694 lines
30 KiB
Plaintext
694 lines
30 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Mar 04 01:06:21 UTC 2025 - william.brown@suse.com
|
|
|
|
- Update to version 20250304:
|
|
* openh264-sys is not a notice, it's a vuln (#2234)
|
|
* Assigned RUSTSEC-2025-0008 to openh264-sys2 (#2232)
|
|
* `openh264-sys2` upstream heap overflow. (#2231)
|
|
* *ring* is maintained again, withdraw 2025-0007. (#2230)
|
|
* Assigned RUSTSEC-2025-0007 to ring (#2229)
|
|
* Add unmaintained advisory for *ring* (#2228)
|
|
* Assigned RUSTSEC-2024-0435 to fyrox-core (#2224)
|
|
* Report unsoundness and patch in fyrox-core (#2172)
|
|
* vec-const is gone from crates.io, update linter to fix CI (#2223)
|
|
* Assigned RUSTSEC-2025-0006 to hickory-proto (#2222)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 04 04:38:07 UTC 2025 - william.brown@suse.com
|
|
|
|
- Update to version 20250204:
|
|
* Assigned RUSTSEC-2025-0004 to openssl (#2218)
|
|
* Add advisory for `openssl ssl::select_next_proto` UAF (#2217)
|
|
* Add patch version for RUSTSEC-2021-0087.md (#2216)
|
|
* Assigned RUSTSEC-2025-0002 to fast-float2, RUSTSEC-2025-0003 to fast-float (#2213)
|
|
* Add advisory for segmentation fault in fast-float and fast-float2 (#2192)
|
|
* Add global GHSA and references to RUSTSEC-2025-0001 (#2207)
|
|
* README.md: bump database maintenance year to 2025 (#2208)
|
|
* Assigned RUSTSEC-2024-0434 to matrix-sdk-crypto (#2205)
|
|
* Remove listing of unix-likes from advisory (#2206)
|
|
* Add CVE-2024-52813 for matrix-sdk-crypto (#2204)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 30 01:03:16 UTC 2024 - william.brown@suse.com
|
|
|
|
- Update to version 20241030:
|
|
* Fix incorrect fixed version for may_queue (#2106)
|
|
* Add missing information about fixed versions (#2105)
|
|
* Assigned RUSTSEC-2024-0378 to pyo3 (#2102)
|
|
* risk of use-after-free in PyO3 borrowing from weak refrences (#2101)
|
|
* Assigned RUSTSEC-2024-0377 to dbn (#2099)
|
|
* Dbn heap buffer overflow (#2097)
|
|
* Update RUSTSEC-2024-0376 affected versions (#2094)
|
|
* Assigned RUSTSEC-2024-0376 to tonic (#2092)
|
|
* Add advisory for CVE-2024-47609 in tonic (#2091)
|
|
* Assigned RUSTSEC-2024-0375 to atty (#2090)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 04 00:24:50 UTC 2024 - william.brown@suse.com
|
|
|
|
- Update to version 20240904:
|
|
* Make small readability improvements in RUSTSEC-2023-0064 (#2064)
|
|
* Add global GHSA reference for RUSTSEC-2024-0367 (config scopes) (#2063)
|
|
* Assigned RUSTSEC-2024-0368 to olm-sys (#2062)
|
|
* Add advisory for olm-sys (unmaintained, crypto failure) (#2060)
|
|
* Add CVE number for RUSTSEC-2024-0367 (config scopes) (#2061)
|
|
* Assigned RUSTSEC-2024-0367 to gix-path (#2058)
|
|
* Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path (#2055)
|
|
* Assigned RUSTSEC-2024-0366 to cosmwasm-vm (#2053)
|
|
* Add cosmwasm-vm advisory CWA-2023-004 (#2052)
|
|
* update resolution for RUSTSEC-2024-0363 (sqlx) (#2050)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 30 02:41:17 UTC 2024 - william.brown@suse.com
|
|
|
|
- Update to version 20240730:
|
|
* Assigned RUSTSEC-2024-0360 to xmp_toolkit (#2030)
|
|
* Unsoundness notice for xmp_toolkit < 1.9.0 (#2029)
|
|
* Assigned RUSTSEC-2024-0359 to gix-attributes (#2028)
|
|
* Unsoundness notice for gix-attributes (kstring integration) (#2027)
|
|
* Assigned RUSTSEC-2024-0358 to object_store (#2026)
|
|
* Add advisory for object_store credentials leak via logs (#2025)
|
|
* Assigned RUSTSEC-2024-0357 to openssl (#2022)
|
|
* Added advisory for undefined behavior in openssl (#2021)
|
|
* Assigned RUSTSEC-2024-0356 to matrix-sdk-crypto (#2019)
|
|
* Add CVE-2024-40648 for matrix-sdk-crypto (#2018)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 28 05:56:45 UTC 2024 - william.brown@suse.com
|
|
|
|
- Update to version 20240528:
|
|
* Add some civility language to HOWTO_UNMAINTAINED.md (#1972)
|
|
* Synchronize IDs (2024-05-21) (#1966)
|
|
* Assigned RUSTSEC-2024-0342 to vodozemac (#1965)
|
|
* Add CVE-2024-34063 for vodozemac (#1955)
|
|
* Assigned RUSTSEC-2024-0341 to tls-listener (#1964)
|
|
* Assigned RUSTSEC-2024-0340 to tor-circmgr (#1963)
|
|
* add CVE-2024-28854 for tls-listener (#1926)
|
|
* Add advisory for tor-circmgr TROVE-2024-004 (#1958)
|
|
* Assigned RUSTSEC-2024-0339 to tor-circmgr (#1962)
|
|
* Add advisory for tor-circmgr TROVE-2024-003 (#1957)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 30 04:06:18 UTC 2024 - william.brown@suse.com
