connection::get_aux" = ["< 0.23.0"]
-"rusqlite::vtab::create_module" = ["< 0.23.0"]
-"rusqlite::session::Session::attach" = ["< 0.23.0"]
-"rusqlite::session::Session::diff" = ["< 0.23.0"]
-
-[versions]
-patched = [">= 0.23.0"]

crates/rust-crypto/RUSTSEC-2016-0005.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2016-0005"
 package = "rust-crypto"
-title = "rust-crypto is unmaintained; switch to a modern alternative"
+date = "2016-09-06"
 informational = "unmaintained"
-date = "2016-09-06" # last GitHub commit
 url = "https://github.com/DaGenix/rust-crypto/issues/440"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.2.36"]
+```
+
+# rust-crypto is unmaintained; switch to a modern alternative
+
 The `rust-crypto` crate has not seen a release or GitHub commit since 2016,
 and its author is unresponsive.
 
@@ -87,8 +94,3 @@ which algorithms you need:
 [`x25519-dalek`]: https://crates.io/crates/x25519-dalek
 [`xsalsa20poly1305`]: https://crates.io/crates/xsalsa20poly1305
 [`orion`]: https://crates.io/crates/orion
-"""
-
-[versions]
-unaffected = ["> 0.2.36"] # last release
-patched = []

crates/rust_sodium/RUSTSEC-2020-0003.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0003"
 package = "rust_sodium"
 date = "2020-01-20"
 informational = "unmaintained"
-title = "rust_sodium is unmaintained; switch to a modern alternative"
+url = "https://github.com/maidsafe/rust_sodium/pull/117"
-description = """
+
+[versions]
+patched = []
+unaffected = ["> 0.10.2"]
+```
+
+# rust_sodium is unmaintained; switch to a modern alternative
+
 The `rust_sodium` crate is no longer maintained by its current owner, who
 advise in the repository readme that they are looking for
 someone else to take ownership of it.
 
 We recommend you switch to an alternative crate such as:
 - [`sodiumoxide`](https://crates.io/crates/sodiumoxide)
-"""
-url = "https://github.com/maidsafe/rust_sodium/pull/117"
-
-[versions]
-patched = []
-unaffected = ["> 0.10.2"]

crates/rustsec-example-crate/RUSTSEC-2019-0024.md

@@ -1,10 +1,16 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0024"
 package = "rustsec-example-crate"
 date = "2019-10-08"
 url = "https://github.com/RustSec/advisory-db/issues/158"
-title = "Test advisory with associated example crate"
+
-description = """
+[versions]
+patched = [">= 1.0.0"]
+```
+
+# Test advisory with associated example crate
+
 This is a test advisory useful for verifying RustSec tooling and vulnerability
 detection pipelines are working correctly. Aside from the fact that it is filed
 against an example crate, it is otherwise considered by the Advisory Database
@@ -21,7 +27,3 @@ identical to the v0.0.1 release)
 
 [v0.0.1]: https://crates.io/crates/rustsec-example-crate/0.0.1
 [v1.0.0]: https://crates.io/crates/rustsec-example-crate/1.0.0
-"""
-
-[versions]
-patched = [">= 1.0.0"]

crates/rustsec/RUSTSEC-2020-0051.md

@@ -1,10 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0051"
 package = "rustsec"
-title = "Obsolete versions of the `rustsec` crate do not support the new V3 advisory format"
 date = "2020-10-01"
 url = "https://github.com/RustSec/advisory-db/issues/414"
-description = """
+
+[versions]
+patched = []
+unaffected = [">= 0.19.0"]
+```
+
+# Obsolete versions of the `rustsec` crate do not support the new V3 advisory format
+
 If you are seeing this message, you are running an obsolete version of
 `cargo-audit` which does not support the new V3 advisory format.
 These versions are end-of-life.
@@ -13,8 +20,3 @@ This advisory is a notice that that it will soon be unable to parse the
 advisory database.
 
