Changelog for cargo-audit-advisory-db-20250204-1.1.x86_64.rpm :

* Tue Feb 04 2025 william.brownAATTsuse.com- Update to version 20250204:
* Assigned RUSTSEC-2025-0004 to openssl (#2218)
* Add advisory for `openssl ssl::select_next_proto` UAF (#2217)
* Add patch version for RUSTSEC-2021-0087.md (#2216)
* Assigned RUSTSEC-2025-0002 to fast-float2, RUSTSEC-2025-0003 to fast-float (#2213)
* Add advisory for segmentation fault in fast-float and fast-float2 (#2192)
* Add global GHSA and references to RUSTSEC-2025-0001 (#2207)
* README.md: bump database maintenance year to 2025 (#2208)
* Assigned RUSTSEC-2024-0434 to matrix-sdk-crypto (#2205)
* Remove listing of unix-likes from advisory (#2206)
* Add CVE-2024-52813 for matrix-sdk-crypto (#2204)
* Wed Oct 30 2024 william.brownAATTsuse.com- Update to version 20241030:
* Fix incorrect fixed version for may_queue (#2106)
* Add missing information about fixed versions (#2105)
* Assigned RUSTSEC-2024-0378 to pyo3 (#2102)
* risk of use-after-free in PyO3 borrowing from weak refrences (#2101)
* Assigned RUSTSEC-2024-0377 to dbn (#2099)
* Dbn heap buffer overflow (#2097)
* Update RUSTSEC-2024-0376 affected versions (#2094)
* Assigned RUSTSEC-2024-0376 to tonic (#2092)
* Add advisory for CVE-2024-47609 in tonic (#2091)
* Assigned RUSTSEC-2024-0375 to atty (#2090)
* Wed Sep 04 2024 william.brownAATTsuse.com- Update to version 20240904:
* Make small readability improvements in RUSTSEC-2023-0064 (#2064)
* Add global GHSA reference for RUSTSEC-2024-0367 (config scopes) (#2063)
* Assigned RUSTSEC-2024-0368 to olm-sys (#2062)
* Add advisory for olm-sys (unmaintained, crypto failure) (#2060)
* Add CVE number for RUSTSEC-2024-0367 (config scopes) (#2061)
* Assigned RUSTSEC-2024-0367 to gix-path (#2058)
* Advisory for GHSA-v26r-4c9c-h3j6 (config scopes) in gix-path (#2055)
* Assigned RUSTSEC-2024-0366 to cosmwasm-vm (#2053)
* Add cosmwasm-vm advisory CWA-2023-004 (#2052)
* update resolution for RUSTSEC-2024-0363 (sqlx) (#2050)
* Tue Jul 30 2024 william.brownAATTsuse.com- Update to version 20240730:
* Assigned RUSTSEC-2024-0360 to xmp_toolkit (#2030)
* Unsoundness notice for xmp_toolkit < 1.9.0 (#2029)
* Assigned RUSTSEC-2024-0359 to gix-attributes (#2028)
* Unsoundness notice for gix-attributes (kstring integration) (#2027)
* Assigned RUSTSEC-2024-0358 to object_store (#2026)
* Add advisory for object_store credentials leak via logs (#2025)
* Assigned RUSTSEC-2024-0357 to openssl (#2022)
* Added advisory for undefined behavior in openssl (#2021)
* Assigned RUSTSEC-2024-0356 to matrix-sdk-crypto (#2019)
* Add CVE-2024-40648 for matrix-sdk-crypto (#2018)
* Tue May 28 2024 william.brownAATTsuse.com- Update to version 20240528:
* Add some civility language to HOWTO_UNMAINTAINED.md (#1972)
* Synchronize IDs (2024-05-21) (#1966)
* Assigned RUSTSEC-2024-0342 to vodozemac (#1965)
* Add CVE-2024-34063 for vodozemac (#1955)
* Assigned RUSTSEC-2024-0341 to tls-listener (#1964)
* Assigned RUSTSEC-2024-0340 to tor-circmgr (#1963)
* add CVE-2024-28854 for tls-listener (#1926)
* Add advisory for tor-circmgr TROVE-2024-004 (#1958)
* Assigned RUSTSEC-2024-0339 to tor-circmgr (#1962)
* Add advisory for tor-circmgr TROVE-2024-003 (#1957)
* Sat Mar 30 2024 william.brownAATTsuse.com- Update to version 20240330:
* Assigned (#1924)
* Add an unmaintained crate advisory for yaml-rust (#1922)
* Assigned RUSTSEC-2023-0085 to hpack (#1920)
* Add hpack panics (#1919)
* Assigned RUSTSEC-2024-0021 to eyre, RUSTSEC-2023-0084 to hpack (#1916)
* eyre: Parts of Report are dropped as the wrong type during downcast (#1918)
