rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-28 05:32:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,824 Commits 21 Branches 0 Tags
alex-patch-1
Commit Graph

1824 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Gaynor
8ed8e5c43c update GHA syntax for deprecation 
see https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2022-12-23 08:58:29 -05:00
github-actions[bot]
2b64ec8831 Assigned RUSTSEC-2022-0072 to hyper-staticfile (#1500) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2022-12-23 08:57:25 -05:00
Stéphan Kochen
23543c1ad1 Add open redirect issue in hyper-staticfile (#1499) 2022-12-23 08:56:26 -05:00
github-actions[bot]
2addcf1133 Assigned RUSTSEC-2022-0071 to rusoto_credential (#1495) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-12-18 23:08:00 +11:00
iliana etaoin
7cf8350894 Add unmaintained rusoto_credential (#1494) 
Rusoto has been deprecated for a while; this is a more formalized notice
of such. `rusoto_credential` is the most fundamental crate in the tree.
 2022-12-18 23:05:06 +11:00
github-actions[bot]
0a2faeb871 Assigned RUSTSEC-2022-0070 to secp256k1 (#1481) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-12-07 23:29:52 +01:00
Martin Habovštiak
3be728db50 Add soundness bug in secp256k1 API (#1480) 
* Add soundness bug in `secp256k1` API

Summary: Unsound API in `secp256k1` allows use-after-free and invalid
deallocation from safe code. This was fixed and backported to multiple
versions.

* Set `date` to the date of the original disclosure

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-12-07 23:28:57 +01:00
github-actions[bot]
b80f8edaa7 Assigned RUSTSEC-2022-0069 to hyper-staticfile (#1478) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-11-30 23:21:18 +01:00
Stéphan Kochen
b899cefba0 Add hyper-staticfile file disclosure on Windows (#1475) 
* Add hyper-staticfile file disclosure on Windows

* Fix version specification

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-11-30 23:20:13 +01:00
github-actions[bot]
3ce39c743d Assigned RUSTSEC-2022-0068 to capnp (#1477) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-11-30 23:16:39 +01:00
David Renshaw
42b34df60b add capnp bug: CVE-2022-46149 (#1476) 
* add capnp bug: CVE-2022-46149