|
|
|
|
- Update to version 20240330:
|
|
* Assigned (#1924)
|
|
* Add an unmaintained crate advisory for yaml-rust (#1922)
|
|
* Assigned RUSTSEC-2023-0085 to hpack (#1920)
|
|
* Add hpack panics (#1919)
|
|
* Assigned RUSTSEC-2024-0021 to eyre, RUSTSEC-2023-0084 to hpack (#1916)
|
|
* eyre: Parts of Report are dropped as the wrong type during downcast (#1918)
|
|
* Add security advisory for unmaintained hpack crate (#1915)
|
|
* update RUSTSEC-2024-0020 with additional information (#1913)
|
|
* Assigned RUSTSEC-2024-0020 to whoami (#1912)
|
|
* Add advisory for stack buffer overflow with whoami (#1911)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 02:11:18 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20231219:
|
|
* Assigned RUSTSEC-2023-0074 to zerocopy (#1839)
|
|
* zerocopy: Some Ref methods are unsound with some type params (#1837)
|
|
* Update CVSS score of RUSTSEC-2023-0071 (#1838)
|
|
* Assigned RUSTSEC-2023-0073 to candid (#1835)
|
|
* Add advisory for candid library decoding DoS vulnerability (#1834)
|
|
* RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830)
|
|
* RUSTSEC-2023-0071.md: use '###' section headers (#1829)
|
|
* RUSTSEC-2023-0071: add CVSS, aliases, and new wording (#1828)
|
|
* Assigned RUSTSEC-2023-0072 to openssl (#1827)
|
|
* `openssl` `X509StoreRef::objects` is unsound (#1824)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 27 03:02:30 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20231027:
|
|
* Assigned RUSTSEC-2023-0068 to cocoon (#1810)
|
|
* cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805)
|
|
* Updating information about replacements (#1803)
|
|
* Assigned RUSTSEC-2023-0067 to fehler (#1801)
|
|
* fehler is unmaintained (#1800)
|
|
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
|
|
* Document the privilege-escalation vulnerability in pleaser. (#1798)
|
|
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
|
|
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
|
|
* Create advisory for tungstenite DoS (#1795)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 07 01:19:51 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20231007:
|
|
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
|
|
* Document the privilege-escalation vulnerability in pleaser. (#1798)
|
|
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
|
|
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
|
|
* Create advisory for tungstenite DoS (#1795)
|
|
* Add patch version (#1794)
|
|
* Update info about CVE-2023-5129 (#1793)
|
|
* Bump rustsec-admin to 0.8.8 (#1791)
|
|
* Assigned RUSTSEC-2023-0064 to gix-transport (#1790)
|
|
* Add notice to gix-transport crate (#1789)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 17 23:38:35 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230818:
|
|
* Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745)
|
|
* Add Double Public Key Signing Function Oracle Attack on `ed25519-dalek` (#1744)
|
|
* Assigned RUSTSEC-2023-0049 to tui (#1740)
|
|
* Add unmaintained `tui` advisory (#1739)
|
|
* Update aliases from GHSA OSV export (#1734)
|
|
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
|
|
* Add advisory for unsoundness in intaglio symbol interners (#1732)
|
|
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
|
|
* report unsoundness of lmdb-rs (#1724)
|
|
* Fix typos (#1729)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 31 04:07:19 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230731:
|
|
* Update aliases from GHSA OSV export (#1734)
|
|
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
|
|
* Add advisory for unsoundness in intaglio symbol interners (#1732)
|
|
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
|
|
* report unsoundness of lmdb-rs (#1724)
|
|
* Fix typos (#1729)
|
|
* Bump rustsec-admin to 0.8.6 (#1728)
|
|
* Update aliases from GHSA OSV export (#1727)
|
|
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
|
|
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 11 00:47:33 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230711:
|
|
* Bump rustsec-admin to 0.8.6 (#1728)
|
|
* Update aliases from GHSA OSV export (#1727)
|
|
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
|
|
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
|
|
* report misaligned pointer dereference in cyfs-base (#1718)
|
|
* Assigned RUSTSEC-2023-0045 to memoffset (#1722)
|
|
* Add advisory to `memoffset` (#1721)
|
|
