Changelog for
cargo-audit-advisory-db-20240904-lp155.75.1.x86_64.rpm :
* Wed Sep 04 2024 william.brownAATTsuse.com- Update to version 20240904:
* Make small readability improvements in RUSTSEC-2023-0064 (#2064)
* Add global GHSA reference for RUSTSEC-2024-0367 (config scopes) (#2063)
* Assigned RUSTSEC-2024-0368 to olm-sys (#2062)
* Add advisory for olm-sys (unmaintained, crypto failure) (#2060)
* Add CVE number for RUSTSEC-2024-0367 (config scopes) (#2061)
* Assigned RUSTSEC-2024-0367 to gix-path (#2058)
* Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path (#2055)
* Assigned RUSTSEC-2024-0366 to cosmwasm-vm (#2053)
* Add cosmwasm-vm advisory CWA-2023-004 (#2052)
* update resolution for RUSTSEC-2024-0363 (sqlx) (#2050)
* Tue Jul 30 2024 william.brownAATTsuse.com- Update to version 20240730:
* Assigned RUSTSEC-2024-0360 to xmp_toolkit (#2030)
* Unsoundness notice for xmp_toolkit < 1.9.0 (#2029)
* Assigned RUSTSEC-2024-0359 to gix-attributes (#2028)
* Unsoundness notice for gix-attributes (kstring integration) (#2027)
* Assigned RUSTSEC-2024-0358 to object_store (#2026)
* Add advisory for object_store credentials leak via logs (#2025)
* Assigned RUSTSEC-2024-0357 to openssl (#2022)
* Added advisory for undefined behavior in openssl (#2021)
* Assigned RUSTSEC-2024-0356 to matrix-sdk-crypto (#2019)
* Add CVE-2024-40648 for matrix-sdk-crypto (#2018)
* Tue May 28 2024 william.brownAATTsuse.com- Update to version 20240528:
* Add some civility language to HOWTO_UNMAINTAINED.md (#1972)
* Synchronize IDs (2024-05-21) (#1966)
* Assigned RUSTSEC-2024-0342 to vodozemac (#1965)
* Add CVE-2024-34063 for vodozemac (#1955)
* Assigned RUSTSEC-2024-0341 to tls-listener (#1964)
* Assigned RUSTSEC-2024-0340 to tor-circmgr (#1963)
* add CVE-2024-28854 for tls-listener (#1926)
* Add advisory for tor-circmgr TROVE-2024-004 (#1958)
* Assigned RUSTSEC-2024-0339 to tor-circmgr (#1962)
* Add advisory for tor-circmgr TROVE-2024-003 (#1957)
* Sat Mar 30 2024 william.brownAATTsuse.com- Update to version 20240330:
* Assigned (#1924)
* Add an unmaintained crate advisory for yaml-rust (#1922)
* Assigned RUSTSEC-2023-0085 to hpack (#1920)
* Add hpack panics (#1919)
* Assigned RUSTSEC-2024-0021 to eyre, RUSTSEC-2023-0084 to hpack (#1916)
* eyre: Parts of Report are dropped as the wrong type during downcast (#1918)
* Add security advisory for unmaintained hpack crate (#1915)
* update RUSTSEC-2024-0020 with additional information (#1913)
* Assigned RUSTSEC-2024-0020 to whoami (#1912)
* Add advisory for stack buffer overflow with whoami (#1911)
* Tue Dec 19 2023 william.brownAATTsuse.com- Update to version 20231219:
* Assigned RUSTSEC-2023-0074 to zerocopy (#1839)
* zerocopy: Some Ref methods are unsound with some type params (#1837)
* Update CVSS score of RUSTSEC-2023-0071 (#1838)
* Assigned RUSTSEC-2023-0073 to candid (#1835)
* Add advisory for candid library decoding DoS vulnerability (#1834)
* RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830)
* RUSTSEC-2023-0071.md: use \'###\' section headers (#1829)
* RUSTSEC-2023-0071: add CVSS, aliases, and new wording (#1828)
* Assigned RUSTSEC-2023-0072 to openssl (#1827)
* `openssl` `X509StoreRef::objects` is unsound (#1824)
* Fri Oct 27 2023 william.brownAATTsuse.com- Update to version 20231027:
* Assigned RUSTSEC-2023-0068 to cocoon (#1810)
* cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805)
* Updating information about replacements (#1803)
* Assigned RUSTSEC-2023-0067 to fehler (#1801)
* fehler is unmaintained (#1800)
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
* Document the privilege-escalation vulnerability in pleaser. (#1798)
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
* Create advisory for tungstenite DoS (#1795)
* Sat Oct 07 2023 william.brownAATTsuse.com- Update to version 20231007:
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
* Document the privilege-escalation vulnerability in pleaser. (#1798)
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
* Create advisory for tungstenite DoS (#1795)
* Add patch version (#1794)
* Update info about CVE-2023-5129 (#1793)
* Bump rustsec-admin to 0.8.8 (#1791)
* Assigned RUSTSEC-2023-0064 to gix-transport (#1790)
* Add notice to gix-transport crate (#1789)
