djc
4384743abd
Synchronize IDs (2025-12-17)
2025-12-17 07:01:32 +01:00
dependabot[bot]
2d254c1fad
Bump actions/checkout from 6.0.0 to 6.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8support@github.com >
2025-12-15 16:07:57 +01:00
djc
a5541c13c7
Assigned RUSTSEC-2025-0136 to sequoia-openpgp
2025-12-15 14:02:19 +01:00
Alexander Kjäll
3b5c457440
Create advisory for CVE-2025-67897 in sequoia-pgp ( #2511 )
2025-12-15 13:59:31 +01:00
Dirkjan Ochtman
d0bdb37b2b
Link to reference documentation on available categories
2025-12-11 16:11:05 +01:00
Dirkjan Ochtman
eb1f940aab
Add missing fields in example advisory
2025-12-11 16:11:05 +01:00
djc
6b4a28c720
Assigned RUSTSEC-2025-0135 to matrix-sdk-base
2025-12-08 13:23:54 +01:00
Damir Jelić
3cb5be8c9c
Add CVE-2025-66622 for matrix-sdk-base
2025-12-08 12:55:44 +01:00
djc
30472d9594
Synchronize IDs (2025-12-06)
2025-12-06 08:36:56 +01:00
djc
5d6f7fbf10
Assigned RUSTSEC-2025-0134 to rustls-pemfile
2025-12-05 20:07:24 +01:00
Dirkjan Ochtman
76e5be41d5
Declare rustls-pemfile to be unmaintained
2025-12-05 20:01:15 +01:00
djc
f414b4d1ff
Assigned RUSTSEC-2025-0133 to libcrux-intrinsics
2025-12-04 15:23:19 +01:00
Joe Birr-Pixton
0be109e37c
Add libcrux-intrinsics bug
2025-12-04 14:46:29 +01:00
djc
684d3355d0
Synchronize IDs (2025-12-02)
2025-12-02 07:03:09 +01:00
dependabot[bot]
6c3549ab50
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](271a8d0340...84ae59a2cdsupport@github.com >
2025-12-01 16:51:50 +01:00
dependabot[bot]
d7e08cf6cb
Bump actions/checkout from 5.0.0 to 6.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68support@github.com >
2025-12-01 16:46:36 +01:00
Callum Oakley
4ea955aed4
withdraw RUSTSEC-2025-0120: json5 is now maintained
2025-11-30 01:15:16 +01:00
djc
6901f3cd08
Assigned RUSTSEC-2025-0132 to maxminddb
2025-11-29 09:52:04 +01:00
Paolo Barbolini
c6de858b85
Add maxminddb mmap unsoundness advisory
2025-11-29 09:17:39 +01:00
djc
0071343468
Assigned RUSTSEC-2025-0131 to rtvm-interpreter
2025-11-28 14:44:25 +01:00
Shihao Xia
382e627612
Rtvm unsound API ( #2451 )
2025-11-28 14:43:10 +01:00
Markus Pettersson
90c47c2196
Update RUSTSEC-2025-0126 ( #2488 )
...
Add patched version number to RUSTSEC-2025-0126.
2025-11-27 22:53:33 +01:00
djc
cc3c393dba
Synchronize IDs (2025-11-26)
2025-11-26 07:00:45 +01:00
djc
f5fdfe73c0
Assigned RUSTSEC-2025-0129 to cggmp21, RUSTSEC-2025-0130 to cggmp24
2025-11-25 12:10:55 +01:00
Denis Varlakov
826f224270
Report cggmp21 missing check vulnerability ( #2481 )
...
Signed-off-by: Denis Varlakov <denis@dfns.co >
2025-11-25 12:10:07 +01:00
djc
01b3e86c7a
Assigned RUSTSEC-2025-0127 to cggmp21, RUSTSEC-2025-0128 to cggmp24
2025-11-25 12:09:13 +01:00
Denis Varlakov
6f321e3eea
Attack on cggmp21 presignatures ( #2482 )
...