* Assigned RUSTSEC-2023-0044 to openssl (#1720)
|
|
* Report buffer-overread in OpenSSL (#1719)
|
|
* Update RUSTSEC-2023-0042 to reflect patch. (#1717)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 30 04:33:12 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230530:
|
|
* Suggest kuchikiki as an alternative to kuchiki (#1698)
|
|
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
|
|
* xsalsa20poly1305 is unmaintained (#1694)
|
|
* xml-rs is maintained (#1691)
|
|
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
|
|
* Add unmaintained tree_magic crate (#1678)
|
|
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
|
|
* enumflags2::make_bitflags unsoundness (#1686)
|
|
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
|
|
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 23 04:42:24 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230523:
|
|
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
|
|
* xsalsa20poly1305 is unmaintained (#1694)
|
|
* xml-rs is maintained (#1691)
|
|
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
|
|
* Add unmaintained tree_magic crate (#1678)
|
|
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
|
|
* enumflags2::make_bitflags unsoundness (#1686)
|
|
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
|
|
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
|
|
* Fix typos in RUSTSEC-2023-0033 (#1685)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 13 01:00:08 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230413:
|
|
* Bump peter-evans/create-pull-request from 4 to 5 (#1677)
|
|
* Withdraw RUSTSEC-2021-0147 (#1676)
|
|
* Assigned RUSTSEC-2023-0032 to ntru (#1674)
|
|
* Add unsound ntru (#1652)
|
|
* Assigned RUSTSEC-2023-0031 to spin (#1673)
|
|
* Added unsound `spin` (#1671)
|
|
* Assigned RUSTSEC-2023-0030 to versionize (#1669)
|
|
* Add advisory for versionize crate (#1662)
|
|
* Assigned RUSTSEC-2023-0029 to nats (#1668)
|
|
* Fix `nats` directory (#1667)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 23 00:12:48 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230223:
|
|
* Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607)
|
|
* Add sqlite advisory (#1599)
|
|
* Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606)
|
|
* Add soundness advisory for cortex-m-rt (#1601)
|
|
* Update RUSTSEC-2020-0097.md (#1600)
|
|
* Better docs (#1598)
|
|
* Assigned RUSTSEC-2020-0167 to pnet_packet (#1596)
|
|
* Fix some typos (#1593)
|
|
* Add advisory for pnet_packet (#1595)
|
|
* Update RUSTSEC-2020-0071.md (#1594)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 17 03:29:22 UTC 2023 - william.brown@suse.com
|
|
|
|
- Update to version 20230117:
|
|
* Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530)
|
|
* Add parity-util-mem unmaintained (#1528)
|
|
* Assigned RUSTSEC-2021-0146 to twoway (#1529)
|
|
* Add unmaintained `twoway` (#1435)
|
|
* Assigned RUSTSEC-2022-0079 to elf_rs (#1527)
|
|
* Add advisory for elf_rs crate (#1450)
|
|
* Update RUSTSEC-2021-0088.md (#1512)
|
|
* Assigned RUSTSEC-2022-0078 to bumpalo (#1526)
|
|
* Add advisory for bumpalo Vec iterator unsoundness (#1525)
|
|
* Assigned RUSTSEC-2022-0077 to claim (#1523)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 01 22:16:48 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to version 20221102:
|
|
* Assigned RUSTSEC-2022-0065 to openssl-src (#1455)
|
|
* CVE-2022-3786 in openssl (#1453)
|
|
* Assigned RUSTSEC-2022-0064 to openssl-src (#1454)
|
|
* CVE-2022-3602 in openssl (#1452)
|
|
* Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449)
|
|
* Add CVE-2022-36086 for linked_list_allocator (#1448)
|
|
* Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445)
|
|
* Add advisory for logging of access tokens in matrix-sdk (#1444)
|
|
* Assigned RUSTSEC-2022-0061 to parity-wasm (#1443)
|
|
* Add unmaintained `parity-wasm` (#1441)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 28 01:22:33 UTC 2022 - william.brown@suse.com
|
|
|
|
- Update to version 20220928:
|
|
* Assigned RUSTSEC-2022-0056 to clipboard (#1425)
|
|
* Add unmaintained `clipboard` (#1267)
|
|
* Fix informational footnote wording (#1420)
|
|
* Add `stylish` as `ansi_term` alternative (#1421)
|
|
* Assigned RUSTSEC-2022-0055 to axum-core (#1419)
|
|
* Add `axum-core` DoS (#1417)
|
|
* Assigned RUSTSEC-2021-0144 to traitobject (#1415)
|
|
* Add unmaintained `traitobject` (#1390)
|
|
* Assigned RUSTSEC-2019-0039 to typemap (#1414)
|
|
