According to https://github.com/Xudong-Huang/may/issues/88, this was fixed in 0.3.19,
but that refers to the main "may" crate. The correct version for the "may_queue" sub crate
is 0.1.8 (based on manual checking the bounds for the affected type on docs.rs)
* Add advisory for segmentation fault in ouch
* Fix CI error
* Slightly more descriptive title
---------
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
* Add lexical-core advisory.
* No need to list alternatives now that a patched version is available
* Better description of 1.0 changes
* Change to RUSTSEC-0000-0000 for ID assignment to work properly
* List RUSTSEC-2023-0055 as a related advisory
* Correct package name
---------
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
* Advisory for GHSA-m8rp-vv92-46c7 (incomplete unescaping) in gix-path
* Fix up body Markdown for RUSTSEC
- `<` `>` around a bare URL
- manual linking and rendering of referenced commit hash
- manual linking of a bare CVE number to associated global GHSA
* Add CVE number
* Add reference to GitHub Advisory Database entry
Now that it has been published there as well.
* Add global GHSA reference for RUSTSEC-2024-0367 (config scopes)
This adds a link to the GitHub Advisory Database entry
https://github.com/advisories/GHSA-v26r-4c9c-h3j6 for
RUSTSEC-2024-0367 / CVE-2024-45305 / GHSA-v26r-4c9c-h3j6.
This entry was added to the GitHub Advisory Database since this
RUSTSEC entry was created in #2055 and updated in #2061.
(This also adds a reference to NVD entry, which has a useful
summary and appears as a reference in the global GHSA's reference
section.)
* Linkify bare URLs
The advisory, RUSTSEC-2024-0367, has two bare URLs in it, which
are displayed as links (and, in the repo-level GHSA, also showing
the linked-to lines of code). This surrounds them with `<` and `>`
so that they are rendered as hyperlinks, as they are in the global
GHSA.
(This does not correspond to a revision to the global GHSA because
they are already shown that way there. This change thus brings the
RUSTSEC advisory in line with the others.)
This adds CVE-2024-45305 to `aliases` for RUSTSEC-2024-0367.
No CVE had been issued for that vulnerability when it was added to
the RUSTSEC database in #2055, but it has been assigned since.
* Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path
* Fix a commit hash intended to be a link to commit info
This worked on GitHub but should not be expected to be a hyperlink
elsehwere. So this makes the rendered text and target explicit.
* Add CVSS metadata
It is present in GHSA-v26r-4c9c-h3j6, I just accidentally left it
out initially.
* Clarify some wording in the advisory
I have already made this change at GHSA-v26r-4c9c-h3j6.