rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

2652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Arcieri
e4f5f2a627 Merge pull request #101 from RustSec/RUSTSEC-2019-0003/fix-date 
RUSTSEC-2019-0003: Fix date
 2019-05-19 17:05:10 -07:00
Tony Arcieri
c300327fd6 RUSTSEC-2019-0003: Fix date 
Mistakenly logged as 2018
 2019-05-19 16:51:18 -07:00
Tony Arcieri
39300b6c6d Merge pull request #100 from oherrala/rustsec-2019-0003 
protobuf 2.6.0 and 1.7.5 released with fix to RUSTSEC-2019-0003
 2019-05-19 16:50:56 -07:00
Ossi Herrala
bfc6f36d20 protobuf 2.6.0 and 1.7.5 released with fix to this issue 2019-05-20 01:29:27 +03:00
Tony Arcieri
0854d2baee Merge pull request #99 from RustSec/RUSTSEC-2019-0003+0004 
Assign RUSTSEC-2019-0003 to protobuf; -0004 to libp2p-core
 2019-05-15 14:01:40 -07:00
Tony Arcieri
58a4d5b2a2 Assign RUSTSEC-2019-0004 to libp2p-core 2019-05-15 13:41:19 -07:00
Tony Arcieri
ec1cf8ffb1 Assign RUSTSEC-2019-0003 to protobuf 2019-05-15 13:40:57 -07:00
Tony Arcieri
c1da669027 Merge pull request #98 from tomaka/libp2p-oops 
Add libp2p ed25519 signature verification failure
 2019-05-15 13:12:52 -07:00
Pierre Krieger
924dd24c23 Add libp2p ed25519 signature verification failure 2019-05-15 21:31:10 +02:00
Tony Arcieri
c6e83777b7 Merge pull request #97 from gedigi/master 
Add protobuf out-of-memory vulnerability
 2019-05-15 10:09:28 -07:00
Gerardo Di Giacomo
1a8bf5bc41 fixed key name 2019-05-15 09:30:53 -07:00
Gerardo Di Giacomo
f97b9a0ad3 Update RUSTSEC-0000-0000.toml 2019-05-14 19:44:00 -07:00
Gerardo Di Giacomo
2885752bf5 Add protobuf out-of-memory vulnerability 2019-05-14 19:35:30 -07:00
Tony Arcieri
4c3b28dbac Merge pull request #96 from RustSec/RUSTSEC-2019-0002 
Assign RUSTSEC-2019-0002 to slice-deque
 2019-05-07 12:18:12 -07:00
Tony Arcieri
f14a0d9738 Assign RUSTSEC-2019-0002 to slice-deque 2019-05-07 12:13:52 -07:00
Tony Arcieri
797320c42e Merge pull request #95 from gnzlbg/slice_deq2 
Add advisory for slice-deque
 2019-05-07 12:11:51 -07:00
gnzlbg
7412cdbd7f Fix file name 2019-05-07 19:39:14 +02:00
gnzlbg
7de8dba6b5 Add advisory for slice-deque 2019-05-07 19:30:37 +02:00
Tony Arcieri
ebc7ba3c40 Merge pull request #94 from RustSec/RUSTSEC-2019-0001 
Assign RUSTSEC-2019-0001 to ammonia
 2019-05-04 16:51:28 -07:00
Tony Arcieri
75a40b530a Assign RUSTSEC-2019-0001 to ammonia 
Original PR: https://github.com/RustSec/advisory-db/pull/93
 2019-05-04 16:39:43 -07:00
Tony Arcieri
3c358f67c1 Merge pull request #93 from xfix/ammonia-advisory 
Add advisory for ammonia
 2019-05-04 16:32:32 -07:00
Konrad Borowski
aaf99ec45d Add advisory for ammonia 2019-04-28 15:06:27 +02:00
Tony Arcieri
a8e2ec82ee Merge pull request #91 from RustSec/RUSTSEC-2018-0013 
Assign RUSTSEC-2018-0013 to safe-transmute
 2019-03-03 08:20:20 -08:00
Tony Arcieri
bf5fbb02da Assign RUSTSEC-2018-0013 to safe-transmute 
Original PR: https://github.com/RustSec/advisory-db/pull/89
 2019-03-03 08:15:26 -08:00
Tony Arcieri
6c769769c8 Merge pull request #89 from nabijaczleweli/master 
safe-transmute's vec-to-vec transmutations could lead to heap overflow/corruption
 2019-03-03 07:14:53 -08:00
nabijaczleweli
b34dcfbeaf Optimisation in the wake of lack of docuemntation 2019-03-02 21:08:30 +01:00
nabijaczleweli
0eb9b4e364 Split affected_paths 2019-03-02 20:39:10 +01:00
nabijaczleweli
103630159d Replace affected_functions with affected_paths 2019-03-02 18:49:14 +01:00
nabijaczleweli
3a073396ba Add safe_transmute vec2vec transmutation bug 
Ref: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
 2019-03-02 17:32:29 +01:00
Tony Arcieri
bf2763b2dd Merge pull request #88 from RustSec/RUSTSEC-2018-0012 
Assign RUSTSEC-2018-0012 to orion
 2019-02-14 07:26:41 -08:00
Tony Arcieri
5ffa5a8861 Assign RUSTSEC-2018-0012 to orion 
Original PR: https://github.com/RustSec/advisory-db/pull/87
 2019-02-13 16:31:27 -08:00
Tony Arcieri
98d6dd83dd Merge pull request #87 from brycx/orion 
Add orion logicbug
 2019-02-13 16:29:06 -08:00
brycx
0ce0b2bb0f Add orion advisory 2019-02-12 09:14:33 +01:00
Tony Arcieri
7005341641 Merge pull request #86 from RustSec/rustsec/v0.11.0 
Update to 'rustsec' crate v0.11
 2019-01-13 18:00:45 -08:00
Tony Arcieri
cb4f7d11af lint: Check that affected_paths start with crate name 
Uses the crate name as fetched from the crates.io API to ensure all
`affected_paths` begin with the crate name (i.e. are canonical)
 2019-01-13 17:53:43 -08:00
Tony Arcieri
927a5e314b Update to 'rustsec' crate v0.11 2019-01-13 17:49:20 -08:00
Tony Arcieri
782efebde9 Revert "Add affected functions to legacy security warnings (#83)" 
This reverts commit 0a981e2b6f.

