File cargo-audit-advisory-db.changes of Package cargo-audit-advisory-db

Overview Repositories Revisions Requests Users Attributes Meta

File cargo-audit-advisory-db.changes of Package cargo-audit-advisory-db

-------------------------------------------------------------------
Sat Mar 30 04:06:18 UTC 2024 - william.brown@suse.com

- Update to version 20240330:
  * Assigned (#1924)
  * Add an unmaintained crate advisory for yaml-rust (#1922)
  * Assigned RUSTSEC-2023-0085 to hpack (#1920)
  * Add hpack panics (#1919)
  * Assigned RUSTSEC-2024-0021 to eyre, RUSTSEC-2023-0084 to hpack (#1916)
  * eyre: Parts of Report are dropped as the wrong type during downcast (#1918)
  * Add security advisory for unmaintained hpack crate (#1915)
  * update RUSTSEC-2024-0020 with additional information (#1913)
  * Assigned RUSTSEC-2024-0020 to whoami (#1912)
  * Add advisory for stack buffer overflow with whoami (#1911)

-------------------------------------------------------------------
Tue Dec 19 02:11:18 UTC 2023 - william.brown@suse.com

- Update to version 20231219:
  * Assigned RUSTSEC-2023-0074 to zerocopy (#1839)
  * zerocopy: Some Ref methods are unsound with some type params (#1837)
  * Update CVSS score of RUSTSEC-2023-0071 (#1838)
  * Assigned RUSTSEC-2023-0073 to candid (#1835)
  * Add advisory for candid library decoding DoS vulnerability (#1834)
  * RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830)
  * RUSTSEC-2023-0071.md: use '###' section headers (#1829)
  * RUSTSEC-2023-0071: add CVSS, aliases, and new wording (#1828)
  * Assigned RUSTSEC-2023-0072 to openssl (#1827)
  * `openssl` `X509StoreRef::objects` is unsound (#1824)

-------------------------------------------------------------------
Fri Oct 27 03:02:30 UTC 2023 - william.brown@suse.com

- Update to version 20231027:
  * Assigned RUSTSEC-2023-0068 to cocoon (#1810)
  * cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805)
  * Updating information about replacements (#1803)
  * Assigned RUSTSEC-2023-0067 to fehler (#1801)
  * fehler is unmaintained (#1800)
  * Assigned RUSTSEC-2023-0066 to pleaser (#1799)
  * Document the privilege-escalation vulnerability in pleaser. (#1798)
  * Update webpki RUSTSEC-2023-0052 advisory. (#1797)
  * Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
  * Create advisory for tungstenite DoS (#1795)

-------------------------------------------------------------------
Sat Oct 07 01:19:51 UTC 2023 - william.brown@suse.com

- Update to version 20231007:
  * Assigned RUSTSEC-2023-0066 to pleaser (#1799)
  * Document the privilege-escalation vulnerability in pleaser. (#1798)
  * Update webpki RUSTSEC-2023-0052 advisory. (#1797)
  * Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
  * Create advisory for tungstenite DoS (#1795)
  * Add patch version (#1794)
  * Update info about CVE-2023-5129 (#1793)
  * Bump rustsec-admin to 0.8.8 (#1791)
  * Assigned RUSTSEC-2023-0064 to gix-transport (#1790)
  * Add notice to gix-transport crate (#1789)

-------------------------------------------------------------------
Thu Aug 17 23:38:35 UTC 2023 - william.brown@suse.com

- Update to version 20230818:
  * Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745)
  * Add Double Public Key Signing Function Oracle Attack on `ed25519-dalek` (#1744)
  * Assigned RUSTSEC-2023-0049 to tui (#1740)
  * Add unmaintained `tui` advisory (#1739)
  * Update aliases from GHSA OSV export (#1734)
  * Assigned RUSTSEC-2023-0048 to intaglio (#1733)
  * Add advisory for unsoundness in intaglio symbol interners (#1732)
  * Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
  * report unsoundness of lmdb-rs (#1724)
  * Fix typos (#1729)

