rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Assigned RUSTSEC-2025-0049 to scratchpad

Browse Source
This commit is contained in:
djc
2025-08-14 20:02:51 +00:00
committed by Dirkjan Ochtman
parent 9b3641d0aa
commit e8656e02cf
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.duplicate-id-guard
View File

@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
c788452a808a15d2f251bed2bc2ec3aad3a301f9725002e66d543b06e1ea539b -
dc84b9d1d5f819b0c78d4b6706517a45192b3f718a3913c536befd773e854a57 -

4
crates/scratchpad/RUSTSEC-0000-0000.md → crates/scratchpad/RUSTSEC-2025-0049.md
View File

@@ -1,6 +1,6 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
id = "RUSTSEC-2025-0049"
package = "scratchpad"
date = "2025-08-14"
@@ -22,4 +22,4 @@ The `get` and `set` methods of the public trait `scratchpad::Tracking` interact
This becomes problematic because even safe implementations of `get` and `set`-written without using any unsafe code-can still result in ill-formed raw pointers. These pointers may later be dereferenced within safe APIs of the crate (e.g., `marker::MarkerBack::allocate_slice_copy`), potentially leading to arbitrary memory access or heap buffer overflows.
According to the [penultimate commit](https://github.com/okready/scratchpad/commit/957dee1a3902f48600b06910e8e0b1d5ee7dab83), the crate is in maintenance mode awaiting a cleanup that will reduce the area of unsafe code. Note that the last commits to the repository are from 4 years ago.
According to the [penultimate commit](https://github.com/okready/scratchpad/commit/957dee1a3902f48600b06910e8e0b1d5ee7dab83), the crate is in maintenance mode awaiting a cleanup that will reduce the area of unsafe code. Note that the last commits to the repository are from 4 years ago.