From e1a39a608578ce903f445978702bac79d09263d3 Mon Sep 17 00:00:00 2001 From: Alexis Mousset Date: Sat, 10 Feb 2024 16:57:43 +0100 Subject: [PATCH] Sync advisories ids from GitHub (#1881) --- crates/bcder/RUSTSEC-2023-0062.md | 2 +- crates/cocoon/RUSTSEC-2023-0068.md | 1 + crates/failure/RUSTSEC-2020-0036.md | 2 +- crates/ferris-says/RUSTSEC-2024-0001.md | 1 + crates/gix-transport/RUSTSEC-2023-0064.md | 1 + crates/h2/RUSTSEC-2024-0003.md | 1 + crates/inventory/RUSTSEC-2023-0057.md | 1 + crates/inventory/RUSTSEC-2023-0058.md | 1 + crates/lexical/RUSTSEC-2023-0055.md | 1 + crates/libpulse-binding/RUSTSEC-2018-0020.md | 2 +- crates/libwebp-sys/RUSTSEC-2023-0061.md | 2 +- crates/libwebp-sys2/RUSTSEC-2023-0060.md | 2 +- crates/openssl/RUSTSEC-2023-0072.md | 1 + crates/pleaser/RUSTSEC-2023-0066.md | 2 +- crates/quinn-proto/RUSTSEC-2023-0063.md | 2 +- crates/rosenpass/RUSTSEC-2023-0077.md | 1 + crates/rust-i18n-support/RUSTSEC-2024-0007.md | 1 + crates/self_cell/RUSTSEC-2023-0070.md | 1 + crates/socket2/RUSTSEC-2020-0079.md | 2 +- crates/svix/RUSTSEC-2024-0010.md | 1 + crates/threadalone/RUSTSEC-2024-0005.md | 1 + crates/tracing/RUSTSEC-2023-0078.md | 1 + crates/unsafe-libyaml/RUSTSEC-2023-0075.md | 1 + crates/users/RUSTSEC-2023-0059.md | 1 + crates/zerocopy/RUSTSEC-2023-0074.md | 1 + 25 files changed, 25 insertions(+), 8 deletions(-) diff --git a/crates/bcder/RUSTSEC-2023-0062.md b/crates/bcder/RUSTSEC-2023-0062.md index 4f82ee56..b26a69bd 100644 --- a/crates/bcder/RUSTSEC-2023-0062.md +++ b/crates/bcder/RUSTSEC-2023-0062.md @@ -6,7 +6,7 @@ date = "2023-09-13" url = "https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt" categories = ["denial-of-service"] keywords = ["example", "freeform", "keywords"] -aliases = ["CVE-2023-39914"] +aliases = ["CVE-2023-39914", "GHSA-6jmw-6mxw-w4jc"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" references = ["https://github.com/NLnetLabs/bcder/pull/74"] diff --git a/crates/cocoon/RUSTSEC-2023-0068.md b/crates/cocoon/RUSTSEC-2023-0068.md index e97cbcf6..5c210bf6 100644 --- a/crates/cocoon/RUSTSEC-2023-0068.md +++ b/crates/cocoon/RUSTSEC-2023-0068.md @@ -7,6 +7,7 @@ url = "https://github.com/fadeevab/cocoon/issues/22" categories = ["crypto-failure"] cvss = "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" keywords = ["nonce", "stream-cipher"] +aliases = ["GHSA-6878-6wc2-pf5h"] [affected.functions] "cocoon::Cocoon::encrypt" = ["<= 0.3.3"] diff --git a/crates/failure/RUSTSEC-2020-0036.md b/crates/failure/RUSTSEC-2020-0036.md index 4258d2fc..94d43adc 100644 --- a/crates/failure/RUSTSEC-2020-0036.md +++ b/crates/failure/RUSTSEC-2020-0036.md @@ -5,7 +5,7 @@ package = "failure" date = "2020-05-02" informational = "unmaintained" url = "https://github.com/rust-lang-nursery/failure/pull/347" -aliases = ["CVE-2020-25575", "GHSA-jq66-xh47-j9f3"] +aliases = ["CVE-2019-25010", "CVE-2020-25575", "GHSA-jq66-xh47-j9f3", "GHSA-r98r-j25q-rmpr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/ferris-says/RUSTSEC-2024-0001.md b/crates/ferris-says/RUSTSEC-2024-0001.md index a873b88e..39675e5b 100644 --- a/crates/ferris-says/RUSTSEC-2024-0001.md +++ b/crates/ferris-says/RUSTSEC-2024-0001.md @@ -5,6 +5,7 @@ package = "ferris-says" date = "2024-01-13" url = "https://github.com/rust-lang/ferris-says/pull/21" informational = "unsound" +aliases = ["GHSA-v363-rrf2-5fmj"] [versions] patched = [">= 