-------------------------------------------------------------------
Mon Jul 31 04:07:19 UTC 2023 - william.brown@suse.com

- Update to version 20230731:
  * Update aliases from GHSA OSV export (#1734)
  * Assigned RUSTSEC-2023-0048 to intaglio (#1733)
  * Add advisory for unsoundness in intaglio symbol interners (#1732)
  * Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
  * report unsoundness of lmdb-rs (#1724)
  * Fix typos (#1729)
  * Bump rustsec-admin to 0.8.6 (#1728)
  * Update aliases from GHSA OSV export (#1727)
  * Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
  * Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)

-------------------------------------------------------------------
Tue Jul 11 00:47:33 UTC 2023 - william.brown@suse.com

- Update to version 20230711:
  * Bump rustsec-admin to 0.8.6 (#1728)
  * Update aliases from GHSA OSV export (#1727)
  * Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
  * Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
  * report misaligned pointer dereference in cyfs-base (#1718)
  * Assigned RUSTSEC-2023-0045 to memoffset (#1722)
  * Add advisory to `memoffset` (#1721)
  * Assigned RUSTSEC-2023-0044 to openssl (#1720)
  * Report buffer-overread in OpenSSL (#1719)
  * Update RUSTSEC-2023-0042 to reflect patch. (#1717)

-------------------------------------------------------------------
Tue May 30 04:33:12 UTC 2023 - william.brown@suse.com

- Update to version 20230530:
  * Suggest kuchikiki as an alternative to kuchiki (#1698)
  * Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
  * xsalsa20poly1305 is unmaintained (#1694)
  * xml-rs is maintained (#1691)
  * Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
  * Add unmaintained tree_magic crate (#1678)
  * Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
  * enumflags2::make_bitflags unsoundness (#1686)
  * Assigned RUSTSEC-2023-0034 to h2 (#1687)
  * Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)

-------------------------------------------------------------------
Tue May 23 04:42:24 UTC 2023 - william.brown@suse.com

- Update to version 20230523:
  * Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
  * xsalsa20poly1305 is unmaintained (#1694)
  * xml-rs is maintained (#1691)
  * Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
  * Add unmaintained tree_magic crate (#1678)
  * Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
  * enumflags2::make_bitflags unsoundness (#1686)
  * Assigned RUSTSEC-2023-0034 to h2 (#1687)
  * Add advisory for h2: resource exhaustion vulnerability may lead to DoS (#1684)
  * Fix typos in RUSTSEC-2023-0033 (#1685)

-------------------------------------------------------------------
Thu Apr 13 01:00:08 UTC 2023 - william.brown@suse.com

- Update to version 20230413:
  * Bump peter-evans/create-pull-request from 4 to 5 (#1677)
  * Withdraw RUSTSEC-2021-0147 (#1676)
  * Assigned RUSTSEC-2023-0032 to ntru (#1674)
  * Add unsound ntru (#1652)
  * Assigned RUSTSEC-2023-0031 to spin (#1673)
  * Added unsound `spin` (#1671)
  * Assigned RUSTSEC-2023-0030 to versionize (#1669)
  * Add advisory for versionize crate (#1662)
  * Assigned RUSTSEC-2023-0029 to nats (#1668)
  * Fix `nats` directory (#1667)

-------------------------------------------------------------------
Thu Feb 23 00:12:48 UTC 2023 - william.brown@suse.com

- Update to version 20230223:
  * Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607)
  * Add sqlite advisory (#1599)
  * Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606)
  * Add soundness advisory for cortex-m-rt (#1601)
  * Update RUSTSEC-2020-0097.md (#1600)
  * Better docs (#1598)
  * Assigned RUSTSEC-2020-0167 to pnet_packet (#1596)
  * Fix some typos (#1593)
  * Add advisory for pnet_packet (#1595)
  * Update RUSTSEC-2020-0071.md (#1594)