* Add security advisory for unmaintained hpack crate (#1915)
* update RUSTSEC-2024-0020 with additional information (#1913)
* Assigned RUSTSEC-2024-0020 to whoami (#1912)
* Add advisory for stack buffer overflow with whoami (#1911)
* Tue Dec 19 2023 william.brownAATTsuse.com- Update to version 20231219:
* Assigned RUSTSEC-2023-0074 to zerocopy (#1839)
* zerocopy: Some Ref methods are unsound with some type params (#1837)
* Update CVSS score of RUSTSEC-2023-0071 (#1838)
* Assigned RUSTSEC-2023-0073 to candid (#1835)
* Add advisory for candid library decoding DoS vulnerability (#1834)
* RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830)
* RUSTSEC-2023-0071.md: use \'###\' section headers (#1829)
* RUSTSEC-2023-0071: add CVSS, aliases, and new wording (#1828)
* Assigned RUSTSEC-2023-0072 to openssl (#1827)
* `openssl` `X509StoreRef::objects` is unsound (#1824)
* Fri Oct 27 2023 william.brownAATTsuse.com- Update to version 20231027:
* Assigned RUSTSEC-2023-0068 to cocoon (#1810)
* cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805)
* Updating information about replacements (#1803)
* Assigned RUSTSEC-2023-0067 to fehler (#1801)
* fehler is unmaintained (#1800)
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
* Document the privilege-escalation vulnerability in pleaser. (#1798)
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
* Create advisory for tungstenite DoS (#1795)
* Sat Oct 07 2023 william.brownAATTsuse.com- Update to version 20231007:
* Assigned RUSTSEC-2023-0066 to pleaser (#1799)
* Document the privilege-escalation vulnerability in pleaser. (#1798)
* Update webpki RUSTSEC-2023-0052 advisory. (#1797)
* Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
* Create advisory for tungstenite DoS (#1795)
* Add patch version (#1794)
* Update info about CVE-2023-5129 (#1793)
* Bump rustsec-admin to 0.8.8 (#1791)
* Assigned RUSTSEC-2023-0064 to gix-transport (#1790)
* Add notice to gix-transport crate (#1789)
* Thu Aug 17 2023 william.brownAATTsuse.com- Update to version 20230818:
* Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745)
* Add Double Public Key Signing Function Oracle Attack on `ed25519-dalek` (#1744)
* Assigned RUSTSEC-2023-0049 to tui (#1740)
* Add unmaintained `tui` advisory (#1739)
* Update aliases from GHSA OSV export (#1734)
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
* Add advisory for unsoundness in intaglio symbol interners (#1732)
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
* report unsoundness of lmdb-rs (#1724)
* Fix typos (#1729)
* Mon Jul 31 2023 william.brownAATTsuse.com- Update to version 20230731:
* Update aliases from GHSA OSV export (#1734)
* Assigned RUSTSEC-2023-0048 to intaglio (#1733)
* Add advisory for unsoundness in intaglio symbol interners (#1732)
* Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
* report unsoundness of lmdb-rs (#1724)
* Fix typos (#1729)
* Bump rustsec-admin to 0.8.6 (#1728)
* Update aliases from GHSA OSV export (#1727)
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
* Tue Jul 11 2023 william.brownAATTsuse.com- Update to version 20230711:
* Bump rustsec-admin to 0.8.6 (#1728)
* Update aliases from GHSA OSV export (#1727)
* Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
* Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
* report misaligned pointer dereference in cyfs-base (#1718)
* Assigned RUSTSEC-2023-0045 to memoffset (#1722)
* Add advisory to `memoffset` (#1721)
* Assigned RUSTSEC-2023-0044 to openssl (#1720)
* Report buffer-overread in OpenSSL (#1719)
* Update RUSTSEC-2023-0042 to reflect patch. (#1717)
