Joe Birr-Pixton
0be109e37c
Add libcrux-intrinsics bug
2025-12-04 14:46:29 +01:00
djc
684d3355d0
Synchronize IDs (2025-12-02)
2025-12-02 07:03:09 +01:00
dependabot[bot]
6c3549ab50
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](271a8d0340...84ae59a2cdsupport@github.com >
2025-12-01 16:51:50 +01:00
dependabot[bot]
d7e08cf6cb
Bump actions/checkout from 5.0.0 to 6.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68support@github.com >
2025-12-01 16:46:36 +01:00
Callum Oakley
4ea955aed4
withdraw RUSTSEC-2025-0120: json5 is now maintained
2025-11-30 01:15:16 +01:00
djc
6901f3cd08
Assigned RUSTSEC-2025-0132 to maxminddb
2025-11-29 09:52:04 +01:00
Paolo Barbolini
c6de858b85
Add maxminddb mmap unsoundness advisory
2025-11-29 09:17:39 +01:00
djc
0071343468
Assigned RUSTSEC-2025-0131 to rtvm-interpreter
2025-11-28 14:44:25 +01:00
Shihao Xia
382e627612
Rtvm unsound API ( #2451 )
2025-11-28 14:43:10 +01:00
Markus Pettersson
90c47c2196
Update RUSTSEC-2025-0126 ( #2488 )
...
Add patched version number to RUSTSEC-2025-0126.
2025-11-27 22:53:33 +01:00
djc
cc3c393dba
Synchronize IDs (2025-11-26)
2025-11-26 07:00:45 +01:00
djc
f5fdfe73c0
Assigned RUSTSEC-2025-0129 to cggmp21, RUSTSEC-2025-0130 to cggmp24
2025-11-25 12:10:55 +01:00
Denis Varlakov
826f224270
Report cggmp21 missing check vulnerability ( #2481 )
...
Signed-off-by: Denis Varlakov <denis@dfns.co >
2025-11-25 12:10:07 +01:00
djc
01b3e86c7a
Assigned RUSTSEC-2025-0127 to cggmp21, RUSTSEC-2025-0128 to cggmp24
2025-11-25 12:09:13 +01:00
Denis Varlakov
6f321e3eea
Attack on cggmp21 presignatures ( #2482 )
...
Signed-off-by: Denis Varlakov <denis@dfns.co >
2025-11-25 12:08:12 +01:00
djc
d7c9a1cb46
Assigned RUSTSEC-2025-0126 to nftnl
2025-11-25 10:40:00 +01:00
cuiwenhao123
9a0cd558a6
Add RUSTSEC for nftnl
2025-11-25 10:38:36 +01:00
John Vandenberg
f2c79ffdfa
Use CVSS 3.1 for RUSTSEC-2025-0125
2025-11-22 13:29:36 +01:00
René Kijewski
2341ae6396
Fix typo in RUSTSEC-2025-0123
2025-11-22 12:56:30 +01:00
djc
594ee9d61e
Assigned RUSTSEC-2025-0125 to thread-amount
2025-11-22 10:03:20 +01:00
jez
0e3044b85e
Add advisory for memory leak in thread-amount < 0.2.2 ( #2476 )
2025-11-22 10:02:31 +01:00
Carol (Nichols || Goulding)
0c6f0bb552
Missing "r" in "rand_os" ( #2475 )
2025-11-19 21:48:42 +01:00
djc
01aa671a67
Assigned RUSTSEC-2025-0123 to opentelemetry-jaeger, RUSTSEC-2025-0124 to rand_os
2025-11-18 13:07:07 +01:00
John Vandenberg
c859f165be
Mark rand_os as unmaintained ( #2462 )
2025-11-18 13:04:16 +01:00
John Vandenberg
7bd998af49
Mark opentelemetry-jaeger unmaintained ( #2464 )
2025-11-18 13:03:19 +01:00
djc
6799e5dea9
Assigned RUSTSEC-2025-0122 to cargo-asm
2025-11-18 10:02:31 +01:00