 Please upgrade `cargo-audit` to a newer release.
-"""
-
-[versions]
-unaffected = [">= 0.19.0"]
-patched = []

crates/safe-transmute/RUSTSEC-2018-0013.md

@@ -1,23 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0013"
 package = "safe-transmute"
-date = "2018-11-27"
-title = "Vec-to-vec transmutations could lead to heap overflow/corruption"
-description = """
-Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor,
-which could lead to memory corruption or data leakage.
-
-The flaw was corrected by using the constructor correctly.
-"""
-url = "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36"
-keywords = ["memory-corruption"]
-
-# TODO(tarcieri): fix linter to respect crate name
-#[affected.functions]
-#"safe_transmute::guarded_transmute_vec_permissive" = [">= 0.4.0, <= 0.10.0"]
-#"safe_transmute::guarded_transmute_to_bytes_vec" = ["= 0.10.0"]
 aliases = ["CVE-2018-21000"]
+date = "2018-11-27"
+keywords = ["memory-corruption"]
+url = "https://github.com/nabijaczleweli/safe-transmute-rs/pull/36"
 
 [versions]
 patched = [">= 0.10.1"]
 unaffected = ["< 0.4.0"]
+```
+
+# Vec-to-vec transmutations could lead to heap overflow/corruption
+
+Affected versions of this crate switched the length and capacity arguments in the Vec::from_raw_parts() constructor,
+which could lead to memory corruption or data leakage.
+
+The flaw was corrected by using the constructor correctly.

crates/security-framework/RUSTSEC-2017-0003.md

@@ -1,19 +1,21 @@
+```toml
 [advisory]
 id = "RUSTSEC-2017-0003"
 package = "security-framework"
+aliases = ["CVE-2017-18588"]
 date = "2017-03-15"
 keywords = ["mitm"]
 url = "https://github.com/sfackler/rust-security-framework/pull/27"
-title = "Hostname verification skipped when custom root certs used"
+
-description = """
+[versions]
+patched = [">= 0.1.12"]
+```
+
+# Hostname verification skipped when custom root certs used
+
 If custom root certificates were registered with a `ClientBuilder`, the
 hostname of the target server would not be validated against its presented leaf
 certificate.
 
 This issue was fixed by properly configuring the trust evaluation logic to
 perform that check.
-"""
-aliases = ["CVE-2017-18588"]
-
-[versions]
-patched = [">= 0.1.12"]

crates/serde_cbor/RUSTSEC-2019-0025.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0025"
 package = "serde_cbor"
-date = "2019-10-03"
-title = "Flaw in CBOR deserializer allows stack overflow"
-url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
 categories = ["crypto-failure"]
+date = "2019-10-03"
 keywords = ["stack-overflow", "crash", "denial-of-service"]
-description = """
+url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
+
+[versions]
+patched = [">= 0.10.2"]
+```
+
+# Flaw in CBOR deserializer allows stack overflow
+
 Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization.
 
 This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow.
  
 The flaw was corrected by limiting the allowed number of nested tags.
-"""
-
-[versions]
-patched = [">= 0.10.2"]

crates/serde_yaml/RUSTSEC-2018-0005.md

@@ -1,11 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0005"
 package = "serde_yaml"
 date = "2018-09-17"
-title = "Uncontrolled recursion leads to abort in deserialization"
-url = "https://github.com/dtolnay/serde-yaml/pull/105"
 keywords = ["crash"]
-description = """
+url = "https://github.com/dtolnay/serde-yaml/pull/105"
+
+[versions]
+patched = [">= 0.8.4"]
+unaffected = ["< 0.6.0-rc1"]
+```
+
+# Uncontrolled recursion leads to abort in deserialization
+
 Affected versions of this crate did not properly check for recursion
 while deserializing aliases.
 
@@ -13,8 +20,3 @@ This allows an attacker to make a YAML file with an alias referring
 to itself causing an abort.
 
 The flaw was corrected by checking the recursion depth.
-"""
-
-[versions]
-patched = [">= 0.8.4"]
-unaffected = ["< 0.6.0-rc1"]

crates/simd-json/RUSTSEC-2019-0008.md

@@ -1,11 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0008"
 package = "simd-json"
+aliases = ["CVE-2019-15550"]
 date = "2019-06-24"
-title = "Flaw in string parsing can lead to crashes due to invalid memory access."
-url = "https://github.com/Licenser/simdjson-rs/pull/27"
 keywords = ["simd"]
-description = """
+url = "https://github.com/Licenser/simdjson-rs/pull/27"
+
+[affected]
+arch = ["x86", "x86_64"]
+
+[versions]
+patched = [">= 0.1.15"]
+unaffected = ["<= 0.1.13"]
+```
+
+# Flaw in string parsing can lead to crashes due to invalid memory access.
+
 The affected version of this crate did not guard against accessing memory
 beyond the range of its input data. A pointer cast to read the data into
 a 256-bit register could lead to a segmentation fault when the end plus
@@ -23,12 +34,3 @@ This allows an attacker to eventually crash a service.
 
