File cargo-audit-advisory-db.changes of Package cargo-audit-advisory-db
------------------------------------------------------------------- Tue Feb 15 00:57:25 UTC 2022 - wbrown@suse.de - Update to version 20220215: * Suggest maintained alternatives for Rental advisory (#1187) * Update RUSTSEC-2022-0009.md (#1186) * Assigned RUSTSEC-2020-0162 to tokio-proto (#1185) * Mark tokio-proto as deprecated (#1184) * Assigned RUSTSEC-2022-0009 to libp2p-core (#1183) * Add entry for libp2p-core vulnerability (#1182) * Add patched version to DashMap advisory (#1181) * Assigned RUSTSEC-2022-0008 to windows (#1178) * Add advisory for windows (#1177) * Assigned RUSTSEC-2022-0007 to qcell (#1172) ------------------------------------------------------------------- Wed Jan 05 02:13:49 UTC 2022 - wbrown@suse.de - Update to version 20220105: * Assigned RUSTSEC-2021-0134 to rental (#1137) * Report that rental is no longer maintained (#1136) * Assigned RUSTSEC-2020-0160 to shamir (#1135) * Turn the issue about shamir into an advisory (#1134) * Assigned RUSTSEC-2021-0133 to cargo-download (#1133) * Mark cargo-download unmaintained (#1132) * Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131) * Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130) * CVE-2020-8927 for compu-brotli-sys (#1129) * Assigned RUSTSEC-2021-0131 to brotli-sys (#1128) ------------------------------------------------------------------- Fri Dec 10 04:08:52 UTC 2021 - wbrown@suse.de - Update to version 20211210: * Assigned RUSTSEC-2021-0128 to rusqlite (#1120) * Report `rusqlite` closure lifetime issue (#1117) * correct formatting for lists in RUSTSEC-2021-0127 (#1116) * Assigned RUSTSEC-2021-0127 to serde_cbor (#1115) * serde_cbor is unmaintained (#1114) * Assigned RUSTSEC-2021-0126 to rust-embed (#1113) * Add advisory for rust-embed path traversal (#1112) * Adds maintained alternative to slice_deque (#1109) * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108) * Security advisory on simple_asn1 version 0.6.0 (#1103) ------------------------------------------------------------------- Tue Nov 30 02:12:58 UTC 2021 - wbrown@suse.de - Update to version 20211130: * Assigned RUSTSEC-2021-0126 to rust-embed (#1113) * Add advisory for rust-embed path traversal (#1112) * Adds maintained alternative to slice_deque (#1109) * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108) * Security advisory on simple_asn1 version 0.6.0 (#1103) * Assigned RUSTSEC-2021-0124 to tokio (#1107) * Add advisory for tokio-rs/tokio#4225 (#1106) * Add CVE for RUSTSEC-2021-0123 (#1105) * Assigned RUSTSEC-2021-0123 to fruity (#1104) * Add fruity advisory for nvzqz/fruity#14 (#1102) ------------------------------------------------------------------- Fri Nov 12 00:17:17 UTC 2021 - wbrown@suse.de - Update to version 20211112: * Assigned RUSTSEC-2021-0122 to flatbuffers (#1100) * Add `flatbuffers` advisory for flatbuffers#6627 (#1093) * add cve info to advisories (#1099) * Bump `rustsec-admin` to v0.5.3 (#1091) * Add cvss information from nvd (#1085) * Add missing method to time vulnerability (#1086) * Add CVE alias for RUSTSEC-2021-0069 (#1087) * Assigned RUSTSEC-2021-0121 to crypto2 (#1084) * Unsound implementation of Chacha20 in crypto2 (#1072) * Assigned RUSTSEC-2020-0159 to chrono (#1083) ------------------------------------------------------------------- Wed Nov 03 00:32:55 UTC 2021 - wbrown@suse.de - Update to version 20211103: * Bump `rustsec-admin` to v0.5.3 (#1091) * Add cvss information from nvd (#1085) * Add missing method to time vulnerability (#1086) * Add CVE alias for RUSTSEC-2021-0069 (#1087) * Assigned RUSTSEC-2021-0121 to crypto2 (#1084) * Unsound implementation of Chacha20 in crypto2 (#1072) * Assigned RUSTSEC-2020-0159 to chrono (#1083) * Add `chrono` advisory for chrono#499 (localtime_r) (#1082) * Update vec-const advisory (#1081) * Assigned RUSTSEC-2021-0120 to abomonation (#1080) ------------------------------------------------------------------- Sun Oct 24 23:45:27 UTC 2021 - wbrown@suse.de - Update to version 20211025: * Bump `rustsec-admin` to v0.5.3 (#1091) * Add cvss information from nvd (#1085) * Add missing method to time vulnerability (#1086) * Add CVE alias for RUSTSEC-2021-0069 (#1087) * Assigned RUSTSEC-2021-0121 to crypto2 (#1084) * Unsound implementation of Chacha20 in crypto2 (#1072) * Assigned RUSTSEC-2020-0159 to chrono (#1083) * Add `chrono` advisory for chrono#499 (localtime_r) (#1082) * Update vec-const advisory (#1081) * Assigned RUSTSEC-2021-0120 to abomonation (#1080) ------------------------------------------------------------------- Tue Oct 19 01:15:12 UTC 2021 - wbrown@suse.de - Update to version 20211019: * Assigned RUSTSEC-2021-0121 to crypto2 (#1084) * Unsound implementation of Chacha20 in crypto2 (#1072) * Assigned RUSTSEC-2020-0159 to chrono (#1083) * Add `chrono` advisory for chrono#499 (localtime_r) (#1082) * Update vec-const advisory (#1081) * Assigned RUSTSEC-2021-0120 to abomonation (#1080) * Report abomonation as unsound (#1079) * Update RUSTEC-2020-0071 (#1078) * add missing cve info to advisories (#1077) * Add CVE information to RUSTSEC-2020-0142 (#1076) ------------------------------------------------------------------- Mon Oct 04 21:21:06 UTC 2021 - wbrown@suse.de - Update to version 20211005: * add CVE information to RUSTSEC-2021-0080 (#1068) * Add CVE information (#1067) * Assigned RUSTSEC-2021-0119 to nix (#1066) * nix::unistd::getgrouplist buffer overflow (#1060) * Assigned RUSTSEC-2021-0118 to arrow (#1064) * Yet another arrow advisory (#1059) * Assigned RUSTSEC-2021-0117 to arrow (#1063) * arrow DecimalArray advisory (#1058) * Assigned RUSTSEC-2021-0116 to arrow (#1062) * arrow BinaryArray advisory (#1057) ------------------------------------------------------------------- Mon Aug 02 02:47:18 UTC 2021 - wbrown@suse.de - Update to version 20210802: * Assigned RUSTSEC-2021-0077 to better-macro (#969) * better-macro has deliberate RCE in proc-macro (#966) * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964) * Add advisory for libsecp256k1 (#963) * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962) * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961) * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960) * Assigned RUSTSEC-2021-0074 to ammonia (#959) * Add rust-ammonia/ammonia#142 (#956) * Hotfix #957 until we figure out what to do with it (#958) ------------------------------------------------------------------- Wed Jul 21 04:16:56 UTC 2021 - wbrown@suse.de - Update to version 20210721: * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964) * Add advisory for libsecp256k1 (#963) * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962) * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961) * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960) * Assigned RUSTSEC-2021-0074 to ammonia (#959) * Add rust-ammonia/ammonia#142 (#956) * Hotfix #957 until we figure out what to do with it (#958) * Assigned RUSTSEC-2021-0073 to prost-types (#955) * prost-types: Timestamp conversion overflow (#954) ------------------------------------------------------------------- Fri Jul 02 01:00:10 UTC 2021 - wbrown@suse.de - Update to version 20210702: * Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945) * Add `withdrawn` field (#942) * Bump `rustsec-admin` to v0.5.0 (#944) * Add patched version for flatbuffers RUSTSEC-2020-0009 (#943) * Update RUSTSEC-2021-0049.md (#941) * Assigned RUSTSEC-2021-0071 to grep-cli (#940) * crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939) * Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937) * Update RUSTSEC-2020-0043.md (#934) * Assigned RUSTSEC-2021-0070 to nalgebra (#932) ------------------------------------------------------------------- Sat Jun 19 06:27:26 UTC 2021 - wbrown@suse.de - Update to version 20210619: * Update RUSTSEC-2021-0049.md (#941) * Assigned RUSTSEC-2021-0071 to grep-cli (#940) * crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939) * Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937) * Update RUSTSEC-2020-0043.md (#934) * Assigned RUSTSEC-2021-0070 to nalgebra (#932) * Add advisory for nalgebra VecStorage/MatrixVec (#931) * Remove range overlaps, fix some range specifications (#930) * Make ranges in trust-dns-proto advisory non-overlapping (#929) * Assigned RUSTSEC-2021-0069 to lettre (#925) ------------------------------------------------------------------- Tue Jun 01 01:28:10 UTC 2021 - wbrown@suse.de - Update to version 20210601: * Assigned RUSTSEC-2021-0069 to lettre (#925) * Add lettre smtp vulnerability (#924) * Assigned RUSTSEC-2021-0068 to iced-x86 (#923) * iced-x86: fix lint (#922) * Add advisory for iced-x86 soundness bug (#914) * Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921) * fixes #915 - remove duplicate word (#916) * Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918) * Bump