Skip to content

/rustsec-crate

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unaffected crates are still flagged as vulnerabilities #51

Closed
MF1-MS opened this Issue Dec 10, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@MF1-MS @tarcieri
@MF1-MS
Copy link

MF1-MS commented Dec 10, 2018

This was come across as the presence of crossbeam v0.2.12 causes cargo audit to fail, despite the only affected version being v0.4.0, see: https://github.com/RustSec/advisory-db/blob/master/crates/crossbeam/RUSTSEC-2018-0009.toml

From a brief look at the code it seems that unaffected_versions needs to be stripped out like patched_versions in db.rs
@tarcieri

This comment has been minimized.

Sign in to view
Copy link
Member

tarcieri commented Dec 10, 2018

Well that's unfortunate. I'll try to get a quick fix out for this.
@MF1-MS

This comment has been minimized.

Sign in to view
Copy link
Author

MF1-MS commented Dec 10, 2018

Cracking, many thanks.

@tarcieri tarcieri referenced this issue Dec 11, 2018

Merged

Request RUSTSEC for resolved UAF in OpenSSL #77

@tarcieri tarcieri closed this in 619e07c Dec 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.