 The flaw was corrected by using a padding buffer for the last read from the
 input. So that we are we never read over the boundary of the input data.
-"""
-aliases = ["CVE-2019-15550"]
-
-[affected]
-arch = ["x86", "x86_64"]
-
-[versions]
-patched = [">= 0.1.15"]
-unaffected = ["<= 0.1.13"]

crates/simple-slab/RUSTSEC-2020-0039.md

@@ -1,12 +1,14 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0039"
 package = "simple-slab"
 date = "2020-09-03"
-title = "`index()` allows out-of-bound read and `remove()` has off-by-one error"
 url = "https://github.com/nathansizemore/simple-slab/issues/2"
-description = """
-`Slab::index()` does not perform the boundary checking, which leads to out-of-bound read access. `Slab::remove()` copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.
-"""
 
 [versions]
 patched = [">= 0.3.3"]
+```
+
+# `index()` allows out-of-bound read and `remove()` has off-by-one error
+
+`Slab::index()` does not perform the boundary checking, which leads to out-of-bound read access. `Slab::remove()` copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.

crates/sized-chunks/RUSTSEC-2020-0041.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0041"
-aliases = ["CVE-2020-25791", "CVE-2020-25792", "CVE-2020-25793", "CVE-2020-25794", "CVE-2020-25795", "CVE-2020-25796"]
 package = "sized-chunks"
+aliases = ["CVE-2020-25791", "CVE-2020-25792", "CVE-2020-25793", "CVE-2020-25794", "CVE-2020-25795", "CVE-2020-25796"]
 date = "2020-09-06"
-title = "Multiple soundness issues in Chunk and InlineArray"
 url = "https://github.com/bodil/sized-chunks/issues/11"
-description = """
+
+[versions]
+patched = []
+```
+
+# Multiple soundness issues in Chunk and InlineArray
+
 Chunk:
 
 * Array size is not checked when constructed with `unit()` and `pair()`.
@@ -15,7 +21,3 @@ Chunk:
 InlineArray:
 
 * Generates unaligned references for types with a large alignment requirement.
-"""
-
-[versions]
-patched = []

crates/slice-deque/RUSTSEC-2018-0008.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0008"
 package = "slice-deque"
+aliases = ["CVE-2018-20995"]
 date = "2018-12-05"
-url = "https://github.com/gnzlbg/slice_deque/issues/57"
 keywords = ["memory-corruption", "rce"]
-title = "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory"
+url = "https://github.com/gnzlbg/slice_deque/issues/57"
-description = """
+
+[versions]
+patched = [">= 0.1.16"]
+```
+
+# Bug in SliceDeque::move_head_unchecked allows read of corrupted memory
 
 Affected versions of this crate did not properly update the
 head and tail of the deque when inserting and removing elements from the front
@@ -21,8 +27,4 @@ containing previously dropped objects, etc. An attacker could exploit this to
 alter program execution.
 
 The flaw was corrected by properly updating the head and tail of the deque in
-this case. """
+this case. 
-aliases = ["CVE-2018-20995"]
-
-[versions]
-patched = [">= 0.1.16"]

crates/slice-deque/RUSTSEC-2019-0002.md

@@ -1,12 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0002"
 package = "slice-deque"
+aliases = ["CVE-2019-15543"]
 date = "2019-05-07"
-title = "Bug in SliceDeque::move_head_unchecked corrupts its memory"
-url = "https://github.com/gnzlbg/slice_deque/issues/57"
 keywords = ["memory-corruption", "rce"]
 references = ["RUSTSEC-2018-0008"]
-description = """
+url = "https://github.com/gnzlbg/slice_deque/issues/57"
+
+[versions]
+patched = [">= 0.2.0"]
+```
+
+# Bug in SliceDeque::move_head_unchecked corrupts its memory
+
 Affected versions of this crate entered a corrupted state if
 `mem::size_of::<T>() % allocation_granularity() != 0` and a specific allocation
 pattern was used: sufficiently shifting the deque elements over the mirrored
@@ -21,8 +28,3 @@ whose value representation is not meaningful). This is undefined behavior.
 The flaw was corrected by using a pair of pointers to track the head and tail of
 the deque instead of a pair of indices. This pair of pointers are represented
 using a Rust slice.
-"""
-aliases = ["CVE-2019-15543"]
-
-[versions]
-patched = [">= 0.2.0"]

