rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,004 Commits 21 Branches 0 Tags
update-ids
Commit Graph

2004 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexis Mousset
2ed85d2178 Update aliases from GHSA OSV export 2023-07-08 13:51:43 +02:00
Linus Färnstrand
1f538e6f3b Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725) 
Since `IsTerminal` is now stable, this CVE can recommend that first
 2023-06-29 12:21:59 +00:00
github-actions[bot]
9cf72357c8 Assigned RUSTSEC-2023-0046 to cyfs-base (#1723) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-22 09:43:08 -06:00
Rafael
a64182cf0f report misaligned pointer dereference in cyfs-base (#1718) 2023-06-22 09:42:06 -06:00
github-actions[bot]
76c37849b6 Assigned RUSTSEC-2023-0045 to memoffset (#1722) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-21 12:29:36 +00:00
Kisaragi
27aa255f11 Add advisory to memoffset (#1721) 
* Add advisory to `memoffset`

* fix invalid category
 2023-06-21 12:23:59 +00:00
github-actions[bot]
29b04da119 Assigned RUSTSEC-2023-0044 to openssl (#1720) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-20 17:34:12 -04:00
Alex Gaynor
e8534eadc5 Report buffer-overread in OpenSSL (#1719) 
* Report buffer-overread in OpenSSL

* Rename RUSTSEC-0000-0000 to RUSTSEC-0000-0000.md
 2023-06-20 21:32:25 +00:00
joshua-maros
37abf6e463 Update RUSTSEC-2023-0042 to reflect patch. (#1717) 2023-06-15 11:07:09 +00:00
github-actions[bot]
13b9455e9f Assigned RUSTSEC-2023-0043 to ftp (#1714) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-14 07:23:36 -06:00
Christian Visintin
3ad954ae91 Add unmaintained ftp crate (#1612) 2023-06-14 07:21:57 -06:00
Alexis Mousset
84c633df9c Update aliases from GHSA OSV export (#1693) 2023-06-13 15:10:24 +02:00
github-actions[bot]
ea9ad160b6 Assigned RUSTSEC-2023-0042 to ouroboros (#1708) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-12 02:10:09 +02:00
joshua-maros
ae311156f9 Ouroboros Soundess Issue (#1707) 2023-06-12 02:08:57 +02:00
github-actions[bot]
af3f3d503f Assigned RUSTSEC-2023-0041 to trust-dns-server (#1704) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-06-03 19:41:41 +00:00
Jonas Bushart
a14884ebf4 Vulnerability in trust-dns and trust-dns-server (#1703) 
An attacker can form packet loops between vulnerable instances leading
to a denial-of-service for both network and CPU resources.
 2023-06-03 19:40:41 +00:00
github-actions[bot]
d32ef82010 Assigned RUSTSEC-2023-0040 to users (#1702) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-06-01 10:22:47 -06:00
Zeeshan Ali Khan
99d0a82b66 🦺 Advisory for unmaintained crate, users (#1701) 2023-06-01 10:15:25 -06:00
github-actions[bot]
f343db0846 Assigned RUSTSEC-2023-0039 to buffered-reader (#1700) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-05-31 23:03:14 +02:00
Neal H. Walfield
8a7fc61c92 Add advisory for buffered-reader (#1697) 
Attacker-controlled input can lead to an out-of-bounds index, which
causes buffered-reader to panic.  This has been fixed in versions
1.2.0, 1.1.5, and 1.0.2 of buffered-reader.
 2023-05-31 23:02:26 +02:00
github-actions[bot]
66dbd2c1a8 Assigned RUSTSEC-2023-0038 to sequoia-openpgp (#1699) 
Co-authored-by: amousset <amousset@users.noreply.github.com>
 2023-05-31 23:02:12 +02:00
Neal H. Walfield
ee9ec5f605 Add advisory for sequoia-openpgp (#1696) 
Attacker-controlled input can lead to an out-of-bounds index, which
causes sequoia-openpgp to panic.  This has been fixed in versions
1.16.0, 1.8.1, and 1.1.1 of sequoia-openpgp.
 2023-05-31 22:54:59 +02:00
Ralph Giles
e162556b9e Suggest kuchikiki as an alternative to kuchiki (#1698) 
The `kuchiki` crate has been marked unmaintained. We're continuing
to support a fork under then name `kuchikiki` which we intend to
remain semver-compatible with our former upstream.