-------------------------------------------------------------------
Tue Jan 17 03:29:22 UTC 2023 - william.brown@suse.com

- Update to version 20230117:
  * Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530)
  * Add parity-util-mem unmaintained (#1528)
  * Assigned RUSTSEC-2021-0146 to twoway (#1529)
  * Add unmaintained `twoway` (#1435)
  * Assigned RUSTSEC-2022-0079 to elf_rs (#1527)
  * Add advisory for elf_rs crate (#1450)
  * Update RUSTSEC-2021-0088.md (#1512)
  * Assigned RUSTSEC-2022-0078 to bumpalo (#1526)
  * Add advisory for bumpalo Vec iterator unsoundness (#1525)
  * Assigned RUSTSEC-2022-0077 to claim (#1523)

-------------------------------------------------------------------
Tue Nov 01 22:16:48 UTC 2022 - william.brown@suse.com

- Update to version 20221102:
  * Assigned RUSTSEC-2022-0065 to openssl-src (#1455)
  * CVE-2022-3786 in openssl (#1453)
  * Assigned RUSTSEC-2022-0064 to openssl-src (#1454)
  * CVE-2022-3602 in openssl (#1452)
  * Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449)
  * Add CVE-2022-36086 for linked_list_allocator (#1448)
  * Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445)
  * Add advisory for logging of access tokens in matrix-sdk (#1444)
  * Assigned RUSTSEC-2022-0061 to parity-wasm (#1443)
  * Add unmaintained `parity-wasm` (#1441)

-------------------------------------------------------------------
Wed Sep 28 01:22:33 UTC 2022 - william.brown@suse.com

- Update to version 20220928:
  * Assigned RUSTSEC-2022-0056 to clipboard (#1425)
  * Add unmaintained `clipboard` (#1267)
  * Fix informational footnote wording (#1420)
  * Add `stylish` as `ansi_term` alternative (#1421)
  * Assigned RUSTSEC-2022-0055 to axum-core (#1419)
  * Add `axum-core` DoS (#1417)
  * Assigned RUSTSEC-2021-0144 to traitobject (#1415)
  * Add unmaintained `traitobject` (#1390)
  * Assigned RUSTSEC-2019-0039 to typemap (#1414)
  * Add unmaintained `typemap` (#1406)

-------------------------------------------------------------------
Wed May 11 01:12:29 UTC 2022 - wbrown@suse.de

- Update to version 20220511:
  * Assigned RUSTSEC-2022-0022 to hyper (#1235)
  * add hyper advisory (#1232)
  * Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233)
  * add crossbeam advisories for incorrect (unsound) zeroed memory (#1231)
  * Assigned RUSTSEC-2022-0018 to totp-rs (#1230)
  * Possible timing attack in totp-rs (#1229)
  * HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192)
  * Assigned RUSTSEC-2022-0017 to array-macro (#1225)
  * Add advisory for using impure constants in array-macro (#1224)
  * Add patch version for fruity (#1223)

-------------------------------------------------------------------
Thu Apr 28 02:57:45 UTC 2022 - wbrown@suse.de

- Update to version 20220428:
  * Assigned RUSTSEC-2022-0017 to array-macro (#1225)
  * Add advisory for using impure constants in array-macro (#1224)
  * Add patch version for fruity (#1223)
  * Update RUSTSEC-2020-0071.md (#1222)
  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
  * Add CVE-2022-24791 for Wasmtime (#1217)
  * Assigned RUSTSEC-2022-0015 to pty (#1215)
  * Add unmaintained advisory for pty (#1213)
  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)

-------------------------------------------------------------------
Wed Apr 20 00:36:52 UTC 2022 - wbrown@suse.de