* Add unmaintained `typemap` (#1406)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 11 01:12:29 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220511:
|
|
* Assigned RUSTSEC-2022-0022 to hyper (#1235)
|
|
* add hyper advisory (#1232)
|
|
* Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233)
|
|
* add crossbeam advisories for incorrect (unsound) zeroed memory (#1231)
|
|
* Assigned RUSTSEC-2022-0018 to totp-rs (#1230)
|
|
* Possible timing attack in totp-rs (#1229)
|
|
* HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192)
|
|
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
|
|
* Add advisory for using impure constants in array-macro (#1224)
|
|
* Add patch version for fruity (#1223)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 28 02:57:45 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220428:
|
|
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
|
|
* Add advisory for using impure constants in array-macro (#1224)
|
|
* Add patch version for fruity (#1223)
|
|
* Update RUSTSEC-2020-0071.md (#1222)
|
|
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
|
|
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
|
|
* Add CVE-2022-24791 for Wasmtime (#1217)
|
|
* Assigned RUSTSEC-2022-0015 to pty (#1215)
|
|
* Add unmaintained advisory for pty (#1213)
|
|
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 20 00:36:52 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220420:
|
|
* Add patch version for fruity (#1223)
|
|
* Update RUSTSEC-2020-0071.md (#1222)
|
|
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
|
|
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
|
|
* Add CVE-2022-24791 for Wasmtime (#1217)
|
|
* Assigned RUSTSEC-2022-0015 to pty (#1215)
|
|
* Add unmaintained advisory for pty (#1213)
|
|
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
|
|
* Add CVE-2022-0778 for openssl-src (#1210)
|
|
* Assigned RUSTSEC-2022-0013 to regex (#1208)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 30 01:47:58 UTC 2022 - William Brown <william.brown@suse.com>
|
|
|
|
- Resolve issue with obs install check on non-tier1 arches
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 23 10:54:26 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220323:
|
|
* Assigned RUSTSEC-2022-0015 to pty (#1215)
|
|
* Add unmaintained advisory for pty (#1213)
|
|
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
|
|
* Add CVE-2022-0778 for openssl-src (#1210)
|
|
* Assigned RUSTSEC-2022-0013 to regex (#1208)
|
|
* add cve-2022-24713 (#1207)
|
|
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
|
|
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
|
|
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
|
|
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 11 03:15:25 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220311:
|
|
* Assigned RUSTSEC-2022-0013 to regex (#1208)
|
|
* add cve-2022-24713 (#1207)
|
|
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
|
|
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
|
|
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
|
|
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
|
|
* Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
|
|
* `rust-crypto`: miscomputation when performing AES encryption (#1201)
|
|
* Update RUSTSEC-2020-0150.md (#1199)
|
|
* Assigned RUSTSEC-2022-0010 to enum-map (#1198)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 15 00:57:25 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220215:
|
|
* Suggest maintained alternatives for Rental advisory (#1187)
|
|
* Update RUSTSEC-2022-0009.md (#1186)
|
|
* Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
|
|
* Mark tokio-proto as deprecated (#1184)
|
|
* Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
|
|
* Add entry for libp2p-core vulnerability (#1182)
|
|
* Add patched version to DashMap advisory (#1181)
|
|
* Assigned RUSTSEC-2022-0008 to windows (#1178)
|
|
* Add advisory for windows (#1177)
|
|
* Assigned RUSTSEC-2022-0007 to qcell (#1172)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 05 02:13:49 UTC 2022 - wbrown@suse.de
|
|
|
|
- Update to version 20220105:
|
|
* Assigned RUSTSEC-2021-0134 to rental (#1137)
|
|
* Report that rental is no longer maintained (#1136)
|
|
* Assigned RUSTSEC-2020-0160 to shamir (#1135)
|
|
* Turn the issue about shamir into an advisory (#1134)
|
|
* Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
|
|
* Mark cargo-download unmaintained (#1132)
|
|
* Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131)
|
|
* Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
|
|
* CVE-2020-8927 for compu-brotli-sys (#1129)
|
|
* Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 10 04:08:52 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211210:
|
|
* Assigned RUSTSEC-2021-0128 to rusqlite (#1120)
|
|
* Report `rusqlite` closure lifetime issue (#1117)
|
|
* correct formatting for lists in RUSTSEC-2021-0127 (#1116)
|
|
* Assigned RUSTSEC-2021-0127 to serde_cbor (#1115)
|
|
* serde_cbor is unmaintained (#1114)
|
|
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
|
|
* Add advisory for rust-embed path traversal (#1112)
|
|
* Adds maintained alternative to slice_deque (#1109)
|
|
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
|
|
* Security advisory on simple_asn1 version 0.6.0 (#1103)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 30 02:12:58 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211130:
|
|
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
|
|
* Add advisory for rust-embed path traversal (#1112)
|
|
* Adds maintained alternative to slice_deque (#1109)
|
|
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
|
|
* Security advisory on simple_asn1 version 0.6.0 (#1103)
|
|
* Assigned RUSTSEC-2021-0124 to tokio (#1107)
|
|
* Add advisory for tokio-rs/tokio#4225 (#1106)
|
|
* Add CVE for RUSTSEC-2021-0123 (#1105)
|
|
* Assigned RUSTSEC-2021-0123 to fruity (#1104)
|
|
* Add fruity advisory for nvzqz/fruity#14 (#1102)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 12 00:17:17 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211112:
|
|
* Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
|
|
* Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
|
|
* add cve info to advisories (#1099)
|
|
* Bump `rustsec-admin` to v0.5.3 (#1091)
|
|
* Add cvss information from nvd (#1085)
|
|
* Add missing method to time vulnerability (#1086)
|
|
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
|
|
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
|
|
* Unsound implementation of Chacha20 in crypto2 (#1072)
|
|
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 03 00:32:55 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211103:
|
|
* Bump `rustsec-admin` to v0.5.3 (#1091)
|
|
* Add cvss information from nvd (#1085)
|
|
* Add missing method to time vulnerability (#1086)
|
|
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
|
|
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
|
|
* Unsound implementation of Chacha20 in crypto2 (#1072)
|
|
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
|
|
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
|
|
* Update vec-const advisory (#1081)
|
|
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 24 23:45:27 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211025:
|
|
* Bump `rustsec-admin` to v0.5.3 (#1091)
|
|
* Add cvss information from nvd (#1085)
|
|
* Add missing method to time vulnerability (#1086)
|
|
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
|
|
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
|
|
* Unsound implementation of Chacha20 in crypto2 (#1072)
|
|
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
|
|
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
|
|
* Update vec-const advisory (#1081)
|
|
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 19 01:15:12 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211019:
|
|
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
|
|
* Unsound implementation of Chacha20 in crypto2 (#1072)
|
|
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
|
|
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
|
|
* Update vec-const advisory (#1081)
|
|
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
|
|
* Report abomonation as unsound (#1079)
|
|
* Update RUSTEC-2020-0071 (#1078)
|
|
* add missing cve info to advisories (#1077)
|
|
* Add CVE information to RUSTSEC-2020-0142 (#1076)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 04 21:21:06 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20211005:
|
|
* add CVE information to RUSTSEC-2021-0080 (#1068)
|
|
* Add CVE information (#1067)
|
|
* Assigned RUSTSEC-2021-0119 to nix (#1066)
|
|
* nix::unistd::getgrouplist buffer overflow (#1060)
|
|
* Assigned RUSTSEC-2021-0118 to arrow (#1064)
|
|
* Yet another arrow advisory (#1059)
|
|
* Assigned RUSTSEC-2021-0117 to arrow (#1063)
|
|
* arrow DecimalArray advisory (#1058)
