rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

14 Commits

Author SHA1 Message Date
Alexis Mousset
84c633df9c Update aliases from GHSA OSV export (#1693) 2023-06-13 15:10:24 +02:00
Alexis Mousset
8c05fea5fa Add cvss information from nvd (#1085) 2021-10-19 16:14:35 -06:00
Alexis Mousset
e9382c8680 Fix typos in advisories (#976) 2021-08-21 19:18:11 -06:00
Yechan Bae
b08a98acc7 Fix typo in http CVE number (#564) 2021-01-15 07:32:15 -08:00
Yechan Bae
846dfb93a3 Update CVE numbers (#542) 2021-01-04 09:02:59 -08:00
Tony Arcieri
ac125ee29a Translate database into V3 advisory format (#420) 
As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.
 2020-10-01 18:29:11 -07:00
Alexander Kjäll
a14637fe62 added CVE number CVE-2020-25574 (#385) 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25574
 2020-09-19 11:03:04 -04:00
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Roy Wellington Ⅳ
200651cff2 Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 
I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: https://github.com/hyperium/http/issues/352
In that bug, the fixing PR was https://github.com/hyperium/http/pull/360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: 81ceb611cf

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http #354 and http #355.

For the first: the issue: https://github.com/hyperium/http/issues/354
In that bug, the fixing PR was https://github.com/hyperium/http/pull/357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: 82d53dbdfd

For the second: the issue: https://github.com/hyperium/http/issues/355
In that bug, the fixing PR was https://github.com/hyperium/http/pull/362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: 8ffe094df1
 2020-01-09 12:20:27 -05:00
Tony Arcieri
526892a193 Assign RUSTSEC-2019-0034 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/218
 2020-01-09 11:24:52 -05:00
Tony Arcieri
52e0b4e186 Merge branch 'master' into http2 2020-01-09 10:49:26 -05:00
Tony Arcieri
0e59ecb72d Assign RUSTSEC-2019-0033 to http 
Original PR: https://github.com/RustSec/advisory-db/pull/217
 2020-01-09 10:37:55 -05:00
Yechan Bae
ba2df66b30 hyperium/http/issues/354,355 2020-01-09 00:48:06 -05:00
Yechan Bae
36b8de692c hyperium/http/issues/352 2020-01-09 00:45:59 -05:00