Sync advisories ids from GitHub (#1881)

2025-12-27 01:54:07 -05:00 · 2024-02-10 16:57:43 +01:00
parent 6c0a974e07
commit e1a39a6085
25 changed files with 25 additions and 8 deletions
--- a/crates/bcder/RUSTSEC-2023-0062.md
+++ b/crates/bcder/RUSTSEC-2023-0062.md
@@ -6,7 +6,7 @@ date = "2023-09-13"
 url = "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt"
 categories = ["denial-of-service"]
 keywords = ["example", "freeform", "keywords"]
-aliases = ["CVE-2023-39914"]
+aliases = ["CVE-2023-39914", "GHSA-6jmw-6mxw-w4jc"]
 cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
 references = ["https://github.com/NLnetLabs/bcder/pull/74"]

--- a/crates/cocoon/RUSTSEC-2023-0068.md
+++ b/crates/cocoon/RUSTSEC-2023-0068.md
@@ -7,6 +7,7 @@ url = "https://github.com/fadeevab/cocoon/issues/22"
 categories = ["crypto-failure"]
 cvss = "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
 keywords = ["nonce", "stream-cipher"]
+aliases = ["GHSA-6878-6wc2-pf5h"]

 [affected.functions]
 "cocoon::Cocoon::encrypt" = ["<= 0.3.3"]
--- a/crates/failure/RUSTSEC-2020-0036.md
+++ b/crates/failure/RUSTSEC-2020-0036.md
@@ -5,7 +5,7 @@ package = "failure"
 date = "2020-05-02"
 informational = "unmaintained"
 url = "https://github.com/rust-lang-nursery/failure/pull/347"
-aliases = ["CVE-2020-25575", "GHSA-jq66-xh47-j9f3"]
+aliases = ["CVE-2019-25010", "CVE-2020-25575", "GHSA-jq66-xh47-j9f3", "GHSA-r98r-j25q-rmpr"]
 cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

 [versions]
--- a/crates/ferris-says/RUSTSEC-2024-0001.md
+++ b/crates/ferris-says/RUSTSEC-2024-0001.md
@@ -5,6 +5,7 @@ package = "ferris-says"
 date = "2024-01-13"
 url = "https://github.com/rust-lang/ferris-says/pull/21"
 informational = "unsound"
+aliases = ["GHSA-v363-rrf2-5fmj"]

