Commit Graph

2278 Commits

Author SHA1 Message Date
Alexander Huszagh
ce218936ea Add security advisory for fast-float. (#2107) 2024-11-09 15:08:52 +00:00
Samuel Moelius
f3460e5ed9 Remove stray ) (#2108) 2024-11-01 08:31:51 -04:00
Arvid Norlander
c586bd65ec Fix incorrect fixed version for may_queue (#2106)
According to https://github.com/Xudong-Huang/may/issues/88, this was fixed in 0.3.19,
but that refers to the main "may" crate. The correct version for the "may_queue" sub crate
is 0.1.8 (based on manual checking the bounds for the affected type on docs.rs)
2024-10-25 14:45:36 -04:00
Arvid Norlander
b416be0762 Add missing information about fixed versions (#2105)
According to https://github.com/Xudong-Huang/may/issues/88, this has been fixed since a long time. Add the missing `patched`
2024-10-25 14:33:29 -04:00
github-actions[bot]
57c4a0ce3a Assigned RUSTSEC-2024-0378 to pyo3 (#2102)
Co-authored-by: alex <772+alex@users.noreply.github.com>
2024-10-14 15:18:55 -04:00
David Hewitt
b71a917033 risk of use-after-free in PyO3 borrowing from weak refrences (#2101)
* risk of use-after-free in PyO3 borrowing from weak refrences

* correct trait name
2024-10-14 15:17:37 -04:00
github-actions[bot]
acb7ce4581 Assigned RUSTSEC-2024-0377 to dbn (#2099)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-10-09 00:13:59 +01:00
MJU
a4cabb7b03 Dbn heap buffer overflow (#2097)
* Report Heap Buffer Overflow in dbn

* Report Heap Buffer Overflow in dbn

* Drop unrecognized field

---------

Co-authored-by: ydongyeon <dy3199@unist.ac.kr>
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2024-10-09 00:13:39 +01:00
Lucio Franco
a68ca4a1ec Update RUSTSEC-2024-0376 affected versions (#2094) 2024-10-02 08:58:53 -06:00
github-actions[bot]
bbc65dd500 Assigned RUSTSEC-2024-0376 to tonic (#2092)
Co-authored-by: amousset <329388+amousset@users.noreply.github.com>
2024-10-01 22:43:37 +02:00
Lucio Franco
db1741c447 Add advisory for CVE-2024-47609 in tonic (#2091) 2024-10-01 22:42:58 +02:00
github-actions[bot]
cb905e6e40 Assigned RUSTSEC-2024-0375 to atty (#2090)
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
2024-09-26 06:26:22 -06:00
BlackHoleFox
6960f548f3 Mark atty as officially unmaintained (#2089) 2024-09-25 17:27:45 -06:00
dj8yf0μl
45780a4d66 Update RUSTSEC-2023-0033.md : add borsh v0.10.4 (#2088) 2024-09-23 16:02:17 +01:00
github-actions[bot]
f791f5a283 Assigned RUSTSEC-2024-0374 to ouch (#2085)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-22 11:28:31 +01:00
Yewan Na
eb56b9f7c0 Add advisory for segmentation fault in ouch (#2084)
* Add advisory for segmentation fault in ouch

* Fix CI error

* Slightly more descriptive title

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2024-09-22 11:28:03 +01:00
github-actions[bot]
3cae2352cf Assigned RUSTSEC-2023-0086 to lexical-core (#2083)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-16 15:16:22 +01:00
Alexander Huszagh
3436ad83d5 Add lexical-core advisory. (#2082)
* Add lexical-core advisory.

* No need to list alternatives now that a patched version is available

* Better description of 1.0 changes

* Change to RUSTSEC-0000-0000 for ID assignment to work properly

* List RUSTSEC-2023-0055 as a related advisory

* Correct package name

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2024-09-16 15:15:37 +01:00
Sergey "Shnatsel" Davidoff
2e0d528523 Lexical is maintained again, unsoundness is fixed (#2080) 2024-09-16 14:34:10 +01:00
John Vandenberg
7fbf1e630a Add more alternatives to proc-macro-error (#2076) 2024-09-09 06:08:37 -06:00
github-actions[bot]
ebef0eb749 Assigned RUSTSEC-2024-0373 to quinn-proto (#2074)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-08 02:47:13 +01:00
Dirkjan Ochtman
d1f40fb4f7 Add advisory for quinn-proto denial of service (#2059) 2024-09-08 02:44:40 +01:00
venkkatesh-sekar
7865e3577f fix (#2073) 2024-09-07 12:23:36 -06:00
github-actions[bot]
66cef906f6 Assigned RUSTSEC-2024-0371 to gix-path, RUSTSEC-2024-0372 to ic-cdk (#2072)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-07 02:48:33 +01:00
venkkatesh-sekar
1a553f13f0 Advisory for GHSA-rwq6-crjg-9cpw in ic-cdk (#2068)
* Add  CVE-2024-7884

* review

* Fix version specification

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2024-09-07 02:48:14 +01:00
Eliah Kagan
987de17886 Advisory for CVE-2024-45405 (incomplete unescaping) in gix-path (#2071)
* Advisory for GHSA-m8rp-vv92-46c7 (incomplete unescaping) in gix-path

* Fix up body Markdown for RUSTSEC

- `<` `>` around a bare URL
- manual linking and rendering of referenced commit hash
- manual linking of a bare CVE number to associated global GHSA

