Dirkjan Ochtman
c32eb105f9
ci: bump admin commit
2026-07-01 13:19:11 +02:00
Dale Seo
5e2f36f74c
Add advisory for rmcp DNS rebinding
2026-06-29 14:52:43 +02:00
djc
74a71c2f2e
Assigned RUSTSEC-2026-0188 to wasmtime-wasi
2026-06-29 14:36:02 +02:00
Pat Hickey
911601a33a
create rustsec advisory for wasmtime-wasi crate: wasmtime project's GHSA-4ch3-9j33-3pmj
2026-06-29 14:33:19 +02:00
djc
e69927bf37
Assigned RUSTSEC-2026-0187 to lopdf
2026-06-26 11:58:24 +02:00
José Antonio Zamudio Amaya
e504e65307
Add advisory for lopdf: stack overflow via deeply nested PDF objects ( #2984 )
2026-06-26 11:55:10 +02:00
djc
49f543184c
Assigned RUSTSEC-2025-0164 to i_triangle
2026-06-23 13:22:47 +02:00
sisy2020
0c9fb990fe
Add advisory for i_triangle unsound triangle accessors
2026-06-23 13:18:20 +02:00
LawnGnome
295e1e4d31
Assigned RUSTSEC-2026-0185 to quinn-proto, RUSTSEC-2026-0186 to memmap2
2026-06-22 11:11:20 -07:00
Maarten de Vries
fac01b6e23
Add unsound pointer arithmetic advisory for memmap2. ( #2990 )
2026-06-22 11:10:49 -07:00
Dirkjan Ochtman
4d2f42a56d
quinn-proto: remote memory exhaustion
2026-06-22 11:07:29 -07:00
djc
e3c23aa97a
Assigned RUSTSEC-2022-0104 to structopt
2026-06-22 11:22:04 +02:00
Kyle J Strand
b7a1ea40b3
Add advisory for structopt: unmaintained (really in "maintenance mode", migration to clap recommended) ( #2983 )
2026-06-22 11:13:09 +02:00
Daniel Scherzer
776615bd36
CVE-2019-16760.md: update gist link
2026-06-18 13:58:33 +02:00
djc
aa90516a25
Assigned RUSTSEC-2026-0184 to git2
2026-06-17 15:50:20 +02:00
Daniel Scherzer
7a4fdf9c1b
Update git2 advisory for release of 0.21.0
2026-06-17 15:46:02 +02:00
Daniel Scherzer
d7297edbd6
Add advisory for git2: buffer-created BlameHunk leads to null pointers
2026-06-17 15:46:02 +02:00
djc
089720f90c
Assigned RUSTSEC-2026-0183 to git2
2026-06-17 14:56:48 +02:00
Daniel Scherzer
1916f9e32d
Update git2 advisory for release of 0.21.0
2026-06-17 14:55:34 +02:00
Daniel Scherzer
ea1790f470
Add advisory for git2: Remote::list() with an empty list triggers UB
2026-06-17 14:55:34 +02:00
LawnGnome
74e084413d
Assigned RUSTSEC-2026-0182 to wasmtime-wasi
2026-06-15 16:29:39 -07:00
Alex Crichton
ceaef4a2aa
Add a new Wasmtime advisory
...
Mirroring
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-3p27-qvp9-27qf
to here.
2026-06-15 15:18:21 -07:00
dependabot[bot]
c01141b509
Bump actions/checkout from 6.0.2 to 6.0.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](de0fac2e45...df4cb1c069 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-15 15:16:02 -07:00
djc
09735e1274
Assigned RUSTSEC-2026-0181 to vibeio-http
2026-06-13 10:34:52 +02:00
Dorian Niemiec
787924e599
chore: add security advisory for vibeio-http chunked encoding DoS
2026-06-13 09:08:39 +02:00
djc
234a41a155
Synchronize IDs (2026-06-13)
2026-06-13 08:16:34 +02:00
djc
27ca15f7db
Assigned RUSTSEC-2026-0178 to tokio-postgres, RUSTSEC-2026-0179 to postgres-protocol, RUSTSEC-2026-0180 to postgres-protocol
2026-06-12 19:27:58 +02:00
Paolo Barbolini
e43228936a
Add advisories for rust-postgres DoS issues (postgres-protocol, tokio-postgres)
...
