SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cargo-audit-advisory-db-20220323-35.1.x86_64.rpm :

* Wed Mar 30 2022 William Brown - Resolve issue with obs install check on non-tier1 arches
* Wed Mar 23 2022 wbrownAATTsuse.de- Update to version 20220323:
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Add CVE-2022-0778 for openssl-src (#1210)
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Fri Mar 11 2022 wbrownAATTsuse.de- Update to version 20220311:
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
* `rust-crypto`: miscomputation when performing AES encryption (#1201)
* Update RUSTSEC-2020-0150.md (#1199)
* Assigned RUSTSEC-2022-0010 to enum-map (#1198)
* Tue Feb 15 2022 wbrownAATTsuse.de- Update to version 20220215:
* Suggest maintained alternatives for Rental advisory (#1187)
* Update RUSTSEC-2022-0009.md (#1186)
* Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
* Mark tokio-proto as deprecated (#1184)
* Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
* Add entry for libp2p-core vulnerability (#1182)
* Add patched version to DashMap advisory (#1181)
* Assigned RUSTSEC-2022-0008 to windows (#1178)
* Add advisory for windows (#1177)
* Assigned RUSTSEC-2022-0007 to qcell (#1172)
* Wed Jan 05 2022 wbrownAATTsuse.de- Update to version 20220105:
* Assigned RUSTSEC-2021-0134 to rental (#1137)
* Report that rental is no longer maintained (#1136)
* Assigned RUSTSEC-2020-0160 to shamir (#1135)
* Turn the issue about shamir into an advisory (#1134)
* Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
* Mark cargo-download unmaintained (#1132)
* Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131)
* Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
* CVE-2020-8927 for compu-brotli-sys (#1129)
* Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)
* Fri Dec 10 2021 wbrownAATTsuse.de- Update to version 20211210:
* Assigned RUSTSEC-2021-0128 to rusqlite (#1120)
* Report `rusqlite` closure lifetime issue (#1117)
* correct formatting for lists in RUSTSEC-2021-0127 (#1116)
* Assigned RUSTSEC-2021-0127 to serde_cbor (#1115)
* serde_cbor is unmaintained (#1114)
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
* Add advisory for rust-embed path traversal (#1112)
* Adds maintained alternative to slice_deque (#1109)
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
* Security advisory on simple_asn1 version 0.6.0 (#1103)
* Tue Nov 30 2021 wbrownAATTsuse.de- Update to version 20211130:
* Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
* Add advisory for rust-embed path traversal (#1112)
* Adds maintained alternative to slice_deque (#1109)
* Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
* Security advisory on simple_asn1 version 0.6.0 (#1103)
* Assigned RUSTSEC-2021-0124 to tokio (#1107)
* Add advisory for tokio-rs/tokio#4225 (#1106)
* Add CVE for RUSTSEC-2021-0123 (#1105)
* Assigned RUSTSEC-2021-0123 to fruity (#1104)
* Add fruity advisory for nvzqz/fruity#14 (#1102)
* Fri Nov 12 2021 wbrownAATTsuse.de- Update to version 20211112:
* Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
* Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
* add cve info to advisories (#1099)
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Wed Nov 03 2021 wbrownAATTsuse.de- Update to version 20211103:
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Sun Oct 24 2021 wbrownAATTsuse.de- Update to version 20211025:
* Bump `rustsec-admin` to v0.5.3 (#1091)
* Add cvss information from nvd (#1085)
* Add missing method to time vulnerability (#1086)
* Add CVE alias for RUSTSEC-2021-0069 (#1087)
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Tue Oct 19 2021 wbrownAATTsuse.de- Update to version 20211019:
* Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
* Unsound implementation of Chacha20 in crypto2 (#1072)
* Assigned RUSTSEC-2020-0159 to chrono (#1083)
* Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
* Update vec-const advisory (#1081)
* Assigned RUSTSEC-2021-0120 to abomonation (#1080)
* Report abomonation as unsound (#1079)
* Update RUSTEC-2020-0071 (#1078)
* add missing cve info to advisories (#1077)