* Add CVE number

* Add reference to GitHub Advisory Database entry

Now that it has been published there as well.
2024-09-07 02:44:44 +01:00
github-actions[bot]
9f0ebadc1c Assigned RUSTSEC-2024-0370 to proc-macro-error (#2070)
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
2024-09-05 11:40:19 -06:00
Gnome!
088b041c02 Add unmaintained advisory for proc-macro-error (#2057) 2024-09-05 11:38:54 -06:00
github-actions[bot]
1f7b1c83df Assigned RUSTSEC-2024-0369 to phonenumber (#2069)
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
2024-09-05 07:40:37 -06:00
Ruben De Smet
a9c7f518c7 rust-phonenumber: panic-on-parse (#2009) 2024-09-05 07:37:04 -06:00
Eliah Kagan
341f80ff92 Make small readability improvements in RUSTSEC-2023-0064 (#2064)
* Linkify bare URL in RUSTSEC-2023-0064

* Slightly improve wording in acknowledgement
2024-09-03 23:37:57 +01:00
Eliah Kagan
41db9ef9b8 Add global GHSA reference for RUSTSEC-2024-0367 (config scopes) (#2063)
* Add global GHSA reference for RUSTSEC-2024-0367 (config scopes)

This adds a link to the GitHub Advisory Database entry
https://github.com/advisories/GHSA-v26r-4c9c-h3j6 for
RUSTSEC-2024-0367 / CVE-2024-45305 / GHSA-v26r-4c9c-h3j6.

This entry was added to the GitHub Advisory Database since this
RUSTSEC entry was created in #2055 and updated in #2061.

(This also adds a reference to NVD entry, which has a useful
summary and appears as a reference in the global GHSA's reference
section.)

* Linkify bare URLs

The advisory, RUSTSEC-2024-0367, has two bare URLs in it, which
are displayed as links (and, in the repo-level GHSA, also showing
the linked-to lines of code). This surrounds them with `<` and `>`
so that they are rendered as hyperlinks, as they are in the global
GHSA.

(This does not correspond to a revision to the global GHSA because
they are already shown that way there. This change thus brings the
RUSTSEC advisory in line with the others.)
2024-09-03 23:23:51 +01:00
github-actions[bot]
a4b81423f7 Assigned RUSTSEC-2024-0368 to olm-sys (#2062)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-02 20:42:55 +01:00
Johannes Hayeß
0977c153d3 Add advisory for olm-sys (unmaintained, crypto failure) (#2060)
* Add advisory for olm-sys

* Upgrade to vulnerability

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2024-09-02 20:42:34 +01:00
Eliah Kagan
ba8a561d8a Add CVE number for RUSTSEC-2024-0367 (config scopes) (#2061)
This adds CVE-2024-45305 to `aliases` for RUSTSEC-2024-0367.

No CVE had been issued for that vulnerability when it was added to
the RUSTSEC database in #2055, but it has been assigned since.
2024-09-02 20:40:46 +01:00
github-actions[bot]
f88a0b72a8 Assigned RUSTSEC-2024-0367 to gix-path (#2058)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-01 17:42:16 +01:00
Eliah Kagan
12bc01da3d Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path (#2055)
* Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path

* Fix a commit hash intended to be a link to commit info

This worked on GitHub but should not be expected to be a hyperlink
elsehwere. So this makes the rendered text and target explicit.

* Add CVSS metadata

It is present in GHSA-v26r-4c9c-h3j6, I just accidentally left it
out initially.

* Clarify some wording in the advisory

I have already made this change at GHSA-v26r-4c9c-h3j6.
2024-09-01 17:33:01 +01:00
github-actions[bot]
fe4d5979b3 Assigned RUSTSEC-2024-0366 to cosmwasm-vm (#2053)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-08-27 17:22:21 +01:00
Christoph Otter
956def623f Add cosmwasm-vm advisory CWA-2023-004 (#2052)
* Add CWA-2023-004

* Fix description
2024-08-27 17:21:54 +01:00
Austin Bonander
dd0703e582 update resolution for RUSTSEC-2024-0363 (sqlx) (#2050) 2024-08-24 15:46:16 +01:00
github-actions[bot]
1bc15cb78d Assigned RUSTSEC-2024-0365 to diesel (#2049)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-08-23 15:03:08 +01:00
Georg Semmler
db0c302d32 Fill an advisory for protocol level injections for diesel (#2048)
This is essentially the same as https://github.com/rustsec/advisory-db/pull/2039 but for diesel.
2024-08-23 14:59:22 +01:00
github-actions[bot]
d3238373a4 Assigned RUSTSEC-2024-0364 to gitoxide-core (#2047)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-08-23 00:15:02 +01:00
Eliah Kagan
749a2a3c65 Advisory for CVE-2024-43785 in gitoxide-core (#2046) 2024-08-23 00:12:22 +01:00
github-actions[bot]
201638b35a Assigned RUSTSEC-2024-0363 to sqlx (#2040)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-08-16 21:33:27 +01:00
Austin Bonander
aa6d10b9c3 Advisory for sqlx <= 0.8.0 (#2039)
https://github.com/launchbadge/sqlx/issues/3440
2024-08-16 21:32:57 +01:00
github-actions[bot]
3f19e3dd28 Assigned RUSTSEC-2024-0362 to alloy-json-abi (#2038)
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
2024-08-15 07:40:17 -06:00
Luca
c33a710551 add alloy-json-abi stack-overflow (#2033) 2024-08-15 07:33:44 -06:00
Christoph Otter
1d209d3f18 Update versions for RUSTSEC-2024-0361 (#2036) 2024-08-08 18:11:37 +01:00
github-actions[bot]
fcaaabc8f1 Assigned RUSTSEC-2024-0361 to cosmwasm-vm (#2035)
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-08-08 15:04:18 +01:00