commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Tue, 19 Oct 2021 14:04:16 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-10-19 23:03:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Tue Oct 19 23:03:47 2021 rev:12 rq:926117 version:20211019

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-10-05 22:34:14.086909250 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
        2021-10-19 23:04:00.469277865 +0200
@@ -1,0 +2,15 @@
+Tue Oct 19 01:15:12 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211019:
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
+  * Update vec-const advisory (#1081)
+  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)
+  * Report abomonation as unsound (#1079)
+  * Update RUSTEC-2020-0071 (#1078)
+  * add missing cve info to advisories (#1077)
+  * Add CVE information to RUSTSEC-2020-0142 (#1076)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20211005.tar.xz

New:
----
  advisory-db-20211019.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.wX1nM4/_old  2021-10-19 23:04:01.065278135 +0200
+++ /var/tmp/diff_new_pack.wX1nM4/_new  2021-10-19 23:04:01.065278135 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20211005
+Version:        20211019
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.wX1nM4/_old  2021-10-19 23:04:01.093278148 +0200
+++ /var/tmp/diff_new_pack.wX1nM4/_new  2021-10-19 23:04:01.097278150 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20211005</param>
+    <param name="version">20211019</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">wbr...@suse.de</param>

++++++ advisory-db-20211005.tar.xz -> advisory-db-20211019.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/.duplicate-id-guard 
new/advisory-db-20211019/.duplicate-id-guard
--- old/advisory-db-20211005/.duplicate-id-guard        2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/.duplicate-id-guard        2021-10-18 
18:22:07.000000000 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-42ca4d90b4a557daf80f0be606f514ad413a5d90341135f70714161f49348a74  -
+95115d8c9869b0a0e3e4bdf781cf094e564ece260a8f34a89b73c762c1eb72cd  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/README.md 
new/advisory-db-20211019/README.md
--- old/advisory-db-20211005/README.md  2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/README.md  2021-10-18 18:22:07.000000000 +0200
@@ -8,7 +8,7 @@
 against Rust crates published via https://crates.io. A human-readable version
 of the advisory database can be found at https://rustsec.org/advisories/.
 
-We also export advisory data to [OSV](https://github.com/ossf/osv-schema) 
format,
+We also export advisory data to the [OSV](https://github.com/ossf/osv-schema) 
format,
 see the [`osv`](https://github.com/rustsec/advisory-db/tree/osv) branch.
 
 The following tools consume this advisory database and can be used for auditing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/abomonation/RUSTSEC-2021-0120.md 
new/advisory-db-20211019/crates/abomonation/RUSTSEC-2021-0120.md
--- old/advisory-db-20211005/crates/abomonation/RUSTSEC-2021-0120.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211019/crates/abomonation/RUSTSEC-2021-0120.md    
2021-10-18 18:22:07.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0120"
+package = "abomonation"
+date = "2021-10-17"
+url = "https://github.com/TimelyDataflow/abomonation/issues/23";
+categories = []
+keywords = []
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# abomonation transmutes &T to and from &[u8] without sufficient constraints
+
+This transmute is at the core of the abomonation crates. It's so easy to use 
it to violate alignment requirements that no test in the crate's test suite 
passes under miri.
+The use of this transmute in serialization/deserialization also incorrectly 
assumes that the layout of a repr(Rust) type is stable.
+This transmute can also disclose both the contents of padding bytes which may 
be an information leak and the contents of pointers, which may be used to 
defeat ASLR.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/abox/RUSTSEC-2020-0121.md 
new/advisory-db-20211019/crates/abox/RUSTSEC-2020-0121.md
--- old/advisory-db-20211005/crates/abox/RUSTSEC-2020-0121.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/abox/RUSTSEC-2020-0121.md   2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-10"
 url = "https://github.com/SonicFrog/abox/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36441"]
 