Three denial-of-service issues triggered by a malicious, compromised, or
man-in-the-middle PostgreSQL server, all fixed and released:
- postgres-protocol: unbounded SCRAM PBKDF2 iteration count (CPU exhaustion,
pins a tokio worker thread), fixed in 0.6.12
- postgres-protocol: panic decoding a malformed hstore value, fixed in 0.6.12
- tokio-postgres: panic on a DataRow with fewer fields than columns, fixed in 0.7.18
2026-06-12 19:02:07 +02:00
LawnGnome
7aa81cbb51
Assigned RUSTSEC-2026-0177 to pyo3
2026-06-11 17:21:36 -07:00
David Hewitt
f1a5907888
report thread safety issue with PyO3's PyCFunction::new_closure
2026-06-11 15:45:57 -07:00
David Hewitt
343f397d14
add upper bounds to (patched) affected functions in PyO3 nth_back report
2026-06-11 15:44:55 -07:00
djc
ad0ae0d922
Assigned RUSTSEC-2026-0176 to pyo3
2026-06-11 23:22:54 +02:00
David Hewitt
124b56dd55
report memory exposure in PyO3 nth_back iterator methods
2026-06-11 23:21:31 +02:00
djc
254ee9eb7b
Assigned RUSTSEC-2021-0156 to triton-vm
2026-06-11 13:35:08 +02:00
Jan Ferdinand Sauer
f05e2e18bf
Add advisory for triton-vm
2026-06-11 13:28:24 +02:00
djc
141af10375
Assigned RUSTSEC-2026-0175 to onering
2026-06-10 21:02:16 +02:00
Adam Harvey
555af38143
Add malware advisory for onering 1.4.1 ( #2953 )
2026-06-10 21:00:31 +02:00
djc
02c8054e58
Synchronize IDs (2026-06-10)
2026-06-10 08:13:29 +02:00
djc
a406e06cdd
Assigned RUSTSEC-2026-0174 to http-types
2026-06-08 18:24:35 +02:00
Clover
fc7c78161c
Add advisory for http-types: violated ASCII invariants ( #2923 )
2026-06-08 18:17:25 +02:00
djc
4c5e594f0f
Assigned RUSTSEC-2026-0173 to proc-macro-error2
2026-06-07 22:48:51 +02:00
Sander Saares
dfd3306e15
Add unmaintained advisory for proc-macro-error2
...
The crate owner has confirmed proc-macro-error2 is no longer maintained
in https://github.com/GnomedDev/proc-macro-error-2/issues/17 .
Also removes proc-macro-error2 from the list of suggested alternatives in
the existing proc-macro-error advisory (RUSTSEC-2024-0370).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-06-07 21:54:51 +02:00
djc
8fe151aab7
Assigned RUSTSEC-2025-0163 to trailer
2026-06-06 16:44:53 +02:00
Alexander Kjäll
b3022976de
trailer: add information about CVE-2025-47737
2026-06-06 16:44:05 +02:00
djc
a8ac7f20fb
Assigned RUSTSEC-2026-0172 to diesel
2026-06-05 10:35:31 +02:00
Georg Semmler
451cb2e231
Another Diesel Advisory
...
This fills another advisory for another Diesel issue recently uncovered
by LLM/AI.
2026-06-05 10:12:31 +02:00
djc
14f08b6b8d
Assigned RUSTSEC-2026-0171 to logflux
2026-06-04 21:46:31 +02:00
Adam Harvey
3172636eed
Add malware advisory for logflux.
2026-06-04 21:40:21 +02:00
LawnGnome
162f4c6f3d
Assigned RUSTSEC-2026-0169 to surf, RUSTSEC-2026-0170 to tide
2026-06-04 12:11:08 -07:00
Dirkjan Ochtman
08ca25780d
Mark surf and tide as unmaintained
2026-06-04 12:09:57 -07:00