0.3.1"] diff --git a/crates/gix-transport/RUSTSEC-2023-0064.md b/crates/gix-transport/RUSTSEC-2023-0064.md index b928bc1c..3dd8d044 100644 --- a/crates/gix-transport/RUSTSEC-2023-0064.md +++ b/crates/gix-transport/RUSTSEC-2023-0064.md @@ -6,6 +6,7 @@ date = "2023-09-23" url = "https://github.com/Byron/gitoxide/pull/1032" references = ["https://secure.phabricator.com/T12961"] categories = ["code-execution"] +aliases = ["GHSA-rrjw-j4m2-mf34"] [versions] patched = [">= 0.36.1"] ``` diff --git a/crates/h2/RUSTSEC-2024-0003.md b/crates/h2/RUSTSEC-2024-0003.md index d9392a86..adca9e3e 100644 --- a/crates/h2/RUSTSEC-2024-0003.md +++ b/crates/h2/RUSTSEC-2024-0003.md @@ -7,6 +7,7 @@ references = ["https://github.com/Netflix/security-bulletins/blob/master/advisor categories = ["denial-of-service"] keywords = ["http", "http2", "h2"] related = ["CVE-2019-9514"] +aliases = ["GHSA-8r5v-vm4m-4g25"] [versions] patched = ["^0.3.24", ">= 0.4.2"] diff --git a/crates/inventory/RUSTSEC-2023-0057.md b/crates/inventory/RUSTSEC-2023-0057.md index cc7335a5..baf8fd03 100644 --- a/crates/inventory/RUSTSEC-2023-0057.md +++ b/crates/inventory/RUSTSEC-2023-0057.md @@ -6,6 +6,7 @@ date = "2023-09-10" url = "https://github.com/dtolnay/inventory/pull/43" informational = "unsound" keywords = ["life-before-main"] +aliases = ["GHSA-ghc8-5cgm-5rpf"] [versions] patched = [">= 0.2.0"] diff --git a/crates/inventory/RUSTSEC-2023-0058.md b/crates/inventory/RUSTSEC-2023-0058.md index 68b38780..63e1854e 100644 --- a/crates/inventory/RUSTSEC-2023-0058.md +++ b/crates/inventory/RUSTSEC-2023-0058.md @@ -7,6 +7,7 @@ url = "https://github.com/dtolnay/inventory/pull/42" informational = "unsound" categories = ["thread-safety"] keywords = ["life-before-main"] +aliases = ["GHSA-36xm-35qq-795w"] [versions] patched = [">= 0.2.0"] diff --git a/crates/lexical/RUSTSEC-2023-0055.md b/crates/lexical/RUSTSEC-2023-0055.md index 7eec060c..9003a83f 100644 --- a/crates/lexical/RUSTSEC-2023-0055.md +++ b/crates/lexical/RUSTSEC-2023-0055.md @@ -5,6 +5,7 @@ package = "lexical" date = "2023-09-03" informational = "unsound" references = ["https://github.com/Alexhuszagh/rust-lexical/issues/102", "https://github.com/Alexhuszagh/rust-lexical/issues/101", "https://github.com/Alexhuszagh/rust-lexical/issues/95", "https://github.com/Alexhuszagh/rust-lexical/issues/104"] +aliases = ["GHSA-c2hm-mjxv-89r4"] [versions] patched = [] diff --git a/crates/libpulse-binding/RUSTSEC-2018-0020.md b/crates/libpulse-binding/RUSTSEC-2018-0020.md index 2699dad1..6cb95626 100644 --- a/crates/libpulse-binding/RUSTSEC-2018-0020.md +++ b/crates/libpulse-binding/RUSTSEC-2018-0020.md @@ -5,7 +5,7 @@ package = "libpulse-binding" date = "2018-12-22" url = "https://github.com/advisories/GHSA-6gvc-4jvj-pwq4" categories = ["memory-corruption"] -aliases = ["GHSA-6gvc-4jvj-pwq4", "CVE-2018-25001"] +aliases = ["CVE-2018-25001", "GHSA-6gvc-4jvj-pwq4", "GHSA-f56g-chqp-22m9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" [versions] diff --git a/crates/libwebp-sys/RUSTSEC-2023-0061.md b/crates/libwebp-sys/RUSTSEC-2023-0061.md index 719560f1..ca03b952 100644 --- a/crates/libwebp-sys/RUSTSEC-2023-0061.md +++ b/crates/libwebp-sys/RUSTSEC-2023-0061.md @@ -5,7 +5,7 @@ package = "libwebp-sys" date = "2023-09-12" categories = ["memory-corruption"] keywords = ["webp"] -aliases = ["CVE-2023-5129", "CVE-2023-4863"] +aliases = ["CVE-2023-4863", "CVE-2023-5129", "GHSA-j7hp-h8jx-5ppr"] [versions] patched = [">= 0.9.3"] diff --git a/crates/libwebp-sys2/RUSTSEC-2023-0060.md b/crates/libwebp-sys2/RUSTSEC-2023-0060.md index b976b3eb..e0b9a923 100644 --- a/crates/libwebp-sys2/RUSTSEC-2023-0060.md +++ b/crates/libwebp-sys2/RUSTSEC-2023-0060.md @@ -5,7 +5,7 @@ package = "libwebp-sys2" date = "2023-09-12" categories = ["memory-corruption"] keywords = ["webp"] -aliases = ["CVE-2023-5129", "CVE-2023-4863"] +aliases = ["CVE-2023-4863", "CVE-2023-5129", "GHSA-j7hp-h8jx-5ppr"] [versions] patched = [">= 0.1.8"] diff --git a/crates/openssl/RUSTSEC-2023-0072.md b/crates/openssl/RUSTSEC-2023-0072.md index e8e5836c..2fd35700 100644 --- a/crates/openssl/RUSTSEC-2023-0072.md +++ b/crates/openssl/RUSTSEC-2023-0072.md @@ -6,6 +6,7 @@ date = "2023-11-23" url = "https://github.com/sfackler/rust-openssl/issues/2096" informational = "unsound" categories = ["memory-corruption"] +aliases = ["GHSA-xphf-cx8h-7q9g"] [affected] functions = { "openssl::x509::store::X509StoreRef::objects" = ["< 0.10.60, >=0.10.29"] } diff --git a/crates/pleaser/RUSTSEC-2023-0066.md b/crates/pleaser/RUSTSEC-2023-0066.md index 4360c80c..4006f438 100644 --- a/crates/pleaser/RUSTSEC-2023-0066.md +++ b/crates/pleaser/RUSTSEC-2023-0066.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0066" package = "pleaser" -aliases = ["CVE-2023-46277"] +aliases = ["CVE-2023-46277", "GHSA-cgf8-h3fp-h956"] date = "2023-04-29" url = "https://gitlab.com/edneville/please/-/issues/13" categories = ["privilege-escalation"] diff --git a/crates/quinn-proto/RUSTSEC-2023-0063.md b/crates/quinn-proto/RUSTSEC-2023-0063.md index 1767af97..93aae4cd 100644 --- a/crates/quinn-proto/RUSTSEC-2023-0063.md +++ b/crates/quinn-proto/RUSTSEC-2023-0063.md @@ -6,7 +6,7 @@ date = "2023-09-21" url = "https://github.com/quinn-rs/quinn/pull/1667" categories = ["denial-of-service"] keywords = ["panic"] -aliases = ["GHSA-q8wc-j5m9-27w3"] +aliases = ["CVE-2023-42805", "GHSA-q8wc-j5m9-27w3"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/rosenpass/RUSTSEC-2023-0077.md b/crates/rosenpass/RUSTSEC-2023-0077.md index d9f3222d..b43af7bc 100644 --- a/crates/rosenpass/RUSTSEC-2023-0077.md +++ b/crates/rosenpass/RUSTSEC-2023-0077.md @@ -7,6 +7,7 @@ references = ["https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b categories = ["denial-of-service"] keywords = ["remote", "single-byte"] license = "CC0-1.0" +aliases = ["GHSA-6ggr-cwv4-g7qg"] [versions] patched = [">= 0.2.1"] diff --git a/crates/rust-i18n-support/RUSTSEC-2024-0007.md b/crates/rust-i18n-support/RUSTSEC-2024-0007.md index a95df880..c4652a81 100644 --- a/crates/rust-i18n-support/RUSTSEC-2024-0007.md +++ b/crates/rust-i18n-support/RUSTSEC-2024-0007.md @@ -10,6 +10,7 @@ references = [ "https://github.com/longbridgeapp/rust-i18n/pull/72", "https://github.com/longbridgeapp/rust-i18n/releases/tag/v3.0.1", ] +aliases = ["GHSA-c8v3-jhv9-4ppc"] [affected] functions = { "rust_i18n_support::AtomicStr::as_str" = ["< 3.0.1, >= 3.0.0"] } diff --git a/crates/self_cell/RUSTSEC-2023-0070.md b/crates/self_cell/RUSTSEC-2023-0070.md index 97866c37..c74a25c6 100644 --- a/crates/self_cell/RUSTSEC-2023-0070.md +++ b/crates/self_cell/RUSTSEC-2023-0070.md @@ -6,6 +6,7 @@ date = "2023-11-10" url = "https://github.com/Voultapher/self_cell/issues/49" categories = [] keywords = ["unsound", "self_cell", "self-referential"] +aliases = ["GHSA-48m6-wm5p-rr6h"] [versions] patched = [">= 0.10.3, < 1.0.0", ">= 1.0.2"] diff --git a/crates/socket2/RUSTSEC-2020-0079.md b/crates/socket2/RUSTSEC-2020-0079.md index f085cc9a..e7747867 100644 --- a/crates/socket2/RUSTSEC-2020-0079.md +++ b/crates/socket2/RUSTSEC-2020-0079.md @@ -6,7 +6,7 @@ date = "2020-11-06" url = "https://github.com/rust-lang/socket2-rs/issues/119" keywords = ["memory", "layout", "cast"] informational = "unsound" -aliases = ["CVE-2020-35920", "GHSA-458v-4hrf-g3m4"] +aliases = ["CVE-2020-35919", "CVE-2020-35920", "GHSA-458v-4hrf-g3m4", "GHSA-c79c-gwph-gqfm"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/svix/RUSTSEC-2024-0010.md b/crates/svix/RUSTSEC-2024-0010.md index bfedf58a..5a5e1ef3 100644 --- a/crates/svix/RUSTSEC-2024-0010.md +++ b/crates/svix/RUSTSEC-2024-0010.md @@ -5,6 +5,7 @@ package = "svix" date = "2024-02-06" url = "https://github.com/svix/svix-webhooks/pull/1190" categories = ["crypto-failure"] +aliases = ["GHSA-w277-wpqf-rcfv"] [affected] functions = { "svix::webhooks::Webhook::verify" = ["< 1.17.0"] } diff --git a/crates/threadalone/RUSTSEC-2024-0005.md b/crates/threadalone/RUSTSEC-2024-0005.md index 71e98f90..9f2714af 100644 --- a/crates/threadalone/RUSTSEC-2024-0005.md +++ b/crates/threadalone/RUSTSEC-2024-0005.md @@ -5,6 +5,7 @@ package = "threadalone" date = "2024-01-07" url = "https://github.com/cr0sh/threadalone/issues/1" informational = "unsound" +aliases = ["GHSA-w59h-378f-2frm"] [versions] patched = [">= 0.2.1"] diff --git a/crates/tracing/RUSTSEC-2023-0078.md b/crates/tracing/RUSTSEC-2023-0078.md index 8f54d208..f1146e36 100644 --- a/crates/tracing/RUSTSEC-2023-0078.md +++ b/crates/tracing/RUSTSEC-2023-0078.md @@ -7,6 +7,7 @@ url = "https://github.com/tokio-rs/tracing/pull/2765" informational = "unsound" categories = ["memory-corruption"] keywords = ["use-after-free"] +aliases = ["GHSA-8f24-6m29-wm2r"] [versions] patched = [">= 0.1.40"] diff --git a/crates/unsafe-libyaml/RUSTSEC-2023-0075.md b/crates/unsafe-libyaml/RUSTSEC-2023-0075.md index 7f1dfe2e..ec32d77c 100644 --- a/crates/unsafe-libyaml/RUSTSEC-2023-0075.md +++ b/crates/unsafe-libyaml/RUSTSEC-2023-0075.md @@ -6,6 +6,7 @@ date = "2023-12-20" url = "https://github.com/dtolnay/unsafe-libyaml/issues/21" informational = "unsound" keywords = ["unaligned-write"] +aliases = ["GHSA-r24f-hg58-vfrw"] [versions] patched = [">= 0.2.10"] diff --git a/crates/users/RUSTSEC-2023-0059.md b/crates/users/RUSTSEC-2023-0059.md index ce93590f..6886a3ff 100644 --- a/crates/users/RUSTSEC-2023-0059.md +++ b/crates/users/RUSTSEC-2023-0059.md @@ -6,6 +6,7 @@ date = "2023-09-10" url = "https://github.com/ogham/rust-users/issues/55" informational = "unsound" keywords = ["unaligned-read"] +aliases = ["GHSA-jcr6-4frq-9gjj"] [versions] patched = [] diff --git a/crates/zerocopy/RUSTSEC-2023-0074.md b/crates/zerocopy/RUSTSEC-2023-0074.md index e562ab7c..6bc9db6d 100644 --- a/crates/zerocopy/RUSTSEC-2023-0074.md +++ b/crates/zerocopy/RUSTSEC-2023-0074.md @@ -5,6 +5,7 @@ package = "zerocopy" date = "2023-12-14" url = "https://github.com/google/zerocopy/issues/716" keywords = ["ref", "refcell", "mutable-aliasing"] +aliases = ["GHSA-3mv5-343c-w2qg", "GHSA-rjhf-4mh8-9xjq"] [versions] patched = [">= 0.2.9, < 0.3.0", ">= 0.3.2, < 0.4.0", ">= 0.4.1, < 0.5.0", ">= 0.5.2, < 0.6.0", ">= 0.6.6, < 0.7.0", ">= 0.7.31"]