rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,361 Commits 21 Branches 0 Tags
Shnatsel-patch-1
Commit Graph

2361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey "Shnatsel" Davidoff
f5e4690ee4 Fix [affected.functions] in gix-worktree-state advisory 
I clicked "merge" too quickly, oops
 2025-01-18 21:23:24 +00:00
Eliah Kagan
ee2897e7de Advisory for CVE-2025-22620 (chmod 777) in gix-worktree-state (#2193) 
This adds a notice for CVE-2025-22620 (GHSA-fqmf-w4xh-33rh) in
`gix-worktree-state`.
 2025-01-18 21:21:16 +00:00
github-actions[bot]
63a2f39924 Assigned RUSTSEC-2024-0432 to rage, RUSTSEC-2024-0433 to age (#2186) 
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
 2025-01-03 11:23:54 -07:00
Jack Grigg
40c500b995 Add advisory for rage plugin name vulnerability (GHSA-4fg7-vxc8-qx5w) (#2170) 
* Add advisory for rage plugin name vulnerability (GHSA-4fg7-vxc8-qx5w)
* Update example syntax for `[affected.functions]` table
 2025-01-03 11:21:54 -07:00
github-actions[bot]
3c6d3186ab Assigned RUSTSEC-2024-0431 to xous (#2184) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-28 17:54:04 +00:00
Rafael
8e49577153 Report unsoundness of xous (#2179) 2024-12-28 17:50:19 +00:00
github-actions[bot]
bac14a97e3 Assigned RUSTSEC-2024-0430 to magic-crypt (#2183) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-28 17:33:55 +00:00
frozolotl
322dd9fa0a Report insecure cryptography in magic-crypt (#2181) 2024-12-28 17:32:43 +00:00
github-actions[bot]
b02b7ca7c9 Assigned RUSTSEC-2024-0429 to glib (#2177) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-23 13:51:50 +00:00
Fabio Valentini
fdbeba5e60 Report UB in glib::VariantStrIter::impl_get in glib < 0.20.0 (#2176) 2024-12-23 13:51:26 +00:00
github-actions[bot]
8737f2a942 Assigned RUSTSEC-2024-0424 to libafl, RUSTSEC-2024-0425 to get-size, RUSTSEC-2024-0426 to spl-token-swap, RUSTSEC-2024-0427 to get-size-derive, RUSTSEC-2024-0428 to kvm-ioctls (#2175) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-22 09:01:06 +00:00
Nicolas
6efd56a717 Add unmaintained advisories (#2079) 
* Add unmaintained advisories

* fix review findings & add typesize as alternative
 2024-12-22 09:00:36 +00:00
Riccardo Mancini
2ed96abf97 Add advisory for unsound problems in kvm-ioctls (#2174) 
Signed-off-by: Riccardo Mancini <mancio@amazon.com>
Co-authored-by: Patrick Roy <roypat@amazon.com>
 2024-12-22 09:00:08 +00:00
Rafael
9e1235afe1 Report unsoundness and patch in libafl (#2171) 
* Report unsoundness and patch in libafl

* [libafl] fix error format

* Change std::slice to core::slice
 2024-12-22 08:58:15 +00:00
Rafael
7c3ff6f0e9 Report unsoundness in Solana/spl-token-swap (#2173) 
* Report unsoundness in Solana/spl-token-swap

* fix error format
 2024-12-22 08:56:35 +00:00
github-actions[bot]
ec9ce28714 Assigned RUSTSEC-2024-0422 to gtk-layer-shell, RUSTSEC-2024-0423 to gtk-layer-shell-sys (#2168) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-09 13:12:34 +00:00
pentamassiv
50a44d4455 Add advisories for unmaintained gtk-layer-shell GTK3 bindings (#2167) 2024-12-09 13:10:35 +00:00
github-actions[bot]
e9a7b87036 Assigned RUSTSEC-2024-0421 to idna (#2166) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-09 12:29:25 +00:00
github-actions[bot]
23770f40d6 Assigned RUSTSEC-2024-0410 to gdkwayland, RUSTSEC-2024-0411 to gdkwayland-sys, RUSTSEC-2024-0412 to gdk, RUSTSEC-2024-0413 to atk, RUSTSEC-2024-0414 to gdkx11-sys, RUSTSEC-2024-0415 to gtk, RUSTSEC-2024-0416 to atk-sys, RUSTSEC-2024-0417 to gdkx11, RUSTSEC-2024-0418 to gdk-sys, RUSTSEC-2024-0419 to gtk3-macros, RUSTSEC-2024-0420 to gtk-sys (#2165) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-09 12:29:00 +00:00
Henri Sivonen
d6be205e4b idna accepts Punycode labels that do not produce any non-ASCII when decoded (#2163) 2024-12-09 12:28:49 +00:00
Sebastian Dröge
d6aa1d0ba7 Add advisories for unmaintained gtk-rs GTK3 bindings (#2164) 2024-12-09 12:27:21 +00:00
github-actions[bot]
463107188f Assigned RUSTSEC-2024-0408 to pprof, RUSTSEC-2024-0409 to pyo3 (#2161) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-05 04:00:56 +00:00
Rafael
124289b058 Report unsoundness in pprof (#2160) 
* report unsoundness in pprof

* report unsoundness in pprof

* report unsoundness in pprof

* report unsoundness in pprof
 2024-12-05 04:00:01 +00:00
David Hewitt
9498cb55e4 report build corruption in PyO3 0.23 (#2159) 
* report build corruption in PyO3 0.23