 [versions]
 patched = [">= 0.4.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/alg_ds/RUSTSEC-2020-0033.md 
new/advisory-db-20211019/crates/alg_ds/RUSTSEC-2020-0033.md
--- old/advisory-db-20211005/crates/alg_ds/RUSTSEC-2020-0033.md 2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/alg_ds/RUSTSEC-2020-0033.md 2021-10-18 
18:22:07.000000000 +0200
@@ -4,6 +4,7 @@
 package = "alg_ds"
 date = "2020-08-25"
 url = "https://gitlab.com/dvshapkin/alg-ds/-/issues/1";
+aliases = ["CVE-2020-36432"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/appendix/RUSTSEC-2020-0149.md 
new/advisory-db-20211019/crates/appendix/RUSTSEC-2020-0149.md
--- old/advisory-db-20211005/crates/appendix/RUSTSEC-2020-0149.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/appendix/RUSTSEC-2020-0149.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-15"
 url = "https://github.com/krl/appendix/issues/6";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36469"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/array-tools/RUSTSEC-2020-0132.md 
new/advisory-db-20211019/crates/array-tools/RUSTSEC-2020-0132.md
--- old/advisory-db-20211005/crates/array-tools/RUSTSEC-2020-0132.md    
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/array-tools/RUSTSEC-2020-0132.md    
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-31"
 url = "https://github.com/L117/array-tools/issues/2";
 categories = ["memory-corruption"]
+aliases = ["CVE-2020-36452"]
 
 [versions]
 patched = [">= 0.3.2"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/async-coap/RUSTSEC-2020-0124.md 
new/advisory-db-20211019/crates/async-coap/RUSTSEC-2020-0124.md
--- old/advisory-db-20211005/crates/async-coap/RUSTSEC-2020-0124.md     
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/async-coap/RUSTSEC-2020-0124.md     
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-08"
 url = "https://github.com/google/rust-async-coap/issues/33";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36444"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/beef/RUSTSEC-2020-0122.md 
new/advisory-db-20211019/crates/beef/RUSTSEC-2020-0122.md
--- old/advisory-db-20211005/crates/beef/RUSTSEC-2020-0122.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/beef/RUSTSEC-2020-0122.md   2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-10-28"
 url = "https://github.com/maciejhirsz/beef/issues/37";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36442"]
 
 [versions]
 patched = [">= 0.5.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/bunch/RUSTSEC-2020-0130.md 
new/advisory-db-20211019/crates/bunch/RUSTSEC-2020-0130.md
--- old/advisory-db-20211005/crates/bunch/RUSTSEC-2020-0130.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/bunch/RUSTSEC-2020-0130.md  2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-12"
 url = "https://github.com/krl/bunch/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36450"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/cache/RUSTSEC-2020-0128.md 
new/advisory-db-20211019/crates/cache/RUSTSEC-2020-0128.md
--- old/advisory-db-20211005/crates/cache/RUSTSEC-2020-0128.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/cache/RUSTSEC-2020-0128.md  2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-24"
 url = "https://github.com/krl/cache/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36448"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/crates/cgc/RUSTSEC-2020-0148.md 
new/advisory-db-20211019/crates/cgc/RUSTSEC-2020-0148.md
--- old/advisory-db-20211005/crates/cgc/RUSTSEC-2020-0148.md    2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/cgc/RUSTSEC-2020-0148.md    2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/playXE/cgc/issues/5";
 categories = ["memory-corruption"]
 keywords = ["memory-safety", "aliasing", "concurrency"]
+aliases = ["CVE-2020-36466", "CVE-2020-36467", "CVE-2020-36468"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/chrono/RUSTSEC-2020-0159.md 
new/advisory-db-20211019/crates/chrono/RUSTSEC-2020-0159.md
--- old/advisory-db-20211005/crates/chrono/RUSTSEC-2020-0159.md 1970-01-01 
01:00:00.000000000 +0100
+++ new/advisory-db-20211019/crates/chrono/RUSTSEC-2020-0159.md 2021-10-18 
18:22:07.000000000 +0200
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0159"
+package = "chrono"
+date = "2020-11-10"
+url = "https://github.com/chronotope/chrono/issues/499";
+categories = ["code-execution", "memory-corruption"]
+keywords = ["segfault"]
+related = ["CVE-2020-26235", "RUSTSEC-2020-0071"]
+
+[versions]
+patched = []
+```
+
+# Potential segfault in `localtime_r` invocations
+
+### Impact
+
+Unix-like operating systems may segfault due to dereferencing a dangling 
pointer in specific circumstances. This requires an environment variable to be 
set in a different thread than the affected functions. This may occur without 
the user's knowledge, notably in a third-party library.
+
+### Workarounds
+
+No workarounds are known.
+
+### References
+
+- [time-rs/time#293](https://github.com/time-rs/time/issues/293)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/chunky/RUSTSEC-2020-0035.md 
new/advisory-db-20211019/crates/chunky/RUSTSEC-2020-0035.md
--- old/advisory-db-20211005/crates/chunky/RUSTSEC-2020-0035.md 2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/chunky/RUSTSEC-2020-0035.md 2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-08-25"
 informational = "unsound"
 url = "https://github.com/aeplay/chunky/issues/2";
+aliases = ["CVE-2020-36433"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/conqueue/RUSTSEC-2020-0117.md 
new/advisory-db-20211019/crates/conqueue/RUSTSEC-2020-0117.md
--- old/advisory-db-20211005/crates/conqueue/RUSTSEC-2020-0117.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/conqueue/RUSTSEC-2020-0117.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-24"
 url = "https://github.com/longshorej/conqueue/issues/9";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36437"]
 