* Thu Aug 17 2023 william.brownAATTsuse.com- Update to version 20230818:
* Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745)
* Add Double Public Key Signing Function Oracle Attack on `ed25519-dalek` (#1744)
* Assigned RUSTSEC-2023-0049 to tui (#1740)
* Add unmaintained `tui` advisory (#1739)
* Update aliases from GHSA OSV export (#1734)
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
* Add advisory for unsoundness in intaglio symbol interners (#1732)
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
* report unsoundness of lmdb-rs (#1724)
* Fix typos (#1729)
* Mon Jul 31 2023 william.brownAATTsuse.com- Update to version 20230731:
* Update aliases from GHSA OSV export (#1734)
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
* Add advisory for unsoundness in intaglio symbol interners (#1732)
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
* report unsoundness of lmdb-rs (#1724)
* Fix typos (#1729)
* Bump rustsec-admin to 0.8.6 (#1728)
* Update aliases from GHSA OSV export (#1727)
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
* Tue Jul 11 2023 william.brownAATTsuse.com- Update to version 20230711:
* Bump rustsec-admin to 0.8.6 (#1728)
* Update aliases from GHSA OSV export (#1727)
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
* report misaligned pointer dereference in cyfs-base (#1718)
* Assigned RUSTSEC-2023-0045 to memoffset (#1722)
* Add advisory to `memoffset` (#1721)
* Assigned RUSTSEC-2023-0044 to openssl (#1720)
* Report buffer-overread in OpenSSL (#1719)
* Update RUSTSEC-2023-0042 to reflect patch. (#1717)
* Tue May 30 2023 william.brownAATTsuse.com- Update to version 20230530:
* Suggest kuchikiki as an alternative to kuchiki (#1698)
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
* xsalsa20poly1305 is unmaintained (#1694)
* xml-rs is maintained (#1691)
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
* Add unmaintained tree_magic crate (#1678)
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
* enumflags2::make_bitflags unsoundness (#1686)
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
* Tue May 23 2023 william.brownAATTsuse.com- Update to version 20230523:
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
* xsalsa20poly1305 is unmaintained (#1694)
* xml-rs is maintained (#1691)
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
* Add unmaintained tree_magic crate (#1678)
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
* enumflags2::make_bitflags unsoundness (#1686)
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
* Fix typos in RUSTSEC-2023-0033 (#1685)
* Thu Apr 13 2023 william.brownAATTsuse.com- Update to version 20230413:
* Bump peter-evans/create-pull-request from 4 to 5 (#1677)
* Withdraw RUSTSEC-2021-0147 (#1676)
* Assigned RUSTSEC-2023-0032 to ntru (#1674)
* Add unsound ntru (#1652)
* Assigned RUSTSEC-2023-0031 to spin (#1673)
* Added unsound `spin` (#1671)
* Assigned RUSTSEC-2023-0030 to versionize (#1669)
* Add advisory for versionize crate (#1662)
* Assigned RUSTSEC-2023-0029 to nats (#1668)
* Fix `nats` directory (#1667)
* Thu Feb 23 2023 william.brownAATTsuse.com- Update to version 20230223:
* Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607)
* Add sqlite advisory (#1599)
* Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606)
* Add soundness advisory for cortex-m-rt (#1601)
* Update RUSTSEC-2020-0097.md (#1600)
* Better docs (#1598)
* Assigned RUSTSEC-2020-0167 to pnet_packet (#1596)
* Fix some typos (#1593)
* Add advisory for pnet_packet (#1595)
* Update RUSTSEC-2020-0071.md (#1594)
* Tue Jan 17 2023 william.brownAATTsuse.com- Update to version 20230117:
* Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530)
* Add parity-util-mem unmaintained (#1528)
* Assigned RUSTSEC-2021-0146 to twoway (#1529)
* Add unmaintained `twoway` (#1435)
* Assigned RUSTSEC-2022-0079 to elf_rs (#1527)
* Add advisory for elf_rs crate (#1450)
* Update RUSTSEC-2021-0088.md (#1512)
* Assigned RUSTSEC-2022-0078 to bumpalo (#1526)
* Add advisory for bumpalo Vec iterator unsoundness (#1525)
* Assigned RUSTSEC-2022-0077 to claim (#1523)
* Tue Nov 01 2022 william.brownAATTsuse.com- Update to version 20221102:
* Assigned RUSTSEC-2022-0065 to openssl-src (#1455)
