commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Tue, 03 Aug 2021 13:49:16 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-08-03 22:48:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Tue Aug  3 22:48:43 2021 rev:10 rq:909876 version:20210802

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-07-22 22:44:08.123139204 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899/cargo-audit-advisory-db.changes
        2021-08-03 22:49:00.112477976 +0200
@@ -1,0 +2,15 @@
+Mon Aug 02 02:47:18 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210802:
+  * Assigned RUSTSEC-2021-0077 to better-macro (#969)
+  * better-macro has deliberate RCE in proc-macro (#966)
+  * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
+  * Add advisory for libsecp256k1 (#963)
+  * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
+  * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions 
below `0.3.1` (#961)
+  * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
+  * Assigned RUSTSEC-2021-0074 to ammonia (#959)
+  * Add rust-ammonia/ammonia#142 (#956)
+  * Hotfix #957 until we figure out what to do with it (#958)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20210721.tar.xz

New:
----
  advisory-db-20210802.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.pCgQoo/_old  2021-08-03 22:49:01.644476128 +0200
+++ /var/tmp/diff_new_pack.pCgQoo/_new  2021-08-03 22:49:01.648476123 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20210721
+Version:        20210802
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.pCgQoo/_old  2021-08-03 22:49:01.680476084 +0200
+++ /var/tmp/diff_new_pack.pCgQoo/_new  2021-08-03 22:49:01.680476084 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20210721</param>
+    <param name="version">20210802</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">wbr...@suse.de</param>

++++++ advisory-db-20210721.tar.xz -> advisory-db-20210802.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210721/.duplicate-id-guard 
new/advisory-db-20210802/.duplicate-id-guard
--- old/advisory-db-20210721/.duplicate-id-guard        2021-07-13 
14:47:59.000000000 +0200
+++ new/advisory-db-20210802/.duplicate-id-guard        2021-07-26 
22:46:07.000000000 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-10f78efb7823f3c335f7dd815207a12473d128651d511ea71ae1a8419b59874d  -
+bd246e1f4b34100531c2fa8edeff29e12391cca115de6b424aed2a2127e93b03  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210721/crates/better-macro/RUSTSEC-2021-0077.md 
new/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md
--- old/advisory-db-20210721/crates/better-macro/RUSTSEC-2021-0077.md   
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md   
2021-07-26 22:46:07.000000000 +0200
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0077"
+package = "better-macro"
+date = "2021-07-22"
+url = 
"https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38";
+categories = ["code-execution"]
+keywords = ["rce", "proc-macro"]
+
+[affected]
+functions = { "better_macro::println" = ["> 1.0.0"] }
+
+[versions]
+patched = []
+```
+
+# `better-macro` has deliberate RCE to prove a point
+
+[better-macro](https://crates.io/crates/better-macro) is a fake crate which is
+"Proving A Point" that proc-macros can run arbitrary code. This a particularly
+novel or interesting observation.
+
+It currently opens 
`https://github.com/raycar5/better-macro/blob/master/doc/hi.md`
+which doesn't appear to have any malicious content, but there's no guarantee 
that
+will remain the case.
+
+This crate has no useful functionality, and should not be used.

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to