Skip to content
Permalink
Branch: master
Commits on Jan 20, 2020
  1. Merge pull request #227 from RustSec/RUSTSEC-2018-0016

    tarcieri committed Jan 20, 2020
    Assign RUSTSEC-2018-0016 to quickersort
  2. Assign RUSTSEC-2018-0016 to quickersort

    tarcieri committed Jan 20, 2020
    Original PR: #210
  3. Merge pull request #210 from EmbarkStudios/quickersort

    tarcieri committed Jan 20, 2020
    Add advisory for deprecated/unmaintained quickersort
Commits on Jan 19, 2020
  1. Merge pull request #224 from RustSec/RUSTSEC-2016-0005/add-note-about…

    tarcieri committed Jan 19, 2020
    …-rust-crypto-crate-vs-org
    
    RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto
  2. RUSTSEC-2016-0005: add note about rust-crypto vs RustCrypto

    tarcieri committed Jan 19, 2020
    The `rust-crypto` crate and RustCrypto org have confusingly similar
    names, which has caused confusion about this advisory in practice:
    
    https://www.reddit.com/r/rust/comments/e29sxc/ann_rustcryptoaead_v020_heapless_symmetric_aead/f8ujyxm/
    
    This commit adds a small note to disambiguate them and note that
    RustCrypto-the-GitHub-org is still maintained.
Commits on Jan 17, 2020
  1. Fix typo

    repi and aclonegeek committed Jan 17, 2020
    Co-Authored-By: Randy Taylor <tehgecKozzz@gmail.com>
Commits on Jan 16, 2020
  1. Merge pull request #223 from RustSec/RUSTSEC-2020-0002

    tarcieri committed Jan 16, 2020
    Assign RUSTSEC-2020-0002 to prost
  2. Assign RUSTSEC-2020-0002 to prost

    tarcieri committed Jan 16, 2020
    Original PR: #222
  3. Merge pull request #222 from dbrgn/prost-stackoverflow

    tarcieri committed Jan 16, 2020
    Add advisory for prost stack overflow
  4. fixup! Add advisory for prost stack overflow

    dbrgn committed Jan 16, 2020
  5. Add advisory for prost stack overflow

    dbrgn committed Jan 16, 2020
Commits on Jan 9, 2020
  1. Merge pull request #221 from roy-work/roy/fix-http-affected-ranges

    tarcieri committed Jan 9, 2020
    Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20
  2. Correct affected version range on RUSTSEC-2019-003[34] to patched at …

    Roy Wellington Ⅳ
    Roy Wellington Ⅳ committed Jan 9, 2020
    …0.1.20
    
    I believe these two vulnerabilities were patched at 0.1.20.
    
    For RUSTSEC-2019-0033:
    
    The advisory links to the bug: hyperium/http#352
    In that bug, the fixing PR was hyperium/http#360
    That PR merged the commit 81ceb61 to fix the bug; that commit, according to
    GitHub, was first picked up by tag v0.1.20 ([commit][1]).
    
    [1]: hyperium/http@81ceb61
    
    For RUSTSEC-2019-0034:
    
    This advisory is two separate GitHub issues against `HeaderMap::drain`,
    http #354 and http #355.
    
    For the first: the issue: hyperium/http#354
    In that bug, the fixing PR was hyperium/http#357
    That PR merged the commit 82d53db to fix the bug; that commit, according to
    GitHub, was first picked up by tag v0.1.20 ([commit][2]).
    
    [2]: hyperium/http@82d53db
    
    For the second: the issue: hyperium/http#355
    In that bug, the fixing PR was hyperium/http#362
    That PR merged the commit 8ffe094 to fix the bug; that commit, according to
    GitHub, was first picked up by tag v0.1.20 ([commit][3]).
    
    [3]: hyperium/http@8ffe094
  3. Merge pull request #220 from RustSec/RUSTSEC-2019-0034

    tarcieri committed Jan 9, 2020
    Assign RUSTSEC-2019-0034 to http
  4. Assign RUSTSEC-2019-0034 to http

    tarcieri committed Jan 9, 2020
    Original PR: #218
  5. Merge pull request #218 from Qwaz/http2

    tarcieri committed Jan 9, 2020
    Add advisory for hyperium/http/issues/354,355
  6. Merge branch 'master' into http2

    tarcieri committed Jan 9, 2020
  7. Merge pull request #219 from RustSec/RUSTSEC-2019-0033

    tarcieri committed Jan 9, 2020
    Assign RUSTSEC-2019-0033 to http
  8. Assign RUSTSEC-2019-0033 to http

    tarcieri committed Jan 9, 2020
    Original PR: #217
  9. Merge pull request #217 from Qwaz/http1

    tarcieri committed Jan 9, 2020
    Add advisory for hyperium/http/issues/352
  10. hyperium/http/issues/354,355

    Qwaz committed Jan 9, 2020
  11. hyperium/http/issues/352

    Qwaz committed Jan 9, 2020
Commits on Jan 7, 2020
  1. Merge pull request #216 from RustSec/RUSTSEC-2020-0001

    tarcieri committed Jan 7, 2020
    Assign RUSTSEC-2020-0001 to trust-dns-server
  2. Assign RUSTSEC-2020-0001 to trust-dns-server

    tarcieri committed Jan 7, 2020
    Original PR: #215
  3. Merge pull request #215 from bluejekyll/master

    tarcieri committed Jan 7, 2020
    trust-dns-server additionals processing overflows stack
Commits on Jan 6, 2020
  1. trust-dns-server additions processing overflows stack

    bluejekyll committed Jan 6, 2020
Commits on Jan 3, 2020
  1. Merge pull request #214 from RustSec/readme/bump-maintained-date

    tarcieri committed Jan 3, 2020
    README.md: Bump maintained date to Q1 2020
  2. README.md: Bump maintained date to Q1 2020

    tarcieri committed Jan 3, 2020
  3. Merge pull request #213 from RustSec/RUSTSEC-2019-0031/add-conquer-once

    tarcieri committed Jan 3, 2020
    RUSTSEC-2019-0031: add `conquer-once` as an alternative to `spin`
Commits on Dec 21, 2019
  1. Merge pull request #211 from basvandijk/RUSTSEC-2019-0023-string-inte…

    tarcieri committed Dec 21, 2019
    …rner-0.6.4
    
    string-interner-0.6.4 also fixes RUSTSEC-2019-0023
  2. string-interner-0.6.4 also fixes RUSTSEC-2019-0023

    basvandijk committed Dec 21, 2019
    The fix Robbepop/string-interner#10
    released in 0.7.1 was also backported to the 0.6 release line in
    Robbepop/string-interner#14 and released in 0.6.4.
Commits on Dec 18, 2019
  1. Add advisory for deprecated/unmaintained quickersort

    repi committed Dec 18, 2019
    The author of the `quickersort` crate has deprecated it and do not
    recommend using it anymore.
    
    Everything in it has been incorporated into std::sort_unstable in the
    standard library as of Rust 1.20.
Commits on Dec 17, 2019
  1. Merge pull request #209 from RustSec/RUSTSEC-2019-0032

    tarcieri committed Dec 17, 2019
    Assign RUSTSEC-2019-0032 to crust
  2. Assign RUSTSEC-2019-0032 to crust

    tarcieri committed Dec 17, 2019
    Original PR: #204
Older
You can’t perform that action at this time.