* CVE-2022-3786 in openssl (#1453)
* Assigned RUSTSEC-2022-0064 to openssl-src (#1454)
* CVE-2022-3602 in openssl (#1452)
* Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449)
* Add CVE-2022-36086 for linked_list_allocator (#1448)
* Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445)
* Add advisory for logging of access tokens in matrix-sdk (#1444)
* Assigned RUSTSEC-2022-0061 to parity-wasm (#1443)
* Add unmaintained `parity-wasm` (#1441)
* Wed Sep 28 2022 william.brownAATTsuse.com- Update to version 20220928:
* Assigned RUSTSEC-2022-0056 to clipboard (#1425)
* Add unmaintained `clipboard` (#1267)
* Fix informational footnote wording (#1420)
* Add `stylish` as `ansi_term` alternative (#1421)
* Assigned RUSTSEC-2022-0055 to axum-core (#1419)
* Add `axum-core` DoS (#1417)
* Assigned RUSTSEC-2021-0144 to traitobject (#1415)
* Add unmaintained `traitobject` (#1390)
* Assigned RUSTSEC-2019-0039 to typemap (#1414)
* Add unmaintained `typemap` (#1406)
* Wed May 11 2022 wbrownAATTsuse.de- Update to version 20220511:
* Assigned RUSTSEC-2022-0022 to hyper (#1235)
* add hyper advisory (#1232)
* Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233)
* add crossbeam advisories for incorrect (unsound) zeroed memory (#1231)
* Assigned RUSTSEC-2022-0018 to totp-rs (#1230)
* Possible timing attack in totp-rs (#1229)
* HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192)
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
* Add advisory for using impure constants in array-macro (#1224)
* Add patch version for fruity (#1223)
* Thu Apr 28 2022 wbrownAATTsuse.de- Update to version 20220428:
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
* Add advisory for using impure constants in array-macro (#1224)
* Add patch version for fruity (#1223)
* Update RUSTSEC-2020-0071.md (#1222)
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
* Add CVE-2022-24791 for Wasmtime (#1217)
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Wed Apr 20 2022 wbrownAATTsuse.de- Update to version 20220420:
* Add patch version for fruity (#1223)
* Update RUSTSEC-2020-0071.md (#1222)
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
* Add CVE-2022-24791 for Wasmtime (#1217)
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Add CVE-2022-0778 for openssl-src (#1210)
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* Wed Mar 30 2022 William Brown
- Resolve issue with obs install check on non-tier1 arches
* Wed Mar 23 2022 wbrownAATTsuse.de- Update to version 20220323:
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Add CVE-2022-0778 for openssl-src (#1210)
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Fri Mar 11 2022 wbrownAATTsuse.de- Update to version 20220311:
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
* `rust-crypto`: miscomputation when performing AES encryption (#1201)
* Update RUSTSEC-2020-0150.md (#1199)
* Assigned RUSTSEC-2022-0010 to enum-map (#1198)
* Tue Feb 15 2022 wbrownAATTsuse.de- Update to version 20220215:
* Suggest maintained alternatives for Rental advisory (#1187)
* Update RUSTSEC-2022-0009.md (#1186)
* Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
* Mark tokio-proto as deprecated (#1184)
* Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
* Add entry for libp2p-core vulnerability (#1182)
* Add patched version to DashMap advisory (#1181)
* Assigned RUSTSEC-2022-0008 to windows (#1178)
* Add advisory for windows (#1177)
* Assigned RUSTSEC-2022-0007 to qcell (#1172)
* Wed Jan 05 2022 wbrownAATTsuse.de- Update to version 20220105:
* Assigned RUSTSEC-2021-0134 to rental (#1137)
* Report that rental is no longer maintained (#1136)
* Assigned RUSTSEC-2020-0160 to shamir (#1135)
* Turn the issue about shamir into an advisory (#1134)
* Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
* Mark cargo-download unmaintained (#1132)
* Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131)
* Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
* CVE-2020-8927 for compu-brotli-sys (#1129)
* Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)
* Fri Dec 10 2021 wbrownAATTsuse.de- Update to version 20211210:
* Assigned RUSTSEC-2021-0128 to rusqlite (#1120)
* Report `rusqlite` closure lifetime issue (#1117)