- Update to version 20220420:
  * Add patch version for fruity (#1223)
  * Update RUSTSEC-2020-0071.md (#1222)
  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
  * Add CVE-2022-24791 for Wasmtime (#1217)
  * Assigned RUSTSEC-2022-0015 to pty (#1215)
  * Add unmaintained advisory for pty (#1213)
  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
  * Add CVE-2022-0778 for openssl-src (#1210)
  * Assigned RUSTSEC-2022-0013 to regex (#1208)

-------------------------------------------------------------------
Wed Mar 30 01:47:58 UTC 2022 - William Brown <william.brown@suse.com>

- Resolve issue with obs install check on non-tier1 arches

-------------------------------------------------------------------
Wed Mar 23 10:54:26 UTC 2022 - wbrown@suse.de

- Update to version 20220323:
  * Assigned RUSTSEC-2022-0015 to pty (#1215)
  * Add unmaintained advisory for pty (#1213)
  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
  * Add CVE-2022-0778 for openssl-src (#1210)
  * Assigned RUSTSEC-2022-0013 to regex (#1208)
  * add cve-2022-24713 (#1207)
  * mark RUSTSEC-2021-0019 fixed, add references (#1206)
  * RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
  * Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
  * Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)

-------------------------------------------------------------------
Fri Mar 11 03:15:25 UTC 2022 - wbrown@suse.de

- Update to version 20220311:
  * Assigned RUSTSEC-2022-0013 to regex (#1208)
  * add cve-2022-24713 (#1207)
  * mark RUSTSEC-2021-0019 fixed, add references (#1206)
  * RUSTSEC-2021-0134: Remove recursive_reference from the list of alternatives (#1200)
  * Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
  * Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
  * Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
  * `rust-crypto`: miscomputation when performing AES encryption (#1201)
  * Update RUSTSEC-2020-0150.md (#1199)
  * Assigned RUSTSEC-2022-0010 to enum-map (#1198)

-------------------------------------------------------------------
Tue Feb 15 00:57:25 UTC 2022 - wbrown@suse.de

- Update to version 20220215:
  * Suggest maintained alternatives for Rental advisory (#1187)
  * Update RUSTSEC-2022-0009.md (#1186)
  * Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
  * Mark tokio-proto as deprecated (#1184)
  * Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
  * Add entry for libp2p-core vulnerability (#1182)
  * Add patched version to DashMap advisory (#1181)
  * Assigned RUSTSEC-2022-0008 to windows (#1178)
  * Add advisory for windows (#1177)
  * Assigned RUSTSEC-2022-0007 to qcell (#1172)

-------------------------------------------------------------------
Wed Jan 05 02:13:49 UTC 2022 - wbrown@suse.de

- Update to version 20220105:
  * Assigned RUSTSEC-2021-0134 to rental (#1137)
  * Report that rental is no longer maintained (#1136)
  * Assigned RUSTSEC-2020-0160 to shamir (#1135)
  * Turn the issue about shamir into an advisory (#1134)
  * Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
  * Mark cargo-download unmaintained (#1132)
  * Mark arrow advisories as fixed in https://github.com/apache/arrow-rs/issues/817 (#1131)
  * Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
  * CVE-2020-8927 for compu-brotli-sys (#1129)
  * Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)

-------------------------------------------------------------------
Fri Dec 10 04:08:52 UTC 2021 - wbrown@suse.de

- Update to version 20211210:
  * Assigned RUSTSEC-2021-0128 to rusqlite (#1120)
  * Report `rusqlite` closure lifetime issue (#1117)
  * correct formatting for lists in RUSTSEC-2021-0127 (#1116)
  * Assigned RUSTSEC-2021-0127 to serde_cbor (#1115)
  * serde_cbor is unmaintained (#1114)
  * Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
  * Add advisory for rust-embed path traversal (#1112)
  * Adds maintained alternative to slice_deque (#1109)
  * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
  * Security advisory on simple_asn1 version 0.6.0 (#1103)

-------------------------------------------------------------------
Tue Nov 30 02:12:58 UTC 2021 - wbrown@suse.de