* Tue May 30 2023 william.brownAATTsuse.com- Update to version 20230530:
* Suggest kuchikiki as an alternative to kuchiki (#1698)
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
* xsalsa20poly1305 is unmaintained (#1694)
* xml-rs is maintained (#1691)
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
* Add unmaintained tree_magic crate (#1678)
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
* enumflags2::make_bitflags unsoundness (#1686)
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
* Tue May 23 2023 william.brownAATTsuse.com- Update to version 20230523:
* Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
* xsalsa20poly1305 is unmaintained (#1694)
* xml-rs is maintained (#1691)
* Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
* Add unmaintained tree_magic crate (#1678)
* Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
* enumflags2::make_bitflags unsoundness (#1686)
* Assigned RUSTSEC-2023-0034 to h2 (#1687)
* Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
* Fix typos in RUSTSEC-2023-0033 (#1685)
* Thu Apr 13 2023 william.brownAATTsuse.com- Update to version 20230413:
* Bump peter-evans/create-pull-request from 4 to 5 (#1677)
* Withdraw RUSTSEC-2021-0147 (#1676)
* Assigned RUSTSEC-2023-0032 to ntru (#1674)
* Add unsound ntru (#1652)
* Assigned RUSTSEC-2023-0031 to spin (#1673)
* Added unsound `spin` (#1671)
* Assigned RUSTSEC-2023-0030 to versionize (#1669)
* Add advisory for versionize crate (#1662)
* Assigned RUSTSEC-2023-0029 to nats (#1668)
* Fix `nats` directory (#1667)
* Thu Feb 23 2023 william.brownAATTsuse.com- Update to version 20230223:
* Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607)
* Add sqlite advisory (#1599)
* Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606)
* Add soundness advisory for cortex-m-rt (#1601)
* Update RUSTSEC-2020-0097.md (#1600)
* Better docs (#1598)
* Assigned RUSTSEC-2020-0167 to pnet_packet (#1596)
* Fix some typos (#1593)
* Add advisory for pnet_packet (#1595)
* Update RUSTSEC-2020-0071.md (#1594)
* Tue Jan 17 2023 william.brownAATTsuse.com- Update to version 20230117:
* Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530)
* Add parity-util-mem unmaintained (#1528)
* Assigned RUSTSEC-2021-0146 to twoway (#1529)
* Add unmaintained `twoway` (#1435)
* Assigned RUSTSEC-2022-0079 to elf_rs (#1527)
* Add advisory for elf_rs crate (#1450)
* Update RUSTSEC-2021-0088.md (#1512)
* Assigned RUSTSEC-2022-0078 to bumpalo (#1526)
* Add advisory for bumpalo Vec iterator unsoundness (#1525)
* Assigned RUSTSEC-2022-0077 to claim (#1523)
* Tue Nov 01 2022 william.brownAATTsuse.com- Update to version 20221102:
* Assigned RUSTSEC-2022-0065 to openssl-src (#1455)
* CVE-2022-3786 in openssl (#1453)
* Assigned RUSTSEC-2022-0064 to openssl-src (#1454)
* CVE-2022-3602 in openssl (#1452)
* Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449)
* Add CVE-2022-36086 for linked_list_allocator (#1448)
* Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445)
* Add advisory for logging of access tokens in matrix-sdk (#1444)
* Assigned RUSTSEC-2022-0061 to parity-wasm (#1443)
* Add unmaintained `parity-wasm` (#1441)
* Wed Sep 28 2022 william.brownAATTsuse.com- Update to version 20220928:
* Assigned RUSTSEC-2022-0056 to clipboard (#1425)
* Add unmaintained `clipboard` (#1267)
* Fix informational footnote wording (#1420)
* Add `stylish` as `ansi_term` alternative (#1421)
* Assigned RUSTSEC-2022-0055 to axum-core (#1419)
* Add `axum-core` DoS (#1417)
* Assigned RUSTSEC-2021-0144 to traitobject (#1415)
* Add unmaintained `traitobject` (#1390)