|
|
* Assigned RUSTSEC-2021-0116 to arrow (#1062)
|
|
* arrow BinaryArray advisory (#1057)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 02 02:47:18 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210802:
|
|
* Assigned RUSTSEC-2021-0077 to better-macro (#969)
|
|
* better-macro has deliberate RCE in proc-macro (#966)
|
|
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
|
|
* Add advisory for libsecp256k1 (#963)
|
|
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
|
|
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
|
|
* Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
|
|
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
|
|
* Add rust-ammonia/ammonia#142 (#956)
|
|
* Hotfix #957 until we figure out what to do with it (#958)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 21 04:16:56 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210721:
|
|
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
|
|
* Add advisory for libsecp256k1 (#963)
|
|
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
|
|
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
|
|
* Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
|
|
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
|
|
* Add rust-ammonia/ammonia#142 (#956)
|
|
* Hotfix #957 until we figure out what to do with it (#958)
|
|
* Assigned RUSTSEC-2021-0073 to prost-types (#955)
|
|
* prost-types: Timestamp conversion overflow (#954)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 02 01:00:10 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210702:
|
|
* Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945)
|
|
* Add `withdrawn` field (#942)
|
|
* Bump `rustsec-admin` to v0.5.0 (#944)
|
|
* Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
|
|
* Update RUSTSEC-2021-0049.md (#941)
|
|
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
|
|
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
|
|
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
|
|
* Update RUSTSEC-2020-0043.md (#934)
|
|
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 19 06:27:26 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210619:
|
|
* Update RUSTSEC-2021-0049.md (#941)
|
|
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
|
|
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
|
|
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
|
|
* Update RUSTSEC-2020-0043.md (#934)
|
|
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
|
|
* Add advisory for nalgebra VecStorage/MatrixVec (#931)
|
|
* Remove range overlaps, fix some range specifications (#930)
|
|
* Make ranges in trust-dns-proto advisory non-overlapping (#929)
|
|
* Assigned RUSTSEC-2021-0069 to lettre (#925)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 01 01:28:10 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210601:
|
|
* Assigned RUSTSEC-2021-0069 to lettre (#925)
|
|
* Add lettre smtp vulnerability (#924)
|
|
* Assigned RUSTSEC-2021-0068 to iced-x86 (#923)
|
|
* iced-x86: fix lint (#922)
|
|
* Add advisory for iced-x86 soundness bug (#914)
|
|
* Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921)
|
|
* fixes #915 - remove duplicate word (#916)
|
|
* Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918)
|
|
* Bump rustsec-admin to v0.4.3 (#919)
|
|
* evm-core: fix crate name (#911)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 07 03:16:33 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210507:
|
|
* Assigned RUSTSEC-2021-0064 to cpuid-bool (#905)
|
|
* Add unmaintained crate advisory for `cpuid-bool` (#904)
|
|
* Assigned RUSTSEC-2021-0063 to comrak (#903)
|
|
* Add advisory for another comrak XSS (#902)
|
|
* aes* crates: add crate names to advisory titles (#901)
|
|
* Assigned RUSTSEC-2021-0062 to miscreant (#900)
|
|
* Add unmaintained crate advisory for `miscreant` (#899)
|
|
* Assigned RUSTSEC-2021-0061 to aes-ctr (#898)
|
|
* Add unmaintained crate advisory for `aes-ctr` (#897)
|
|
* Assigned RUSTSEC-2021-0060 to aes-soft (#896)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 28 00:52:16 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210428:
|
|
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
|
|
* Mark patched tiny-http version for 2020-0031 (#875)
|
|
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
|
|
* Report 0163-algorithmica to RustSec
|
|
* Add std CVE (#869)
|
|
* Update CVE numbers (#870)
|
|
* Update advisory to indicate patched versions of stackvector.