rustsec-admin to v0.4.3 (#919) * evm-core: fix crate name (#911) ------------------------------------------------------------------- Fri May 07 03:16:33 UTC 2021 - wbrown@suse.de - Update to version 20210507: * Assigned RUSTSEC-2021-0064 to cpuid-bool (#905) * Add unmaintained crate advisory for `cpuid-bool` (#904) * Assigned RUSTSEC-2021-0063 to comrak (#903) * Add advisory for another comrak XSS (#902) * aes* crates: add crate names to advisory titles (#901) * Assigned RUSTSEC-2021-0062 to miscreant (#900) * Add unmaintained crate advisory for `miscreant` (#899) * Assigned RUSTSEC-2021-0061 to aes-ctr (#898) * Add unmaintained crate advisory for `aes-ctr` (#897) * Assigned RUSTSEC-2021-0060 to aes-soft (#896) ------------------------------------------------------------------- Wed Apr 28 00:52:16 UTC 2021 - wbrown@suse.de - Update to version 20210428: * Yank advisories for once-again maintained `dirs`/`directories` crates (#876) * Mark patched tiny-http version for 2020-0031 (#875) * Assigned RUSTSEC-2021-0053 to algorithmica (#874) * Report 0163-algorithmica to RustSec * Add std CVE (#869) * Update CVE numbers (#870) * Update advisory to indicate patched versions of stackvector. * Added patch to "fix" vulnerability. (#866) * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map * Add advisory for double-free issues in id-map ------------------------------------------------------------------- Tue Apr 20 00:45:30 UTC 2021 - wbrown@suse.de - Update to version 20210420: * Yank advisories for once-again maintained `dirs`/`directories` crates (#876) * Mark patched tiny-http version for 2020-0031 (#875) * Assigned RUSTSEC-2021-0053 to algorithmica (#874) * Report 0163-algorithmica to RustSec * Add std CVE (#869) * Update CVE numbers (#870) * Update advisory to indicate patched versions of stackvector. * Added patch to "fix" vulnerability. (#866) * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map * Add advisory for double-free issues in id-map ------------------------------------------------------------------- Wed Mar 31 23:17:44 UTC 2021 - wbrown@suse.de - Update to version 20210401: * Assigned RUSTSEC-2021-0050 to reorder * Add advisory for out-of-bounds write and uninitialized memory exposure in reorder * max7301: Mark RUSTSEC-2020-0152 as patched. (#859) * Assigned RUSTSEC-2020-0152 to max7301 * Add advisory for data race in max7301 * Assigned RUSTSEC-2020-0151 to generator * Add advisory for data race in generator (#855) * Assigned RUSTSEC-2020-0150 to disrustor ------------------------------------------------------------------- Wed Mar 17 00:54:18 UTC 2021 - wbrown@suse.de - Update to version 20210317: * Have master-to-main mirror force push (#822) * Fix `main` -> `master` mirroring (#821) * Rename `master` branch to `main` (#820) * Mirror 'main' branch to 'master' (#819) * README.md: fix "Report Vulnerability" button (#818) * Assigned RUSTSEC-2021-0040 to arenavec * Assigned RUSTSEC-2021-0039 to endian_trait * arenavec: update advisory title to clarify issue * Report 0109-arenavec to RustSec ------------------------------------------------------------------- Tue Mar 02 23:56:22 UTC 2021 - wbrown@suse.de - Update to version 20210223: * Assigned RUSTSEC-2021-0032 to byte_struct * Assigned RUSTSEC-2021-0031 to nano_arena * Add advisory for aliasing violation in nano_arena * Add advisory for uninitialized memory drop in byte_struct * Assigned RUSTSEC-2021-0030 to scratchpad * Add advisory for double-free in scratchpad * Revert "Mark RUSTSEC-2020-0146 as unsound (#788)" * Mark RUSTSEC-2020-0146 as unsound (#788) * Heapless soundness fix since 0.6.1 (#791) * Update RUSTSEC-2020-0146.md with list of patched versions (#789) * Assigned RUSTSEC-2021-0029 to truetype * Report uninitialized memory exposure in truetype * Assigned RUSTSEC-2021-0028 to toodee * Add advisory for memory safety issue in toodee's insert_row * Assigned RUSTSEC-2021-0027 to bam * Add advisory for out-of-bounds write in bam * Assigned RUSTSEC-2020-0146 to generic-array * Add an advisory on lifetime extension in generic-array * Assigned RUSTSEC-2020-0145 to heapless * heapless: fix year: 2020, not 2010 * heapless: use-after-free when cloning partially consumed Iterator * Update CVE numbers (#777) ------------------------------------------------------------------- Tue Feb 23 04:40:05 UTC 2021 - William Brown <william.brown@suse.com> - Initial commit of 20210223