* Assigned RUSTSEC-2019-0039 to typemap (#1414)
* Add unmaintained `typemap` (#1406)
* Wed May 11 2022 wbrownAATTsuse.de- Update to version 20220511:
* Assigned RUSTSEC-2022-0022 to hyper (#1235)
* add hyper advisory (#1232)
* Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233)
* add crossbeam advisories for incorrect (unsound) zeroed memory (#1231)
* Assigned RUSTSEC-2022-0018 to totp-rs (#1230)
* Possible timing attack in totp-rs (#1229)
* HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192)
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
* Add advisory for using impure constants in array-macro (#1224)
* Add patch version for fruity (#1223)
* Thu Apr 28 2022 wbrownAATTsuse.de- Update to version 20220428:
* Assigned RUSTSEC-2022-0017 to array-macro (#1225)
* Add advisory for using impure constants in array-macro (#1224)
* Add patch version for fruity (#1223)
* Update RUSTSEC-2020-0071.md (#1222)
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
* Add CVE-2022-24791 for Wasmtime (#1217)
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Wed Apr 20 2022 wbrownAATTsuse.de- Update to version 20220420:
* Add patch version for fruity (#1223)
* Update RUSTSEC-2020-0071.md (#1222)
* RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
* Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
* Add CVE-2022-24791 for Wasmtime (#1217)
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Add CVE-2022-0778 for openssl-src (#1210)
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* Wed Mar 30 2022 William Brown - Resolve issue with obs install check on non-tier1 arches
* Wed Mar 23 2022 wbrownAATTsuse.de- Update to version 20220323:
* Assigned RUSTSEC-2022-0015 to pty (#1215)
* Add unmaintained advisory for pty (#1213)
* Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
* Add CVE-2022-0778 for openssl-src (#1210)
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Fri Mar 11 2022 wbrownAATTsuse.de- Update to version 20220311:
* Assigned RUSTSEC-2022-0013 to regex (#1208)
* add cve-2022-24713 (#1207)
* mark RUSTSEC-2021-0019 fixed, add references (#1206)
* RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
* Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
* Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
* Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
* `rust-crypto`: miscomputation when performing AES encryption (#1201)
* Update RUSTSEC-2020-0150.md (#1199)
* Assigned RUSTSEC-2022-0010 to enum-map (#1198)
* Tue Feb 15 2022 wbrownAATTsuse.de- Update to version 20220215:
* Suggest maintained alternatives for Rental advisory (#1187)
* Update RUSTSEC-2022-0009.md (#1186)
* Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
* Mark tokio-proto as deprecated (#1184)
* Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
* Add entry for libp2p-core vulnerability (#1182)
* Add patched version to DashMap advisory (#1181)
* Assigned RUSTSEC-2022-0008 to windows (#1178)
* Add advisory for windows (#1177)
* Assigned RUSTSEC-2022-0007 to qcell (#1172)
* Wed Jan 05 2022 wbrownAATTsuse.de- Update to version 20220105:
* Assigned RUSTSEC-2021-0134 to rental (#1137)
* Report that rental is no longer maintained (#1136)
* Assigned RUSTSEC-2020-0160 to shamir (#1135)
* Turn the issue about shamir into an advisory (#1134)
* Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
* Mark cargo-download unmaintained (#1132)
* Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131)
* Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
* CVE-2020-8927 for compu-brotli-sys (#1129)
* Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)