- Update to version 20211130:
  * Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
  * Add advisory for rust-embed path traversal (#1112)
  * Adds maintained alternative to slice_deque (#1109)
  * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
  * Security advisory on simple_asn1 version 0.6.0 (#1103)
  * Assigned RUSTSEC-2021-0124 to tokio (#1107)
  * Add advisory for tokio-rs/tokio#4225 (#1106)
  * Add CVE for RUSTSEC-2021-0123 (#1105)
  * Assigned RUSTSEC-2021-0123 to fruity (#1104)
  * Add fruity advisory for nvzqz/fruity#14 (#1102)

-------------------------------------------------------------------
Fri Nov 12 00:17:17 UTC 2021 - wbrown@suse.de

- Update to version 20211112:
  * Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
  * Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
  * add cve info to advisories (#1099)
  * Bump `rustsec-admin` to v0.5.3 (#1091)
  * Add cvss information from nvd (#1085)
  * Add missing method to time vulnerability (#1086)
  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
  * Unsound implementation of Chacha20 in crypto2 (#1072)
  * Assigned RUSTSEC-2020-0159 to chrono (#1083)

-------------------------------------------------------------------
Wed Nov 03 00:32:55 UTC 2021 - wbrown@suse.de

- Update to version 20211103:
  * Bump `rustsec-admin` to v0.5.3 (#1091)
  * Add cvss information from nvd (#1085)
  * Add missing method to time vulnerability (#1086)
  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
  * Unsound implementation of Chacha20 in crypto2 (#1072)
  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
  * Update vec-const advisory (#1081)
  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)

-------------------------------------------------------------------
Sun Oct 24 23:45:27 UTC 2021 - wbrown@suse.de

- Update to version 20211025:
  * Bump `rustsec-admin` to v0.5.3 (#1091)
  * Add cvss information from nvd (#1085)
  * Add missing method to time vulnerability (#1086)
  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
  * Unsound implementation of Chacha20 in crypto2 (#1072)
  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
  * Update vec-const advisory (#1081)
  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)

-------------------------------------------------------------------
Tue Oct 19 01:15:12 UTC 2021 - wbrown@suse.de

- Update to version 20211019:
  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
  * Unsound implementation of Chacha20 in crypto2 (#1072)
  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
  * Update vec-const advisory (#1081)
  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)
  * Report abomonation as unsound (#1079)
  * Update RUSTEC-2020-0071 (#1078)
  * add missing cve info to advisories (#1077)
  * Add CVE information to RUSTSEC-2020-0142 (#1076)

-------------------------------------------------------------------
Mon Oct 04 21:21:06 UTC 2021 - wbrown@suse.de

- Update to version 20211005:
  * add CVE information to RUSTSEC-2021-0080 (#1068)
  * Add CVE information (#1067)
  * Assigned RUSTSEC-2021-0119 to nix (#1066)
  * nix::unistd::getgrouplist buffer overflow (#1060)
  * Assigned RUSTSEC-2021-0118 to arrow (#1064)
  * Yet another arrow advisory (#1059)
  * Assigned RUSTSEC-2021-0117 to arrow (#1063)
  * arrow DecimalArray advisory (#1058)
  * Assigned RUSTSEC-2021-0116 to arrow (#1062)
  * arrow BinaryArray advisory (#1057)

-------------------------------------------------------------------
Mon Aug 02 02:47:18 UTC 2021 - wbrown@suse.de

- Update to version 20210802:
  * Assigned RUSTSEC-2021-0077 to better-macro (#969)
  * better-macro has deliberate RCE in proc-macro (#966)
  * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
  * Add advisory for libsecp256k1 (#963)
  * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
  * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
  * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
  * Assigned RUSTSEC-2021-0074 to ammonia (#959)
  * Add rust-ammonia/ammonia#142 (#956)
  * Hotfix #957 until we figure out what to do with it (#958)