Signed-off-by: Denis Varlakov <denis@dfns.co >
2025-11-25 12:08:12 +01:00
djc
d7c9a1cb46
Assigned RUSTSEC-2025-0126 to nftnl
2025-11-25 10:40:00 +01:00
cuiwenhao123
9a0cd558a6
Add RUSTSEC for nftnl
2025-11-25 10:38:36 +01:00
John Vandenberg
f2c79ffdfa
Use CVSS 3.1 for RUSTSEC-2025-0125
2025-11-22 13:29:36 +01:00
René Kijewski
2341ae6396
Fix typo in RUSTSEC-2025-0123
2025-11-22 12:56:30 +01:00
djc
594ee9d61e
Assigned RUSTSEC-2025-0125 to thread-amount
2025-11-22 10:03:20 +01:00
jez
0e3044b85e
Add advisory for memory leak in thread-amount < 0.2.2 ( #2476 )
2025-11-22 10:02:31 +01:00
Carol (Nichols || Goulding)
0c6f0bb552
Missing "r" in "rand_os" ( #2475 )
2025-11-19 21:48:42 +01:00
djc
01aa671a67
Assigned RUSTSEC-2025-0123 to opentelemetry-jaeger, RUSTSEC-2025-0124 to rand_os
2025-11-18 13:07:07 +01:00
John Vandenberg
c859f165be
Mark rand_os as unmaintained ( #2462 )
2025-11-18 13:04:16 +01:00
John Vandenberg
7bd998af49
Mark opentelemetry-jaeger unmaintained ( #2464 )
2025-11-18 13:03:19 +01:00
djc
6799e5dea9
Assigned RUSTSEC-2025-0122 to cargo-asm
2025-11-18 10:02:31 +01:00
John Vandenberg
7ab0d68666
Mark cargo-asm unmaintained
2025-11-18 10:01:40 +01:00
djc
281529337d
Assigned RUSTSEC-2025-0121 to gcc
2025-11-18 09:52:10 +01:00
John Vandenberg
3c3a36e967
Mark gcc unmaintained
2025-11-18 09:48:37 +01:00
djc
de3adb7264
Assigned RUSTSEC-2025-0120 to json5
2025-11-18 09:21:57 +01:00
John Vandenberg
e56f6d6393
Mark json5 as unmaintained
2025-11-18 09:16:55 +01:00
djc
089543e58e
Assigned RUSTSEC-2025-0119 to number_prefix
2025-11-18 09:13:56 +01:00
John Vandenberg
c369068184
Mark number_prefix unmaintained ( #2463 )
2025-11-18 09:12:02 +01:00
djc
4b6acc7020
Assigned RUSTSEC-2025-0118 to wasmtime
2025-11-13 17:55:40 +01:00
Alex Crichton
fa0f26aa59
wasmtime: Unsound API access to a WebAssembly shared linear memory
2025-11-13 17:03:13 +01:00
djc
df17e8c0d1
Assigned RUSTSEC-2025-0114 to tandem_http_client, RUSTSEC-2025-0115 to tandem_http_server, RUSTSEC-2025-0116 to tandem_garble_interop, RUSTSEC-2025-0117 to tandem
2025-11-10 12:31:14 +01:00
robinhundt
6e8ae6d297
Add unmaintained advisory for tandem crates
...
The crates in https://github.com/sine-fdn/tandem/ are no longer
maintained by the SINE Foundation.
Crates:
- tandem
- tandem_garble_interop
- tandem_http_client
- tandem_http_server
We are continuing our work on SMPC by implementing our
secure multi-party computation engine Polytune
https://github.com/sine-fdn/polytune .
2025-11-10 12:28:50 +01:00
djc
936180444f
Synchronize IDs (2025-11-04)
2025-11-04 07:10:22 +01:00