John Vandenberg
7ab0d68666
Mark cargo-asm unmaintained
2025-11-18 10:01:40 +01:00
djc
281529337d
Assigned RUSTSEC-2025-0121 to gcc
2025-11-18 09:52:10 +01:00
John Vandenberg
3c3a36e967
Mark gcc unmaintained
2025-11-18 09:48:37 +01:00
djc
de3adb7264
Assigned RUSTSEC-2025-0120 to json5
2025-11-18 09:21:57 +01:00
John Vandenberg
e56f6d6393
Mark json5 as unmaintained
2025-11-18 09:16:55 +01:00
djc
089543e58e
Assigned RUSTSEC-2025-0119 to number_prefix
2025-11-18 09:13:56 +01:00
John Vandenberg
c369068184
Mark number_prefix unmaintained ( #2463 )
2025-11-18 09:12:02 +01:00
djc
4b6acc7020
Assigned RUSTSEC-2025-0118 to wasmtime
2025-11-13 17:55:40 +01:00
Alex Crichton
fa0f26aa59
wasmtime: Unsound API access to a WebAssembly shared linear memory
2025-11-13 17:03:13 +01:00
djc
df17e8c0d1
Assigned RUSTSEC-2025-0114 to tandem_http_client, RUSTSEC-2025-0115 to tandem_http_server, RUSTSEC-2025-0116 to tandem_garble_interop, RUSTSEC-2025-0117 to tandem
2025-11-10 12:31:14 +01:00
robinhundt
6e8ae6d297
Add unmaintained advisory for tandem crates
...
The crates in https://github.com/sine-fdn/tandem/ are no longer
maintained by the SINE Foundation.
Crates:
- tandem
- tandem_garble_interop
- tandem_http_client
- tandem_http_server
We are continuing our work on SMPC by implementing our
secure multi-party computation engine Polytune
https://github.com/sine-fdn/polytune .
2025-11-10 12:28:50 +01:00
djc
936180444f
Synchronize IDs (2025-11-04)
2025-11-04 07:10:22 +01:00
djc
efae9f98cb
Assigned RUSTSEC-2025-0113 to shaman
2025-11-03 10:07:01 +01:00
Shihao Xia
91217214b0
shaman unsound and unmaintain ( #2321 )
2025-11-03 09:39:58 +01:00
djc
2e45336771
Synchronize IDs (2025-10-28)
2025-10-28 07:02:18 +01:00
Dirkjan Ochtman
32546e97df
ci: bump rustsec commit to use
2025-10-27 17:45:41 +01:00
Dirkjan Ochtman
609733e128
ci: fix typo in permissions key
2025-10-26 17:11:01 +01:00
William Woodruff
905622643e
ci: fix create-pull-request permissions
...
Signed-off-by: William Woodruff <william@astral.sh >
2025-10-26 15:34:23 +01:00
William Woodruff
d43d0de229
ci: ratchet down permissions, pin all actions ( #2444 )
...
Signed-off-by: William Woodruff <william@astral.sh >
2025-10-26 12:38:01 +01:00
djc
b69325da78
Assigned RUSTSEC-2025-0112 to wasmtime
2025-10-25 13:20:30 +02:00
Alex Crichton
808b5a554d
Drop cvss for now
2025-10-25 13:19:32 +02:00
Alex Crichton
ed4154ad64
wasmtime: Possible crash with compiler intrinsics
2025-10-25 13:19:32 +02:00
djc
2eac06622d
Assigned RUSTSEC-2025-0110 to astral-tokio-tar, RUSTSEC-2025-0111 to tokio-tar
2025-10-25 13:18:52 +02:00
William Woodruff
aceedd1797
Update RUSTSEC-0000-0000.md
2025-10-25 13:17:23 +02:00