* change canonical URL, add references and aliases

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2022-11-30 23:15:35 +01:00
Brandon Dyer
a66a3049c9 Patched slock (#1472) 2022-11-27 14:35:30 +01:00
github-actions[bot]
d339676e47 Assigned RUSTSEC-2021-0145 to atty (#1470) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-11-22 19:51:39 +11:00
niluxv
610c537916 Add atty potential unsoundness (unaligned read) advisory (#1462) 
Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-11-22 19:42:13 +11:00
Alexis Mousset
92a6db9442 Update to cargo-admin 0.8.4 (#1469) 2022-11-19 17:56:18 +01:00
github-actions[bot]
0608c47076 Assigned RUSTSEC-2022-0067 to lzf (#1466) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-11-07 16:39:46 +11:00
Jan-Erik Rediger
c7e3a0aadd Add lzf use-of-uninitialized-value advisory (#1465) 
Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
Co-authored-by: Ben Kimock <kimockb@gmail.com>
 2022-11-07 16:38:48 +11:00
Sergey "Shnatsel" Davidoff
e3e6897754 Update RUSTSEC-2019-0024.md (#1464) 2022-11-05 18:45:24 +01:00
Sergey "Shnatsel" Davidoff
513609341f Update CODE_OF_CONDUCT.md (#1463) 2022-11-05 01:23:27 +01:00
Sergey "Shnatsel" Davidoff
fba5b61dfc Bump rustsec-admin to 0.8.3 (#1460) 2022-11-03 22:16:21 +01:00
github-actions[bot]
ad63e1dd8b Assigned RUSTSEC-2022-0066 to conduit-hyper (#1458) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-11-03 09:38:38 +11:00
Josh Stone
ee46afab28 Add conduit-hyper CVE-2022-39294 (#1456) 2022-11-03 09:38:07 +11:00
github-actions[bot]
abbe27e129 Assigned RUSTSEC-2022-0065 to openssl-src (#1455) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-11-01 18:11:10 +01:00
Alexis Mousset
abffa94fe3 CVE-2022-3786 in openssl (#1453) 2022-11-01 18:10:41 +01:00
github-actions[bot]
881dfb7ce4 Assigned RUSTSEC-2022-0064 to openssl-src (#1454) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-11-01 13:10:23 -04:00
Alexis Mousset
678af8fd31 CVE-2022-3602 in openssl (#1452) 2022-11-01 18:09:50 +01:00
github-actions[bot]
9e50517457 Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-10-30 16:54:13 +01:00
Alex Martens
6a06cf8571 Add CVE-2022-36086 for linked_list_allocator (#1448) 2022-10-30 16:53:16 +01:00
github-actions[bot]
fe7b79e8eb Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2022-10-24 13:22:39 +02:00
Jonas Platte
e40084b1a7 Add advisory for logging of access tokens in matrix-sdk (#1444) 2022-10-24 13:21:43 +02:00
github-actions[bot]
6a422853c0 Assigned RUSTSEC-2022-0061 to parity-wasm (#1443) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-10-23 22:05:06 +11:00
Alexander Theißen
cdcbc33c58 Add unmaintained parity-wasm (#1441) 2022-10-23 22:04:08 +11:00
github-actions[bot]
1736a7bd7c Assigned RUSTSEC-2022-0060 to orbtk (#1440) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-10-19 12:14:12 +11:00
Nagy Tibor
6eb52ef209 Add unmaintained orbtk (#1436) 2022-10-19 12:13:22 +11:00
Raphael Taylor-Davies
59f63ab58c Update RUSTSEC-2021-0122 (#1439) 2022-10-18 23:36:54 +02:00
github-actions[bot]
2418d0b0db Assigned RUSTSEC-2022-0059 to openssl-src (#1434) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2022-10-11 23:01:06 +02:00
Alexis Mousset
99a38655e4 Add CVE-2022-3358 for openssl-src (#1433) 2022-10-11 22:57:46 +02:00
github-actions[bot]
842d34ee7b Assigned RUSTSEC-2022-0058 to inconceivable (#1432) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-10-11 21:32:22 +11:00
Ralf Jung
2baed2be40 Add notice inconceivable (#1430) 2022-10-11 21:31:30 +11:00
github-actions[bot]
222ccf84ef Assigned RUSTSEC-2022-0057 to badge (#1431) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-10-04 14:12:52 +02:00
Valentin Brandl
db48ddc2a3 Add unmaintained badge (#1428) 2022-10-04 18:46:03 +11:00
github-actions[bot]
c83c210200 Assigned RUSTSEC-2022-0056 to clipboard (#1425) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-09-24 21:52:27 +10:00
ComplexSpaces
c8981d883d Add unmaintained clipboard (#1267) 2022-09-24 21:51:53 +10:00
pinkforest(she/her)
a25cb0b593 Fix informational footnote wording (#1420) 
* Fix informational wording

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Remove redundant confusing footnote

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-09-17 19:27:06 +02:00
Nemo157
e01a455b26 Add stylish as ansi_term alternative (#1421) 2022-09-18 00:06:50 +10:00
github-actions[bot]
3a635d3a08 Assigned RUSTSEC-2022-0055 to axum-core (#1419) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-09-13 10:41:23 +10:00
David Pedersen
42bea97b0d Add axum-core DoS (#1417) 2022-09-13 10:40:55 +10:00
github-actions[bot]
57117194f0 Assigned RUSTSEC-2021-0144 to traitobject (#1415) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-09-08 21:04:41 +10:00
pinkforest(she/her)
bcf622dc10 Add unmaintained traitobject (#1390) 2022-09-08 21:04:10 +10:00
github-actions[bot]
2df5a37a35 Assigned RUSTSEC-2019-0039 to typemap (#1414) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2022-09-08 21:03:53 +10:00