* Add CVE information to RUSTSEC-2020-0142 (#1076)
* Mon Oct 04 2021 wbrownAATTsuse.de- Update to version 20211005:
* add CVE information to RUSTSEC-2021-0080 (#1068)
* Add CVE information (#1067)
* Assigned RUSTSEC-2021-0119 to nix (#1066)
* nix::unistd::getgrouplist buffer overflow (#1060)
* Assigned RUSTSEC-2021-0118 to arrow (#1064)
* Yet another arrow advisory (#1059)
* Assigned RUSTSEC-2021-0117 to arrow (#1063)
* arrow DecimalArray advisory (#1058)
* Assigned RUSTSEC-2021-0116 to arrow (#1062)
* arrow BinaryArray advisory (#1057)
* Mon Aug 02 2021 wbrownAATTsuse.de- Update to version 20210802:
* Assigned RUSTSEC-2021-0077 to better-macro (#969)
* better-macro has deliberate RCE in proc-macro (#966)
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
* Add advisory for libsecp256k1 (#963)
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
* Revert \"Hotfix #957 until we figure out what to do with it (#958)\" (#960)
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
* Add rust-ammonia/ammonia#142 (#956)
* Hotfix #957 until we figure out what to do with it (#958)
* Wed Jul 21 2021 wbrownAATTsuse.de- Update to version 20210721:
* Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
* Add advisory for libsecp256k1 (#963)
* Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
* `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
* Revert \"Hotfix #957 until we figure out what to do with it (#958)\" (#960)
* Assigned RUSTSEC-2021-0074 to ammonia (#959)
* Add rust-ammonia/ammonia#142 (#956)
* Hotfix #957 until we figure out what to do with it (#958)
* Assigned RUSTSEC-2021-0073 to prost-types (#955)
* prost-types: Timestamp conversion overflow (#954)
* Fri Jul 02 2021 wbrownAATTsuse.de- Update to version 20210702:
* Fix RUSTSEC-2021-0048 which doesn\'t declare an operand (#945)
* Add `withdrawn` field (#942)
* Bump `rustsec-admin` to v0.5.0 (#944)
* Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
* Update RUSTSEC-2021-0049.md (#941)
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
* Update RUSTSEC-2020-0043.md (#934)
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
* Sat Jun 19 2021 wbrownAATTsuse.de- Update to version 20210619:
* Update RUSTSEC-2021-0049.md (#941)
* Assigned RUSTSEC-2021-0071 to grep-cli (#940)
* crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
* Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
* Update RUSTSEC-2020-0043.md (#934)
* Assigned RUSTSEC-2021-0070 to nalgebra (#932)
* Add advisory for nalgebra VecStorage/MatrixVec (#931)
* Remove range overlaps, fix some range specifications (#930)
* Make ranges in trust-dns-proto advisory non-overlapping (#929)
* Assigned RUSTSEC-2021-0069 to lettre (#925)
* Tue Jun 01 2021 wbrownAATTsuse.de- Update to version 20210601:
* Assigned RUSTSEC-2021-0069 to lettre (#925)
* Add lettre smtp vulnerability (#924)
* Assigned RUSTSEC-2021-0068 to iced-x86 (#923)
* iced-x86: fix lint (#922)
* Add advisory for iced-x86 soundness bug (#914)
* Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921)
* fixes #915 - remove duplicate word (#916)
* Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918)
* Bump rustsec-admin to v0.4.3 (#919)
* evm-core: fix crate name (#911)
* Fri May 07 2021 wbrownAATTsuse.de- Update to version 20210507:
* Assigned RUSTSEC-2021-0064 to cpuid-bool (#905)
* Add unmaintained crate advisory for `cpuid-bool` (#904)
* Assigned RUSTSEC-2021-0063 to comrak (#903)
* Add advisory for another comrak XSS (#902)
* aes
* crates: add crate names to advisory titles (#901)
* Assigned RUSTSEC-2021-0062 to miscreant (#900)
* Add unmaintained crate advisory for `miscreant` (#899)
* Assigned RUSTSEC-2021-0061 to aes-ctr (#898)
* Add unmaintained crate advisory for `aes-ctr` (#897)
* Assigned RUSTSEC-2021-0060 to aes-soft (#896)
* Wed Apr 28 2021 wbrownAATTsuse.de- Update to version 20210428:
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
* Mark patched tiny-http version for 2020-0031 (#875)
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
* Report 0163-algorithmica to RustSec
* Add std CVE (#869)
* Update CVE numbers (#870)
* Update advisory to indicate patched versions of stackvector.
