Commit Graph

3021 Commits

Author SHA1 Message Date
Dirkjan Ochtman
c32eb105f9 ci: bump admin commit 2026-07-01 13:19:11 +02:00
Dale Seo
5e2f36f74c Add advisory for rmcp DNS rebinding 2026-06-29 14:52:43 +02:00
djc
74a71c2f2e Assigned RUSTSEC-2026-0188 to wasmtime-wasi 2026-06-29 14:36:02 +02:00
Pat Hickey
911601a33a create rustsec advisory for wasmtime-wasi crate: wasmtime project's GHSA-4ch3-9j33-3pmj 2026-06-29 14:33:19 +02:00
djc
e69927bf37 Assigned RUSTSEC-2026-0187 to lopdf 2026-06-26 11:58:24 +02:00
José Antonio Zamudio Amaya
e504e65307 Add advisory for lopdf: stack overflow via deeply nested PDF objects (#2984) 2026-06-26 11:55:10 +02:00
djc
49f543184c Assigned RUSTSEC-2025-0164 to i_triangle 2026-06-23 13:22:47 +02:00
sisy2020
0c9fb990fe Add advisory for i_triangle unsound triangle accessors 2026-06-23 13:18:20 +02:00
LawnGnome
295e1e4d31 Assigned RUSTSEC-2026-0185 to quinn-proto, RUSTSEC-2026-0186 to memmap2 2026-06-22 11:11:20 -07:00
Maarten de Vries
fac01b6e23 Add unsound pointer arithmetic advisory for memmap2. (#2990) 2026-06-22 11:10:49 -07:00
Dirkjan Ochtman
4d2f42a56d quinn-proto: remote memory exhaustion 2026-06-22 11:07:29 -07:00
djc
e3c23aa97a Assigned RUSTSEC-2022-0104 to structopt 2026-06-22 11:22:04 +02:00
Kyle J Strand
b7a1ea40b3 Add advisory for structopt: unmaintained (really in "maintenance mode", migration to clap recommended) (#2983) 2026-06-22 11:13:09 +02:00
Daniel Scherzer
776615bd36 CVE-2019-16760.md: update gist link 2026-06-18 13:58:33 +02:00
djc
aa90516a25 Assigned RUSTSEC-2026-0184 to git2 2026-06-17 15:50:20 +02:00
Daniel Scherzer
7a4fdf9c1b Update git2 advisory for release of 0.21.0 2026-06-17 15:46:02 +02:00
Daniel Scherzer
d7297edbd6 Add advisory for git2: buffer-created BlameHunk leads to null pointers 2026-06-17 15:46:02 +02:00
djc
089720f90c Assigned RUSTSEC-2026-0183 to git2 2026-06-17 14:56:48 +02:00
Daniel Scherzer
1916f9e32d Update git2 advisory for release of 0.21.0 2026-06-17 14:55:34 +02:00
Daniel Scherzer
ea1790f470 Add advisory for git2: Remote::list() with an empty list triggers UB 2026-06-17 14:55:34 +02:00
LawnGnome
74e084413d Assigned RUSTSEC-2026-0182 to wasmtime-wasi 2026-06-15 16:29:39 -07:00
Alex Crichton
ceaef4a2aa Add a new Wasmtime advisory
Mirroring
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-3p27-qvp9-27qf
to here.
2026-06-15 15:18:21 -07:00
dependabot[bot]
c01141b509 Bump actions/checkout from 6.0.2 to 6.0.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-15 15:16:02 -07:00
djc
09735e1274 Assigned RUSTSEC-2026-0181 to vibeio-http 2026-06-13 10:34:52 +02:00
Dorian Niemiec
787924e599 chore: add security advisory for vibeio-http chunked encoding DoS 2026-06-13 09:08:39 +02:00
djc
234a41a155 Synchronize IDs (2026-06-13) 2026-06-13 08:16:34 +02:00
djc
27ca15f7db Assigned RUSTSEC-2026-0178 to tokio-postgres, RUSTSEC-2026-0179 to postgres-protocol, RUSTSEC-2026-0180 to postgres-protocol 2026-06-12 19:27:58 +02:00
Paolo Barbolini
e43228936a Add advisories for rust-postgres DoS issues (postgres-protocol, tokio-postgres)
Three denial-of-service issues triggered by a malicious, compromised, or
man-in-the-middle PostgreSQL server, all fixed and released:

- postgres-protocol: unbounded SCRAM PBKDF2 iteration count (CPU exhaustion,
  pins a tokio worker thread), fixed in 0.6.12
- postgres-protocol: panic decoding a malformed hstore value, fixed in 0.6.12
- tokio-postgres: panic on a DataRow with fewer fields than columns, fixed in 0.7.18
2026-06-12 19:02:07 +02:00
LawnGnome
7aa81cbb51 Assigned RUSTSEC-2026-0177 to pyo3 2026-06-11 17:21:36 -07:00
David Hewitt
f1a5907888 report thread safety issue with PyO3's PyCFunction::new_closure 2026-06-11 15:45:57 -07:00
David Hewitt
343f397d14 add upper bounds to (patched) affected functions in PyO3 nth_back report 2026-06-11 15:44:55 -07:00
djc
ad0ae0d922 Assigned RUSTSEC-2026-0176 to pyo3 2026-06-11 23:22:54 +02:00
David Hewitt
124b56dd55 report memory exposure in PyO3 nth_back iterator methods 2026-06-11 23:21:31 +02:00
djc
254ee9eb7b Assigned RUSTSEC-2021-0156 to triton-vm 2026-06-11 13:35:08 +02:00
Jan Ferdinand Sauer
f05e2e18bf Add advisory for triton-vm 2026-06-11 13:28:24 +02:00
djc
141af10375 Assigned RUSTSEC-2026-0175 to onering 2026-06-10 21:02:16 +02:00
Adam Harvey
555af38143 Add malware advisory for onering 1.4.1 (#2953) 2026-06-10 21:00:31 +02:00
djc
02c8054e58 Synchronize IDs (2026-06-10) 2026-06-10 08:13:29 +02:00
djc
a406e06cdd Assigned RUSTSEC-2026-0174 to http-types 2026-06-08 18:24:35 +02:00
Clover
fc7c78161c Add advisory for http-types: violated ASCII invariants (#2923) 2026-06-08 18:17:25 +02:00
djc
4c5e594f0f Assigned RUSTSEC-2026-0173 to proc-macro-error2 2026-06-07 22:48:51 +02:00
Sander Saares
dfd3306e15 Add unmaintained advisory for proc-macro-error2
The crate owner has confirmed proc-macro-error2 is no longer maintained

in https://github.com/GnomedDev/proc-macro-error-2/issues/17.

Also removes proc-macro-error2 from the list of suggested alternatives in

the existing proc-macro-error advisory (RUSTSEC-2024-0370).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-07 21:54:51 +02:00
djc
8fe151aab7 Assigned RUSTSEC-2025-0163 to trailer 2026-06-06 16:44:53 +02:00
Alexander Kjäll
b3022976de trailer: add information about CVE-2025-47737 2026-06-06 16:44:05 +02:00
djc
a8ac7f20fb Assigned RUSTSEC-2026-0172 to diesel 2026-06-05 10:35:31 +02:00
Georg Semmler
451cb2e231 Another Diesel Advisory
This fills another advisory for another Diesel issue recently uncovered
by LLM/AI.
2026-06-05 10:12:31 +02:00
djc
14f08b6b8d Assigned RUSTSEC-2026-0171 to logflux 2026-06-04 21:46:31 +02:00
Adam Harvey
3172636eed Add malware advisory for logflux. 2026-06-04 21:40:21 +02:00
LawnGnome
162f4c6f3d Assigned RUSTSEC-2026-0169 to surf, RUSTSEC-2026-0170 to tide 2026-06-04 12:11:08 -07:00
Dirkjan Ochtman
08ca25780d Mark surf and tide as unmaintained 2026-06-04 12:09:57 -07:00