commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Mon, 05 Jul 2021 13:26:50 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-07-05 22:22:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Mon Jul  5 22:22:50 2021 rev:8 rq:903998 version:20210702

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-06-22 20:45:11.238839499 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625/cargo-audit-advisory-db.changes
        2021-07-05 22:23:13.433608699 +0200
@@ -1,0 +2,15 @@
+Fri Jul 02 01:00:10 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210702:
+  * Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945)
+  * Add `withdrawn` field (#942)
+  * Bump `rustsec-admin` to v0.5.0 (#944)
+  * Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
+  * Update RUSTSEC-2021-0049.md (#941)
+  * Assigned RUSTSEC-2021-0071 to grep-cli (#940)
+  * crates/grep-cli: add advisory for arbitrary binary execution on Windows 
(#939)
+  * Add GHSA mentions to `aliases` field. This is becoming more important with 
OSV enabling interop between databases (#937)
+  * Update RUSTSEC-2020-0043.md (#934)
+  * Assigned RUSTSEC-2021-0070 to nalgebra (#932)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20210619.tar.xz

New:
----
  advisory-db-20210702.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.dv1yVX/_old  2021-07-05 22:23:16.065588332 +0200
+++ /var/tmp/diff_new_pack.dv1yVX/_new  2021-07-05 22:23:16.069588301 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20210619
+Version:        20210702
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.dv1yVX/_old  2021-07-05 22:23:16.117587929 +0200
+++ /var/tmp/diff_new_pack.dv1yVX/_new  2021-07-05 22:23:16.117587929 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20210619</param>
+    <param name="version">20210702</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">wbr...@suse.de</param>

++++++ advisory-db-20210619.tar.xz -> advisory-db-20210702.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/.github/workflows/assign-ids.yml 
new/advisory-db-20210702/.github/workflows/assign-ids.yml
--- old/advisory-db-20210619/.github/workflows/assign-ids.yml   2021-06-16 
23:05:39.000000000 +0200
+++ new/advisory-db-20210702/.github/workflows/assign-ids.yml   2021-07-02 
01:39:03.000000000 +0200
@@ -15,12 +15,12 @@
       uses: actions/cache@v1
       with:
         path: ~/.cargo/bin
-        key: rustsec-admin-v0.4.3
+        key: rustsec-admin-v0.5.0
 
     - name: Install rustsec-admin
       run: |
         if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-            cargo install rustsec-admin --vers 0.4.3
+            cargo install rustsec-admin --vers 0.5.0
         fi
 
     - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/.github/workflows/publish-web.yml 
new/advisory-db-20210702/.github/workflows/publish-web.yml
--- old/advisory-db-20210619/.github/workflows/publish-web.yml  2021-06-16 
23:05:39.000000000 +0200
+++ new/advisory-db-20210702/.github/workflows/publish-web.yml  2021-07-02 
01:39:03.000000000 +0200
@@ -14,10 +14,10 @@
       - uses: actions/cache@v1
         with:
           path: ~/.cargo/bin
-          key: rustsec-admin-v0.4.3
+          key: rustsec-admin-v0.5.0
       - run: |
           if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-           cargo install rustsec-admin --vers 0.4.3
+           cargo install rustsec-admin --vers 0.5.0
           fi
           rustsec-admin web .
           git config user.name github-actions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210619/.github/workflows/validate.yml 
new/advisory-db-20210702/.github/workflows/validate.yml
--- old/advisory-db-20210619/.github/workflows/validate.yml     2021-06-16 
23:05:39.000000000 +0200
+++ new/advisory-db-20210702/.github/workflows/validate.yml     2021-07-02 
01:39:03.000000000 +0200
@@ -16,12 +16,12 @@
       uses: actions/cache@v1
       with:
         path: ~/.cargo/bin
-        key: rustsec-admin-v0.4.3
+        key: rustsec-admin-v0.5.0
 
     - name: Install rustsec-admin
       run: |
         if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-            cargo install rustsec-admin --vers 0.4.3
+            cargo install rustsec-admin --vers 0.5.0
         fi
 
     - name: Lint advisories
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/directories/RUSTSEC-2020-0054.md 
new/advisory-db-20210702/crates/directories/RUSTSEC-2020-0054.md
--- old/advisory-db-20210619/crates/directories/RUSTSEC-2020-0054.md    
2021-06-16 23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/directories/RUSTSEC-2020-0054.md    
2021-07-02 01:39:03.000000000 +0200
@@ -6,6 +6,7 @@
 informational = "unmaintained"
 url = "https://github.com/dirs-dev/directories-rs";
 yanked = true
+withdrawn = "2021-04-19"
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/dirs/RUSTSEC-2020-0053.md 
new/advisory-db-20210702/crates/dirs/RUSTSEC-2020-0053.md
--- old/advisory-db-20210619/crates/dirs/RUSTSEC-2020-0053.md   2021-06-16 
23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/dirs/RUSTSEC-2020-0053.md   2021-07-02 
01:39:03.000000000 +0200
@@ -6,6 +6,7 @@
 informational = "unmaintained"
 url = "https://github.com/dirs-dev/dirs-rs";
 yanked = true
+withdrawn = "2021-04-19"
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/flatbuffers/RUSTSEC-2020-0009.md 
new/advisory-db-20210702/crates/flatbuffers/RUSTSEC-2020-0009.md
--- old/advisory-db-20210619/crates/flatbuffers/RUSTSEC-2020-0009.md    
2021-06-16 23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/flatbuffers/RUSTSEC-2020-0009.md    
2021-07-02 01:39:03.000000000 +0200
@@ -11,7 +11,7 @@
 "flatbuffers::read_scalar_at" = [">= 0.4.0"]
 
 [versions]
-patched = []
+patched = [">= 2.0.0"]
 unaffected = ["< 0.4.0"]
 ```
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/libpulse-binding/RUSTSEC-2020-0055.md 
new/advisory-db-20210702/crates/libpulse-binding/RUSTSEC-2020-0055.md
--- old/advisory-db-20210619/crates/libpulse-binding/RUSTSEC-2020-0055.md       
2021-06-16 23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/libpulse-binding/RUSTSEC-2020-0055.md       
2021-07-02 01:39:03.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-10-21"
 url = "https://rustsec.org/advisories/RUSTSEC-2018-0020.html";
 yanked = true
+withdrawn = "2020-10-22"
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/spin/RUSTSEC-2019-0031.md 
new/advisory-db-20210702/crates/spin/RUSTSEC-2019-0031.md
--- old/advisory-db-20210619/crates/spin/RUSTSEC-2019-0031.md   2021-06-16 
23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/spin/RUSTSEC-2019-0031.md   2021-07-02 
01:39:03.000000000 +0200
@@ -6,6 +6,7 @@
 informational = "unmaintained"
 url = "https://github.com/mvdnes/spin-rs/commit/7516c80";
 yanked = true
+withdrawn = "2020-10-08"
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/crates/stackvector/RUSTSEC-2021-0048.md 
new/advisory-db-20210702/crates/stackvector/RUSTSEC-2021-0048.md
--- old/advisory-db-20210619/crates/stackvector/RUSTSEC-2021-0048.md    
2021-06-16 23:05:39.000000000 +0200
+++ new/advisory-db-20210702/crates/stackvector/RUSTSEC-2021-0048.md    
2021-07-02 01:39:03.000000000 +0200
@@ -8,7 +8,7 @@
 categories = ["memory-corruption"]
 
 [versions]
-patched = ["1.0.9"]
+patched = [">= 1.0.9"]
 ```
 
 # StackVec::extend can write out of bounds when size_hint is incorrect

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to