* Added patch to \"fix\" vulnerability. (#866)
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
* Add advisory for double-free issues in id-map
* Tue Apr 20 2021 wbrownAATTsuse.de- Update to version 20210420:
* Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
* Mark patched tiny-http version for 2020-0031 (#875)
* Assigned RUSTSEC-2021-0053 to algorithmica (#874)
* Report 0163-algorithmica to RustSec
* Add std CVE (#869)
* Update CVE numbers (#870)
* Update advisory to indicate patched versions of stackvector.
* Added patch to \"fix\" vulnerability. (#866)
* Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
* Add advisory for double-free issues in id-map
* Wed Mar 31 2021 wbrownAATTsuse.de- Update to version 20210401:
* Assigned RUSTSEC-2021-0050 to reorder
* Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
* max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
* Assigned RUSTSEC-2020-0152 to max7301
* Add advisory for data race in max7301
* Assigned RUSTSEC-2020-0151 to generator
* Add advisory for data race in generator (#855)
* Assigned RUSTSEC-2020-0150 to disrustor
* Wed Mar 17 2021 wbrownAATTsuse.de- Update to version 20210317:
* Have master-to-main mirror force push (#822)
* Fix `main` -> `master` mirroring (#821)
* Rename `master` branch to `main` (#820)
* Mirror \'main\' branch to \'master\' (#819)
* README.md: fix \"Report Vulnerability\" button (#818)
* Assigned RUSTSEC-2021-0040 to arenavec
* Assigned RUSTSEC-2021-0039 to endian_trait
* arenavec: update advisory title to clarify issue
* Report 0109-arenavec to RustSec
* Tue Mar 02 2021 wbrownAATTsuse.de- Update to version 20210223:
* Assigned RUSTSEC-2021-0032 to byte_struct
* Assigned RUSTSEC-2021-0031 to nano_arena
* Add advisory for aliasing violation in nano_arena
* Add advisory for uninitialized memory drop in byte_struct
* Assigned RUSTSEC-2021-0030 to scratchpad
* Add advisory for double-free in scratchpad
* Revert \"Mark RUSTSEC-2020-0146 as unsound (#788)\"
* Mark RUSTSEC-2020-0146 as unsound (#788)
* Heapless soundness fix since 0.6.1 (#791)
* Update RUSTSEC-2020-0146.md with list of patched versions (#789)
* Assigned RUSTSEC-2021-0029 to truetype
* Report uninitialized memory exposure in truetype
* Assigned RUSTSEC-2021-0028 to toodee
* Add advisory for memory safety issue in toodee\'s insert_row
* Assigned RUSTSEC-2021-0027 to bam
* Add advisory for out-of-bounds write in bam
* Assigned RUSTSEC-2020-0146 to generic-array
* Add an advisory on lifetime extension in generic-array
* Assigned RUSTSEC-2020-0145 to heapless
* heapless: fix year: 2020, not 2010
* heapless: use-after-free when cloning partially consumed Iterator
* Update CVE numbers (#777)
* Tue Feb 23 2021 William Brown - Initial commit of 20210223
  
ICM