crates/smallvec/RUSTSEC-2018-0003.md

@@ -1,11 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0003"
 package = "smallvec"
-url = "https://github.com/servo/rust-smallvec/issues/96"
+aliases = ["CVE-2018-20991"]
-keywords = ["memory-corruption"]
-title = "Possible double free during unwinding in SmallVec::insert_many"
 date = "2018-07-19"
-description = """
+keywords = ["memory-corruption"]
+url = "https://github.com/servo/rust-smallvec/issues/96"
+
+[versions]
+patched = [">= 0.6.3", "^0.3.4", "^0.4.5", "^0.5.1"]
+unaffected = ["< 0.3.2"]
+```
+
+# Possible double free during unwinding in SmallVec::insert_many
+
 If an iterator passed to `SmallVec::insert_many` panicked in `Iterator::next`,
 destructors were run during unwinding while the vector was in an inconsistent
 state, possibly causing a double free (a destructor running on two copies of
@@ -17,9 +25,3 @@ original positions.  Items may now be leaked if `Iterator::next` panics, but
 they will not be dropped more than once.
 
 Thank you to @Vurich for reporting this bug.
-"""
-aliases = ["CVE-2018-20991"]
-
-[versions]
-unaffected = ["< 0.3.2"]
-patched = [">= 0.6.3", "^0.3.4", "^0.4.5", "^0.5.1"]

crates/smallvec/RUSTSEC-2018-0018.md

@@ -1,18 +1,18 @@
+```toml
 [advisory]
+date = "2018-09-25"
 id = "RUSTSEC-2018-0018"
 package = "smallvec"
-date = "2018-09-25"
 informational = "unsound"
-
-title = "smallvec creates uninitialized value of any type"
 url = "https://github.com/servo/rust-smallvec/issues/126"
 
-description = """
+[versions]
+patched = [">= 0.6.13"]
+```
+
+# smallvec creates uninitialized value of any type
+
 Affected versions of this crate called `mem::uninitialized()` to create values of a user-supplied type `T`.
 This is unsound e.g. if `T` is a reference type (which must be non-null and thus may not remain uninitialized).
  
 The flaw was corrected by avoiding the use of `mem::uninitialized()`, using `MaybeUninit` instead.
-"""
-
-[versions]
-patched = [">= 0.6.13"]

crates/smallvec/RUSTSEC-2019-0009.md

@@ -1,18 +1,11 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0009"
 package = "smallvec"
-date = "2019-06-06"
-title = "Double-free and use-after-free in SmallVec::grow()"
-url = "https://github.com/servo/rust-smallvec/issues/148"
-keywords = ["double free", "use after free", "arbitrary code execution"]
-description = """
-Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.
-
-An attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.
-
-Credits to @ehuss for discovering, reporting and fixing the bug.
-"""
 aliases = ["CVE-2019-15551"]
+date = "2019-06-06"
+keywords = ["double free", "use after free", "arbitrary code execution"]
+url = "https://github.com/servo/rust-smallvec/issues/148"
 
 [affected.functions]
 "smallvec::SmallVec::grow" = ["< 0.6.10, >= 0.6.5"]
@@ -20,3 +13,12 @@ aliases = ["CVE-2019-15551"]
 [versions]
 patched = [">= 0.6.10"]
 unaffected = ["< 0.6.5"]
+```
+
+# Double-free and use-after-free in SmallVec::grow()
+
+Attempting to call `grow` on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents.
+
+An attacker that controls the value passed to `grow` may exploit this flaw to obtain memory contents or gain remote code execution.
+
+Credits to @ehuss for discovering, reporting and fixing the bug.