-------------------------------------------------------------------
Wed Jul 21 04:16:56 UTC 2021 - wbrown@suse.de

- Update to version 20210721:
  * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
  * Add advisory for libsecp256k1 (#963)
  * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
  * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions below `0.3.1` (#961)
  * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
  * Assigned RUSTSEC-2021-0074 to ammonia (#959)
  * Add rust-ammonia/ammonia#142 (#956)
  * Hotfix #957 until we figure out what to do with it (#958)
  * Assigned RUSTSEC-2021-0073 to prost-types (#955)
  * prost-types: Timestamp conversion overflow (#954)

-------------------------------------------------------------------
Fri Jul 02 01:00:10 UTC 2021 - wbrown@suse.de

- Update to version 20210702:
  * Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945)
  * Add `withdrawn` field (#942)
  * Bump `rustsec-admin` to v0.5.0 (#944)
  * Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
  * Update RUSTSEC-2021-0049.md (#941)
  * Assigned RUSTSEC-2021-0071 to grep-cli (#940)
  * crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
  * Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
  * Update RUSTSEC-2020-0043.md (#934)
  * Assigned RUSTSEC-2021-0070 to nalgebra (#932)

-------------------------------------------------------------------
Sat Jun 19 06:27:26 UTC 2021 - wbrown@suse.de

- Update to version 20210619:
  * Update RUSTSEC-2021-0049.md (#941)
  * Assigned RUSTSEC-2021-0071 to grep-cli (#940)
  * crates/grep-cli: add advisory for arbitrary binary execution on Windows (#939)
  * Add GHSA mentions to `aliases` field. This is becoming more important with OSV enabling interop between databases (#937)
  * Update RUSTSEC-2020-0043.md (#934)
  * Assigned RUSTSEC-2021-0070 to nalgebra (#932)
  * Add advisory for nalgebra VecStorage/MatrixVec (#931)
  * Remove range overlaps, fix some range specifications (#930)
  * Make ranges in trust-dns-proto advisory non-overlapping (#929)
  * Assigned RUSTSEC-2021-0069 to lettre (#925)

-------------------------------------------------------------------
Tue Jun 01 01:28:10 UTC 2021 - wbrown@suse.de

- Update to version 20210601:
  * Assigned RUSTSEC-2021-0069 to lettre (#925)
  * Add lettre smtp vulnerability (#924)
  * Assigned RUSTSEC-2021-0068 to iced-x86 (#923)
  * iced-x86: fix lint (#922)
  * Add advisory for iced-x86 soundness bug (#914)
  * Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921)
  * fixes #915 - remove duplicate word (#916)
  * Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. (#918)
  * Bump rustsec-admin to v0.4.3 (#919)
  * evm-core: fix crate name (#911)

-------------------------------------------------------------------
Fri May 07 03:16:33 UTC 2021 - wbrown@suse.de

- Update to version 20210507:
  * Assigned RUSTSEC-2021-0064 to cpuid-bool (#905)
  * Add unmaintained crate advisory for `cpuid-bool` (#904)
  * Assigned RUSTSEC-2021-0063 to comrak (#903)
  * Add advisory for another comrak XSS (#902)
  * aes* crates: add crate names to advisory titles (#901)
  * Assigned RUSTSEC-2021-0062 to miscreant (#900)
  * Add unmaintained crate advisory for `miscreant` (#899)
  * Assigned RUSTSEC-2021-0061 to aes-ctr (#898)
  * Add unmaintained crate advisory for `aes-ctr` (#897)
  * Assigned RUSTSEC-2021-0060 to aes-soft (#896)

-------------------------------------------------------------------
Wed Apr 28 00:52:16 UTC 2021 - wbrown@suse.de