Suggest this as an alternative in RUSTSEC-2023-0019 since it is
a direct replacement; the other alternatives involve significant
porting effort.
 2023-05-23 14:17:25 -06:00
github-actions[bot]
0e97e6e71f Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-05-16 21:02:51 -06:00
Tony Arcieri
dc083e6955 xsalsa20poly1305 is unmaintained (#1694) 
See https://github.com/RustCrypto/AEADs/pull/525
 2023-05-16 21:01:49 -06:00
Kornel
50bed3ba40 xml-rs is maintained (#1691) 2023-05-05 09:39:54 +02:00
github-actions[bot]
d72795ee51 Assigned RUSTSEC-2023-0036 to tree_magic (#1689) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-24 21:08:42 -06:00
Sanpi
cb9a1fea8e Add unmaintained tree_magic crate (#1678) 2023-04-24 20:54:26 -06:00
github-actions[bot]
5f4eca1362 Assigned RUSTSEC-2023-0035 to enumflags2 (#1688) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-23 14:33:42 -06:00
Maja Kądziołka
0444576c2a enumflags2::make_bitflags unsoundness (#1686) 2023-04-23 14:32:26 -06:00
github-actions[bot]
cab69cc909 Assigned RUSTSEC-2023-0034 to h2 (#1687) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-04-20 13:17:55 -06:00
Kisaragi
7ca4586eb8 Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684) 
Co-authored-by: Tony Arcieri <bascule@gmail.com>
Co-authored-by: Sean McArthur <sean@seanmonstar.com>
 2023-04-20 13:16:09 -06:00
Max Ammann
23ff35f825 Fix typos in RUSTSEC-2023-0033 (#1685) 
* Fix typos in RUSTSEC-2023-0033.md

* Update RUSTSEC-2023-0033.md
 2023-04-13 17:43:33 +00:00
github-actions[bot]
f2f107fb96 Assigned RUSTSEC-2023-0033 to borsh (#1683) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-04-13 17:03:15 +00:00
Max Ammann
c4a10fa281 Add notice for borsh issue (#1682) 
* Create RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

* Update crates/borsh/RUSTSEC-0000-0000.md

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-04-13 17:02:24 +00:00
dependabot[bot]
c358dc290a Bump peter-evans/create-pull-request from 4 to 5 (#1677) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 09:47:56 -06:00
Rodolphe Bréard
e6600338c8 Withdraw RUSTSEC-2021-0147 (#1676) 
On Feb 19 2023, the author started to maintain the `daemonize` crate
again. Version 0.5.0 has been released on Feb 25 2023. Therefore, this
crate in no longer unmaintained.
rel #1543
 2023-04-08 21:49:55 +02:00
github-actions[bot]
6078097fb6 Assigned RUSTSEC-2023-0032 to ntru (#1674) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-04-06 20:57:33 +10:00
jcaesar
1eab8594ea Add unsound ntru (#1652) 
* Add ntru unsoundness advisory

* Remove redundant unaffected

* Remove non-versions

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-04-06 20:55:26 +10:00
github-actions[bot]
b0e918536d Assigned RUSTSEC-2023-0031 to spin (#1673) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-04-04 06:56:24 +10:00
Joshua Barretto
8d868299ea Added unsound spin (#1671) 
* Added advisory for spin

* Remove withdrawn artifact

---------

Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com>
 2023-04-04 06:55:45 +10:00
github-actions[bot]
719587479a Assigned RUSTSEC-2023-0030 to versionize (#1669) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-03-25 12:18:50 +00:00
Patrick Roy
63a2f95771 Add advisory for versionize crate (#1662) 
Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
 2023-03-25 12:17:08 +00:00
github-actions[bot]
dea5184a2b Assigned RUSTSEC-2023-0029 to nats (#1668) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 22:37:35 +11:00
pinkforest(she/her)
127e4e658f Fix nats directory (#1667) 
* Fix nats directory

* Fix patched
 2023-03-25 22:36:46 +11:00
Paolo Barbolini
0a1c2353f9 nats MitM vulnerability (#1665) 
* nats MitM vulnerability

* Suggest switching to `async-nats`
 2023-03-25 22:27:07 +11:00
github-actions[bot]
735bd0286f Assigned RUSTSEC-2023-0027 to async-nats, RUSTSEC-2023-0028 to buf_redux (#1664) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:42:41 +11:00
Ossi Herrala
b3d6563b3b Add unmaintained buf_redux (#1614) 
* Add unmaintained advisory of buf_redux

Fixes #1602

* Fil in the advisory

* Wording fixes

* Typo fix

* Wording fixes

* Grammar

* Alloc not core crate for Vec

* Add fork option

---------

Co-authored-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2023-03-25 02:39:27 +11:00
Paolo Barbolini
6035ece499 async-nats MitM vulnerability (#1661) 
* Create RUSTSEC-0000-0000.md

* Add category

Co-authored-by: Tony Arcieri <bascule@gmail.com>

* Improve title

* Improve the description and reintroduce formatting

* Update RUSTSEC-0000-0000.md

* Update RUSTSEC-0000-0000.md

---------

Co-authored-by: Tony Arcieri <bascule@gmail.com>
 2023-03-24 15:38:47 +00:00
github-actions[bot]
c48913e44d Assigned RUSTSEC-2023-0025 to git-hash, RUSTSEC-2023-0026 to git-path (#1663) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
 2023-03-25 02:33:49 +11:00