* Update crates/pyo3/RUSTSEC-0000-0000.md

Co-authored-by: Kornel <kornel@geekhood.net>

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
Co-authored-by: Kornel <kornel@geekhood.net>
 2024-12-05 03:59:48 +00:00
github-actions[bot]
f34e88949c Assigned RUSTSEC-2017-0008 to serial (#2158) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 13:14:28 +00:00
solomoncyj
ab481475e9 report serial crates as unmaintained (#2103) 
* add crate serial

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Apply suggestions from code review

Co-authored-by: Frank Elsinga <frank@elsinga.de>

---------

Co-authored-by: Frank Elsinga <frank@elsinga.de>
 2024-12-04 13:13:35 +00:00
Tobias Bieniek
1fce689aa0 RUSTSEC-2024-0402: Fix unaffected declaration (#2157) 2024-12-04 13:05:04 +00:00
github-actions[bot]
0c4013b598 Assigned RUSTSEC-2020-0169 to multi_mut (#2156) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 12:55:45 +00:00
pinkforest(she/her)
ec8a8485d2 Add unmaintained multi_mut (#1553) 
* Add multi_mut

* switch from unmaintained to unsound as the stronger issue type

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-12-04 12:54:41 +00:00
github-actions[bot]
6be9287822 Assigned RUSTSEC-2024-0406 to ic-stable-structures, RUSTSEC-2024-0407 to linkme (#2155) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 12:44:24 +00:00
David Tolnay
21b0e0a53e Linkme is unsound (coercion fools typecheck) (#1917) 2024-12-04 12:43:07 +00:00
venkkatesh-sekar
df039a7b42 Add advisory for memory leak in ic-stable-structures (#1969) 
* Add advisory

* adapt review
 2024-12-04 12:42:18 +00:00
github-actions[bot]
34a9f08643 Assigned RUSTSEC-2024-0403 to js-sandbox, RUSTSEC-2024-0404 to anstream, RUSTSEC-2024-0405 to rustyscript (#2154) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 12:39:59 +00:00
Richard Carson
f458c7c093 Vulnerability: The deno_core exposes an op_panic in the base runtime which can force a panic in the runtime's containing thread (#2017) 
* Add deno_core::op_panic vuln

* Fix format

* Fix format

* Crate name

* Crate name

* Fix versions
 2024-12-04 12:38:12 +00:00
Alexander Kjäll
08da351294 add information about unsoundness issue in anstream, found here: https://github.com/rust-cli/anstyle/issues/156 (#2075) 2024-12-04 12:37:47 +00:00
github-actions[bot]
1cd85807ad Assigned RUSTSEC-2024-0402 to hashbrown (#2153) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 12:32:58 +00:00
Luke Parker
3cb0a91f7a Add disclosure for hasbrown's borsh encoding (#2100) 
* Add disclosure for hasbrown's borsh encoding

* Remove when hashbrown was patched

It's unclear with what version it will be and when it will be. I'd prefer to make this valid and file-able now than risk someone starting to use this functionality (which will make removing it more complicated).

* Update RUSTSEC-0000-0000.md

* Be more specific regarding affected
 2024-12-04 12:19:43 +00:00
github-actions[bot]
7c294ea340 Assigned RUSTSEC-2024-0401 to zlib-rs (#2152) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-12-04 12:13:35 +00:00
Ruben Nijveld
928b5f4ff9 Stack overflow during decompression with malicious input in zlib-rs (#2133) 2024-12-04 12:09:49 +00:00
github-actions[bot]
9dc4a0bb10 Assigned RUSTSEC-2024-0400 to ruzstd (#2148) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-11-28 18:48:40 +00:00
Paolo Barbolini
c91b809082 Add ruzstd uninit/out-of-bounds memory reads advisory (#2147) 
* Add ruzstd uninit/out-of-bounds reads advisory

* Update description with impact analysis from the maintainer

* fix typo

Co-authored-by: Paolo Barbolini <paolo@paolo565.org>

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-11-28 18:47:11 +00:00
Conrad Ludgate
4676c5529d Fix unaffected version in RUSTSEC-2024-0399.md (#2144) 2024-11-25 11:27:40 +01:00
github-actions[bot]
c6c3669120 Assigned RUSTSEC-2024-0399 to rustls (#2143) 
Co-authored-by: amousset <329388+amousset@users.noreply.github.com>
 2024-11-25 10:07:18 +01:00
Joe Birr-Pixton
37eb6a0218 Add rustls acceptor panic (#2142) 2024-11-25 10:06:55 +01:00
github-actions[bot]
8e353a172f Assigned RUSTSEC-2024-0398 to sharks (#2137) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2024-11-17 01:48:27 +00:00
Ryan
874d406369 Add potential secret leak for sharks crate (#2136) 
* Add potential secret leak for sharks crate

* drop comments

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-11-17 01:28:19 +00:00
Alexis Mousset
509528f677 Fix typo in chrono-english advisory (#2129) 2024-11-10 21:38:56 +01:00
github-actions[bot]
119e67a53f Assigned RUSTSEC-2023-0088 to loopdev (#2128) 
Co-authored-by: amousset <329388+amousset@users.noreply.github.com>
 2024-11-10 17:18:40 +01:00
mulkieran
295c722c57 File unmaintained advisory for loopdev (#1940) 2024-11-10 17:17:31 +01:00
github-actions[bot]
256dbf5a6f Assigned RUSTSEC-2022-0094 to mimalloc (#2127) 
Co-authored-by: amousset <329388+amousset@users.noreply.github.com>
 2024-11-10 16:44:22 +01:00