* correct formatting for lists in RUSTSEC-2021-0127 (#1116)
* Assigned RUSTSEC-2021-0127 to serde_cbor (#1115)
* serde_cbor is unmaintained (#1114)
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
* Add advisory for rust-embed path traversal (#1112)
* Adds maintained alternative to slice_deque (#1109)
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
* Security advisory on simple_asn1 version 0.6.0 (#1103)
* Tue Nov 30 2021 wbrownAATTsuse.de- Update to version 20211130:
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
* Add advisory for rust-embed path traversal (#1112)
* Adds maintained alternative to slice_deque (#1109)
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
* Security advisory on simple_asn1 version 0.6.0 (#1103)
* Assigned RUSTSEC-2021-0124 to tokio (#1107)
* Add advisory for tokio-rs/tokio#4225 (#1106)
* Add CVE for RUSTSEC-2021-0123 (#1105)
* Assigned RUSTSEC-2021-0123 to fruity (#1104)
* Add fruity advisory for nvzqz/fruity#14 (#1102)
* Fri Nov 12 2021 wbrownAATTsuse.de- Update to version 20211112:
* Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
* Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
* add cve info to advisories (#1099)
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Wed Nov 03 2021 wbrownAATTsuse.de- Update to version 20211103:
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Sun Oct 24 2021 wbrownAATTsuse.de- Update to version 20211025:
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Tue Oct 19 2021 wbrownAATTsuse.de- Update to version 20211019:
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Report abomonation as unsound (#1079)
* Update RUSTEC-2020-0071 (#1078)
* add missing cve info to advisories (#1077)
* Add CVE information to RUSTSEC-2020-0142 (#1076)
* Mon Oct 04 2021 wbrownAATTsuse.de- Update to version 20211005:
* add CVE information to RUSTSEC-2021-0080 (#1068)
* Add CVE information (#1067)
* Assigned RUSTSEC-2021-0119 to nix (#1066)
* nix::unistd::getgrouplist buffer overflow (#1060)
* Assigned RUSTSEC-2021-0118 to arrow (#1064)
* Yet another arrow advisory (#1059)
* Assigned RUSTSEC-2021-0117 to arrow (#1063)
* arrow DecimalArray advisory (#1058)
* Assigned RUSTSEC-2021-0116 to arrow (#1062)
* arrow BinaryArray advisory (#1057)
* Mon Aug 02 2021 wbrownAATTsuse.de- Update to version 20210802:
* Assigned RUSTSEC-2021-0077 to better-macro (#969)
* better-macro has deliberate RCE in proc-macro (#966)
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
* Add advisory for libsecp256k1 (#963)
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
* Revert \"Hotfix #957 until we figure out what to do with it (#958)\" (#960)
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
* Add rust-ammonia/ammonia#142 (#956)
* Hotfix #957 until we figure out what to do with it (#958)
* Wed Jul 21 2021 wbrownAATTsuse.de- Update to version 20210721:
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
* Add advisory for libsecp256k1 (#963)
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
* Revert \"Hotfix #957 until we figure out what to do with it (#958)\" (#960)
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
* Add rust-ammonia/ammonia#142 (#956)
* Hotfix #957 until we figure out what to do with it (#958)
* Assigned RUSTSEC-2021-0073 to prost-types (#955)
* prost-types: Timestamp conversion overflow (#954)
* Fri Jul 02 2021 wbrownAATTsuse.de- Update to version 20210702:
* Fix RUSTSEC-2021-0048 which doesn\'t declare an operand (#945)
* Add `withdrawn` field (#942)
* Bump `rustsec-admin` to v0.5.0 (#944)
* Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
* Update RUSTSEC-2021-0049.md (#941)
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
* Update RUSTSEC-2020-0043.md (#934)
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
* Sat Jun 19 2021 wbrownAATTsuse.de- Update to version 20210619:
* Update RUSTSEC-2021-0049.md (#941)
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
* Update RUSTSEC-2020-0043.md (#934)
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
* Add advisory for nalgebra VecStorage/MatrixVec (#931)
* Remove range overlaps, fix some range specifications (#930)
* Make ranges in trust-dns-proto advisory non-overlapping (#929)
* Assigned RUSTSEC-2021-0069 to lettre (#925)