 [versions]
 patched = [">= 0.3.1"]
--- a/crates/gix-transport/RUSTSEC-2023-0064.md
+++ b/crates/gix-transport/RUSTSEC-2023-0064.md
@@ -6,6 +6,7 @@ date = "2023-09-23"
 url = "https://github.com/Byron/gitoxide/pull/1032"
 references = ["https://secure.phabricator.com/T12961"]
 categories = ["code-execution"]
+aliases = ["GHSA-rrjw-j4m2-mf34"]
 [versions]
 patched = [">= 0.36.1"]
 ```
--- a/crates/h2/RUSTSEC-2024-0003.md
+++ b/crates/h2/RUSTSEC-2024-0003.md
@@ -7,6 +7,7 @@ references = ["https://github.com/Netflix/security-bulletins/blob/master/advisor
 categories = ["denial-of-service"]
 keywords = ["http", "http2", "h2"]
 related = ["CVE-2019-9514"]
+aliases = ["GHSA-8r5v-vm4m-4g25"]

 [versions]
 patched = ["^0.3.24", ">= 0.4.2"]
--- a/crates/inventory/RUSTSEC-2023-0057.md
+++ b/crates/inventory/RUSTSEC-2023-0057.md
@@ -6,6 +6,7 @@ date = "2023-09-10"
 url = "https://github.com/dtolnay/inventory/pull/43"
 informational = "unsound"
 keywords = ["life-before-main"]
+aliases = ["GHSA-ghc8-5cgm-5rpf"]

 [versions]
 patched = [">= 0.2.0"]
--- a/crates/inventory/RUSTSEC-2023-0058.md
+++ b/crates/inventory/RUSTSEC-2023-0058.md
@@ -7,6 +7,7 @@ url = "https://github.com/dtolnay/inventory/pull/42"
 informational = "unsound"
 categories = ["thread-safety"]
 keywords = ["life-before-main"]
+aliases = ["GHSA-36xm-35qq-795w"]

 [versions]
 patched = [">= 0.2.0"]
--- a/crates/lexical/RUSTSEC-2023-0055.md
+++ b/crates/lexical/RUSTSEC-2023-0055.md
@@ -5,6 +5,7 @@ package = "lexical"
 date = "2023-09-03"
 informational = "unsound"
 references = ["https://github.com/Alexhuszagh/rust-lexical/issues/102", "https://github.com/Alexhuszagh/rust-lexical/issues/101", "https://github.com/Alexhuszagh/rust-lexical/issues/95", "https://github.com/Alexhuszagh/rust-lexical/issues/104"]
+aliases = ["GHSA-c2hm-mjxv-89r4"]

 [versions]
 patched = []
--- a/crates/libpulse-binding/RUSTSEC-2018-0020.md
+++ b/crates/libpulse-binding/RUSTSEC-2018-0020.md
@@ -5,7 +5,7 @@ package = "libpulse-binding"
 date = "2018-12-22"
 url = "https://github.com/advisories/GHSA-6gvc-4jvj-pwq4"
 categories = ["memory-corruption"]
-aliases = ["GHSA-6gvc-4jvj-pwq4", "CVE-2018-25001"]
+aliases = ["CVE-2018-25001", "GHSA-6gvc-4jvj-pwq4", "GHSA-f56g-chqp-22m9"]
 cvss = "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"

 [versions]
--- a/crates/libwebp-sys/RUSTSEC-2023-0061.md
+++ b/crates/libwebp-sys/RUSTSEC-2023-0061.md
@@ -5,7 +5,7 @@ package = "libwebp-sys"
 date = "2023-09-12"
 categories = ["memory-corruption"]
 keywords = ["webp"]
-aliases = ["CVE-2023-5129", "CVE-2023-4863"]
+aliases = ["CVE-2023-4863", "CVE-2023-5129", "GHSA-j7hp-h8jx-5ppr"]

 [versions]
 patched = [">= 0.9.3"]
--- a/crates/libwebp-sys2/RUSTSEC-2023-0060.md
+++ b/crates/libwebp-sys2/RUSTSEC-2023-0060.md
@@ -5,7 +5,7 @@ package = "libwebp-sys2"
 date = "2023-09-12"
 categories = ["memory-corruption"]
 keywords = ["webp"]
-aliases = ["CVE-2023-5129", "CVE-2023-4863"]
+aliases = ["CVE-2023-4863", "CVE-2023-5129", "GHSA-j7hp-h8jx-5ppr"]

 [versions]
 patched = [">= 0.1.8"]
--- a/crates/openssl/RUSTSEC-2023-0072.md
+++ b/crates/openssl/RUSTSEC-2023-0072.md
@@ -6,6 +6,7 @@ date = "2023-11-23"
 url = "https://github.com/sfackler/rust-openssl/issues/2096"
 informational = "unsound"
 categories = ["memory-corruption"]
+aliases = ["GHSA-xphf-cx8h-7q9g"]

 [affected]
 functions = { "openssl::x509::store::X509StoreRef::objects" = ["< 0.10.60, >=0.10.29"] }
--- a/crates/pleaser/RUSTSEC-2023-0066.md
+++ b/crates/pleaser/RUSTSEC-2023-0066.md
@@ -2,7 +2,7 @@
 [advisory]
 id = "RUSTSEC-2023-0066"
 package = "pleaser"
-aliases = ["CVE-2023-46277"]
+aliases = ["CVE-2023-46277", "GHSA-cgf8-h3fp-h956"]
 date = "2023-04-29"
 url = "https://gitlab.com/edneville/please/-/issues/13"
 categories = ["privilege-escalation"]
--- a/crates/quinn-proto/RUSTSEC-2023-0063.md
+++ b/crates/quinn-proto/RUSTSEC-2023-0063.md