- Update to version 20210428:
  * Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
  * Mark patched tiny-http version for 2020-0031 (#875)
  * Assigned RUSTSEC-2021-0053 to algorithmica (#874)
  * Report 0163-algorithmica to RustSec
  * Add std CVE (#869)
  * Update CVE numbers (#870)
  * Update advisory to indicate patched versions of stackvector.
  * Added patch to "fix" vulnerability. (#866)
  * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
  * Add advisory for double-free issues in id-map

-------------------------------------------------------------------
Tue Apr 20 00:45:30 UTC 2021 - wbrown@suse.de

- Update to version 20210420:
  * Yank advisories for once-again maintained `dirs`/`directories` crates (#876)
  * Mark patched tiny-http version for 2020-0031 (#875)
  * Assigned RUSTSEC-2021-0053 to algorithmica (#874)
  * Report 0163-algorithmica to RustSec
  * Add std CVE (#869)
  * Update CVE numbers (#870)
  * Update advisory to indicate patched versions of stackvector.
  * Added patch to "fix" vulnerability. (#866)
  * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
  * Add advisory for double-free issues in id-map

-------------------------------------------------------------------
Wed Mar 31 23:17:44 UTC 2021 - wbrown@suse.de

- Update to version 20210401:
  * Assigned RUSTSEC-2021-0050 to reorder
  * Add advisory for out-of-bounds write and uninitialized memory exposure in reorder
  * max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
  * Assigned RUSTSEC-2020-0152 to max7301
  * Add advisory for data race in max7301
  * Assigned RUSTSEC-2020-0151 to generator
  * Add advisory for data race in generator (#855)
  * Assigned RUSTSEC-2020-0150 to disrustor

-------------------------------------------------------------------
Wed Mar 17 00:54:18 UTC 2021 - wbrown@suse.de

- Update to version 20210317:
  * Have master-to-main mirror force push (#822)
  * Fix `main` -> `master` mirroring (#821)
  * Rename `master` branch to `main` (#820)
  * Mirror 'main' branch to 'master' (#819)
  * README.md: fix "Report Vulnerability" button (#818)
  * Assigned RUSTSEC-2021-0040 to arenavec
  * Assigned RUSTSEC-2021-0039 to endian_trait
  * arenavec: update advisory title to clarify issue
  * Report 0109-arenavec to RustSec

-------------------------------------------------------------------
Tue Mar 02 23:56:22 UTC 2021 - wbrown@suse.de

- Update to version 20210223:
  * Assigned RUSTSEC-2021-0032 to byte_struct
  * Assigned RUSTSEC-2021-0031 to nano_arena
  * Add advisory for aliasing violation in nano_arena
  * Add advisory for uninitialized memory drop in byte_struct
  * Assigned RUSTSEC-2021-0030 to scratchpad
  * Add advisory for double-free in scratchpad
  * Revert "Mark RUSTSEC-2020-0146 as unsound (#788)"
  * Mark RUSTSEC-2020-0146 as unsound (#788)
  * Heapless soundness fix since 0.6.1 (#791)
  * Update RUSTSEC-2020-0146.md with list of patched versions (#789)
  * Assigned RUSTSEC-2021-0029 to truetype
  * Report uninitialized memory exposure in truetype
  * Assigned RUSTSEC-2021-0028 to toodee
  * Add advisory for memory safety issue in toodee's insert_row
  * Assigned RUSTSEC-2021-0027 to bam
  * Add advisory for out-of-bounds write in bam
  * Assigned RUSTSEC-2020-0146 to generic-array
  * Add an advisory on lifetime extension in generic-array
  * Assigned RUSTSEC-2020-0145 to heapless
  * heapless: fix year: 2020, not 2010
  * heapless: use-after-free when cloning partially consumed Iterator
  * Update CVE numbers (#777)

-------------------------------------------------------------------
Tue Feb 23 04:40:05 UTC 2021 - William Brown <william.brown@suse.com>

-  Initial commit of 20210223

Places

File cargo-audit-advisory-db.changes of Package cargo-audit-advisory-db

Places