* Tue Jun 01 2021 wbrownAATTsuse.de- Update to version 20210601:
* Assigned RUSTSEC-2021-0069 to lettre (#925)
* Add lettre smtp vulnerability (#924)
* Assigned RUSTSEC-2021-0068 to iced-x86 (#923)
* iced-x86: fix lint (#922)
* Add advisory for iced-x86 soundness bug (#914)
* Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921)
* fixes #915 - remove duplicate word (#916)
* Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918)
* Bump rustsec-admin to v0.4.3 (#919)
* evm-core: fix crate name (#911)
* Fri May 07 2021 wbrownAATTsuse.de- Update to version 20210507:
* Assigned RUSTSEC-2021-0064 to cpuid-bool (#905)
* Add unmaintained crate advisory for `cpuid-bool` (#904)
* Assigned RUSTSEC-2021-0063 to comrak (#903)
* Add advisory for another comrak XSS (#902)
* aes
* crates: add crate names to advisory titles (#901)
* Assigned RUSTSEC-2021-0062 to miscreant (#900)
* Add unmaintained crate advisory for `miscreant` (#899)
* Assigned RUSTSEC-2021-0061 to aes-ctr (#898)
* Add unmaintained crate advisory for `aes-ctr` (#897)
* Assigned RUSTSEC-2021-0060 to aes-soft (#896)
* Wed Apr 28 2021 wbrownAATTsuse.de- Update to version 20210428:
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
* Mark patched tiny-http version for 2020-0031 (#875)
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
* Report 0163-algorithmica to RustSec
* Add std CVE (#869)
* Update CVE numbers (#870)
* Update advisory to indicate patched versions of stackvector.
* Added patch to \"fix\" vulnerability. (#866)
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
* Add advisory for double-free issues in id-map
* Tue Apr 20 2021 wbrownAATTsuse.de- Update to version 20210420:
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
* Mark patched tiny-http version for 2020-0031 (#875)
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
* Report 0163-algorithmica to RustSec
* Add std CVE (#869)
* Update CVE numbers (#870)
* Update advisory to indicate patched versions of stackvector.
* Added patch to \"fix\" vulnerability. (#866)
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
* Add advisory for double-free issues in id-map
* Wed Mar 31 2021 wbrownAATTsuse.de- Update to version 20210401:
* Assigned RUSTSEC-2021-0050 to reorder
* Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
* max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
* Assigned RUSTSEC-2020-0152 to max7301
* Add advisory for data race in max7301
* Assigned RUSTSEC-2020-0151 to generator
* Add advisory for data race in generator (#855)
* Assigned RUSTSEC-2020-0150 to disrustor
* Wed Mar 17 2021 wbrownAATTsuse.de- Update to version 20210317:
* Have master-to-main mirror force push (#822)
* Fix `main` -> `master` mirroring (#821)
* Rename `master` branch to `main` (#820)
* Mirror \'main\' branch to \'master\' (#819)
* README.md: fix \"Report Vulnerability\" button (#818)
* Assigned RUSTSEC-2021-0040 to arenavec
* Assigned RUSTSEC-2021-0039 to endian_trait
* arenavec: update advisory title to clarify issue
* Report 0109-arenavec to RustSec
* Tue Mar 02 2021 wbrownAATTsuse.de- Update to version 20210223:
* Assigned RUSTSEC-2021-0032 to byte_struct
* Assigned RUSTSEC-2021-0031 to nano_arena
* Add advisory for aliasing violation in nano_arena
* Add advisory for uninitialized memory drop in byte_struct
* Assigned RUSTSEC-2021-0030 to scratchpad
* Add advisory for double-free in scratchpad
* Revert \"Mark RUSTSEC-2020-0146 as unsound (#788)\"
* Mark RUSTSEC-2020-0146 as unsound (#788)
* Heapless soundness fix since 0.6.1 (#791)
* Update RUSTSEC-2020-0146.md with list of patched versions (#789)
* Assigned RUSTSEC-2021-0029 to truetype
* Report uninitialized memory exposure in truetype
* Assigned RUSTSEC-2021-0028 to toodee
* Add advisory for memory safety issue in toodee\'s insert_row
* Assigned RUSTSEC-2021-0027 to bam
* Add advisory for out-of-bounds write in bam
* Assigned RUSTSEC-2020-0146 to generic-array
* Add an advisory on lifetime extension in generic-array
* Assigned RUSTSEC-2020-0145 to heapless
* heapless: fix year: 2020, not 2010
* heapless: use-after-free when cloning partially consumed Iterator
* Update CVE numbers (#777)
* Tue Feb 23 2021 William Brown - Initial commit of 20210223