@@ -6,7 +6,7 @@ date = "2023-09-21"
 url = "https://github.com/quinn-rs/quinn/pull/1667"
 categories = ["denial-of-service"]
 keywords = ["panic"]
-aliases = ["GHSA-q8wc-j5m9-27w3"]
+aliases = ["CVE-2023-42805", "GHSA-q8wc-j5m9-27w3"]
 cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

 [versions]
--- a/crates/rosenpass/RUSTSEC-2023-0077.md
+++ b/crates/rosenpass/RUSTSEC-2023-0077.md
@@ -7,6 +7,7 @@ references = ["https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b
 categories = ["denial-of-service"]
 keywords = ["remote", "single-byte"]
 license = "CC0-1.0"
+aliases = ["GHSA-6ggr-cwv4-g7qg"]

 [versions]
 patched = [">= 0.2.1"]
--- a/crates/rust-i18n-support/RUSTSEC-2024-0007.md
+++ b/crates/rust-i18n-support/RUSTSEC-2024-0007.md
@@ -10,6 +10,7 @@ references = [
    "https://github.com/longbridgeapp/rust-i18n/pull/72",
    "https://github.com/longbridgeapp/rust-i18n/releases/tag/v3.0.1",
 ]
+aliases = ["GHSA-c8v3-jhv9-4ppc"]

 [affected]
 functions = { "rust_i18n_support::AtomicStr::as_str" = ["< 3.0.1, >= 3.0.0"] }
--- a/crates/self_cell/RUSTSEC-2023-0070.md
+++ b/crates/self_cell/RUSTSEC-2023-0070.md
@@ -6,6 +6,7 @@ date = "2023-11-10"
 url = "https://github.com/Voultapher/self_cell/issues/49"
 categories = []
 keywords = ["unsound", "self_cell", "self-referential"]
+aliases = ["GHSA-48m6-wm5p-rr6h"]

 [versions]
 patched = [">= 0.10.3, < 1.0.0", ">= 1.0.2"]
--- a/crates/socket2/RUSTSEC-2020-0079.md
+++ b/crates/socket2/RUSTSEC-2020-0079.md
@@ -6,7 +6,7 @@ date = "2020-11-06"
 url = "https://github.com/rust-lang/socket2-rs/issues/119"
 keywords = ["memory", "layout", "cast"]
 informational = "unsound"
-aliases = ["CVE-2020-35920", "GHSA-458v-4hrf-g3m4"]
+aliases = ["CVE-2020-35919", "CVE-2020-35920", "GHSA-458v-4hrf-g3m4", "GHSA-c79c-gwph-gqfm"]
 cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"

 [versions]
--- a/crates/svix/RUSTSEC-2024-0010.md
+++ b/crates/svix/RUSTSEC-2024-0010.md
@@ -5,6 +5,7 @@ package = "svix"
 date = "2024-02-06"
 url = "https://github.com/svix/svix-webhooks/pull/1190"
 categories = ["crypto-failure"]
+aliases = ["GHSA-w277-wpqf-rcfv"]

 [affected]
 functions = { "svix::webhooks::Webhook::verify" = ["< 1.17.0"] }
--- a/crates/threadalone/RUSTSEC-2024-0005.md
+++ b/crates/threadalone/RUSTSEC-2024-0005.md
@@ -5,6 +5,7 @@ package = "threadalone"
 date = "2024-01-07"
 url = "https://github.com/cr0sh/threadalone/issues/1"
 informational = "unsound"
+aliases = ["GHSA-w59h-378f-2frm"]

 [versions]
 patched = [">= 0.2.1"]
--- a/crates/tracing/RUSTSEC-2023-0078.md
+++ b/crates/tracing/RUSTSEC-2023-0078.md
@@ -7,6 +7,7 @@ url = "https://github.com/tokio-rs/tracing/pull/2765"
 informational = "unsound"
 categories = ["memory-corruption"]
 keywords = ["use-after-free"]
+aliases = ["GHSA-8f24-6m29-wm2r"]

 [versions]
 patched = [">= 0.1.40"]
--- a/crates/unsafe-libyaml/RUSTSEC-2023-0075.md
+++ b/crates/unsafe-libyaml/RUSTSEC-2023-0075.md
@@ -6,6 +6,7 @@ date = "2023-12-20"
 url = "https://github.com/dtolnay/unsafe-libyaml/issues/21"
 informational = "unsound"
 keywords = ["unaligned-write"]
+aliases = ["GHSA-r24f-hg58-vfrw"]

 [versions]
 patched = [">= 0.2.10"]
--- a/crates/users/RUSTSEC-2023-0059.md
+++ b/crates/users/RUSTSEC-2023-0059.md
@@ -6,6 +6,7 @@ date = "2023-09-10"
 url = "https://github.com/ogham/rust-users/issues/55"
 informational = "unsound"
 keywords = ["unaligned-read"]
+aliases = ["GHSA-jcr6-4frq-9gjj"]

 [versions]
 patched = []
--- a/crates/zerocopy/RUSTSEC-2023-0074.md
+++ b/crates/zerocopy/RUSTSEC-2023-0074.md
@@ -5,6 +5,7 @@ package = "zerocopy"
 date = "2023-12-14"
 url = "https://github.com/google/zerocopy/issues/716"
 keywords = ["ref", "refcell", "mutable-aliasing"]
+aliases = ["GHSA-3mv5-343c-w2qg", "GHSA-rjhf-4mh8-9xjq"]

 [versions]
 patched = [">= 0.2.9, < 0.3.0", ">= 0.3.2, < 0.4.0", ">= 0.4.1, < 0.5.0", ">= 0.5.2, < 0.6.0", ">= 0.6.6, < 0.7.0", ">= 0.7.31"]