These now need to use the new `affected_paths` attribute, which has a
different (VersionReq-bucketed) format.
 2019-01-13 17:31:25 -08:00
Tony Arcieri
59ea63710e README.md: Bump maintained date 2019-01-13 17:31:01 -08:00
Tony Arcieri
ced185dcc3 Merge pull request #84 from RustSec/resign-merge-commit 
README.md: Bump maintained date
 2018-12-21 06:34:03 -08:00
Tony Arcieri
7caafae73b README.md: Bump maintained date 
This is largely to work around the following:

```
$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
error: couldn't fetch advisory database: git operation failed: no signature on commit 0a981e2b6f: Add affected functions to legacy security warnings (#83) (Moritz Beller <Inventitech@users.noreply.github.com>)
```

I tried to Squash-and-Merge on #83. GitHub does not sign the resulting
commit. Oops.

So this commit is just to make HEAD a GitHub-signed merge commit.
 2018-12-21 06:15:44 -08:00
Moritz Beller
0a981e2b6f Add affected functions to legacy security warnings (#83) 
Add affected functions to advisories

Add `affected_functions` to:

- RUSTSEC-2018-0003
- RUSTSEC-2017-0002
- RUSTSEC-2018-0002
- RUSTSEC-2018-0001
- RUSTSEC-2017-0004
 2018-12-21 06:11:32 -08:00
Tony Arcieri
4be9cb6f15 Merge pull request #82 from praezi/master 
Add new affected functions attribute to template
 2018-12-20 18:56:55 -08:00
Moritz Beller
5602386b18 Add new affected functions attribute to template 
Refs #68
 2018-12-20 22:10:29 +01:00
Tony Arcieri
21e7a88d37 Merge pull request #81 from RustSec/RUSTSEC-2018-0011 
Assign RUSTSEC-2018-0011 to arrayfire
 2018-12-18 18:24:40 -08:00
Tony Arcieri
ff0b4e0703 Assign RUSTSEC-2018-0011 to arrayfire 
Original PR: https://github.com/RustSec/advisory-db/pull/80
 2018-12-18 18:14:37 -08:00
Tony Arcieri
18cae15271 Merge pull request #80 from 9prady9/arrayfire 
Enum repr memory corruption in arrayfire crate
 2018-12-18 17:42:51 -08:00
pradeep
e010bc1307 Add memory-corruption keyword to arrayfire rustsec 2018-12-18 23:30:09 +05:30
pradeep
9dd2785e95 Enum repr memory corruption in arrayfire crate 2018-12-18 23:25:30 +05:30
Tony Arcieri
c5ffec7b90 Merge pull request #79 from RustSec/RUSTSEC-2018-0010 
Assign RUSTSEC-2018-0010 to openssl
 2018-12-16 10:20:38 -08:00
Tony Arcieri
ac8b248cfd Assign RUSTSEC-2018-0010 to openssl 
Original PR: https://github.com/RustSec/advisory-db/pull/77
 2018-12-16 10:08:17 -08:00