|
|
* Added patch to "fix" vulnerability. (#866)
|
|
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
|
|
* Add advisory for double-free issues in id-map
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 20 00:45:30 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210420:
|
|
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
|
|
* Mark patched tiny-http version for 2020-0031 (#875)
|
|
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
|
|
* Report 0163-algorithmica to RustSec
|
|
* Add std CVE (#869)
|
|
* Update CVE numbers (#870)
|
|
* Update advisory to indicate patched versions of stackvector.
|
|
* Added patch to "fix" vulnerability. (#866)
|
|
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
|
|
* Add advisory for double-free issues in id-map
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 31 23:17:44 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210401:
|
|
* Assigned RUSTSEC-2021-0050 to reorder
|
|
* Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
|
|
* max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
|
|
* Assigned RUSTSEC-2020-0152 to max7301
|
|
* Add advisory for data race in max7301
|
|
* Assigned RUSTSEC-2020-0151 to generator
|
|
* Add advisory for data race in generator (#855)
|
|
* Assigned RUSTSEC-2020-0150 to disrustor
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 17 00:54:18 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210317:
|
|
* Have master-to-main mirror force push (#822)
|
|
* Fix `main` -> `master` mirroring (#821)
|
|
* Rename `master` branch to `main` (#820)
|
|
* Mirror 'main' branch to 'master' (#819)
|
|
* README.md: fix "Report Vulnerability" button (#818)
|
|
* Assigned RUSTSEC-2021-0040 to arenavec
|
|
* Assigned RUSTSEC-2021-0039 to endian_trait
|
|
* arenavec: update advisory title to clarify issue
|
|
* Report 0109-arenavec to RustSec
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 02 23:56:22 UTC 2021 - wbrown@suse.de
|
|
|
|
- Update to version 20210223:
|
|
* Assigned RUSTSEC-2021-0032 to byte_struct
|
|
* Assigned RUSTSEC-2021-0031 to nano_arena
|
|
* Add advisory for aliasing violation in nano_arena
|
|
* Add advisory for uninitialized memory drop in byte_struct
|
|
* Assigned RUSTSEC-2021-0030 to scratchpad
|
|
* Add advisory for double-free in scratchpad
|
|
* Revert "Mark RUSTSEC-2020-0146 as unsound (#788)"
|
|
* Mark RUSTSEC-2020-0146 as unsound (#788)
|
|
* Heapless soundness fix since 0.6.1 (#791)
|
|
* Update RUSTSEC-2020-0146.md with list of patched versions (#789)
|
|
* Assigned RUSTSEC-2021-0029 to truetype
|
|
* Report uninitialized memory exposure in truetype
|
|
* Assigned RUSTSEC-2021-0028 to toodee
|
|
* Add advisory for memory safety issue in toodee's insert_row
|
|
* Assigned RUSTSEC-2021-0027 to bam
|
|
* Add advisory for out-of-bounds write in bam
|
|
* Assigned RUSTSEC-2020-0146 to generic-array
|
|
* Add an advisory on lifetime extension in generic-array
|
|
* Assigned RUSTSEC-2020-0145 to heapless
|
|
* heapless: fix year: 2020, not 2010
|
|
* heapless: use-after-free when cloning partially consumed Iterator
|
|
* Update CVE numbers (#777)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 23 04:40:05 UTC 2021 - William Brown <william.brown@suse.com>
|
|
|
|
- Initial commit of 20210223
|