 [versions]
 patched = [">= 0.4.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/convec/RUSTSEC-2020-0125.md 
new/advisory-db-20211019/crates/convec/RUSTSEC-2020-0125.md
--- old/advisory-db-20211005/crates/convec/RUSTSEC-2020-0125.md 2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/convec/RUSTSEC-2020-0125.md 2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-24"
 url = "https://github.com/krl/convec/issues/2";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36445"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/crypto2/RUSTSEC-2021-0121.md 
new/advisory-db-20211019/crates/crypto2/RUSTSEC-2021-0121.md
--- old/advisory-db-20211005/crates/crypto2/RUSTSEC-2021-0121.md        
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211019/crates/crypto2/RUSTSEC-2021-0121.md        
2021-10-18 18:22:07.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0121"
+package = "crypto2"
+date = "2021-10-08"
+url = "https://github.com/shadowsocks/crypto2/issues/27";
+informational = "unsound"
+keywords = ["crypto", "alignment", "unsound"]
+
+[affected.functions]
+"crypto2::streamcipher::Chacha20::encrypt_slice" = ["*"]
+"crypto2::streamcipher::Chacha20::decrypt_slice" = ["*"]
+"crypto2::streamcipher::xor_si512_inplace" = ["*"]
+
+[versions]
+patched = []
+```
+
+# Non-aligned u32 read in Chacha20 encryption and decryption
+The implementation does not enforce alignment requirements on input slices 
while incorrectly assuming 4-byte alignment through an unsafe call to 
`std::slice::from_raw_parts_mut`, which breaks the contract and introduces 
undefined behavior.
+
+This affects Chacha20 encryption and decryption in crypto2.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/dces/RUSTSEC-2020-0139.md 
new/advisory-db-20211019/crates/dces/RUSTSEC-2020-0139.md
--- old/advisory-db-20211005/crates/dces/RUSTSEC-2020-0139.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/dces/RUSTSEC-2020-0139.md   2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://gitlab.redox-os.org/redox-os/dces-rust/-/issues/8";
 categories = ["memory-corruption", "thread-safety"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36459"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/disrustor/RUSTSEC-2020-0150.md 
new/advisory-db-20211019/crates/disrustor/RUSTSEC-2020-0150.md
--- old/advisory-db-20211005/crates/disrustor/RUSTSEC-2020-0150.md      
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/disrustor/RUSTSEC-2020-0150.md      
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-17"
 url = "https://github.com/sklose/disrustor/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36470"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/failure/RUSTSEC-2020-0036.md 
new/advisory-db-20211019/crates/failure/RUSTSEC-2020-0036.md
--- old/advisory-db-20211005/crates/failure/RUSTSEC-2020-0036.md        
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/failure/RUSTSEC-2020-0036.md        
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-05-02"
 informational = "unmaintained"
 url = "https://github.com/rust-lang-nursery/failure/pull/347";
+aliases = ["CVE-2020-25575"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/generator/RUSTSEC-2019-0020.md 
new/advisory-db-20211019/crates/generator/RUSTSEC-2019-0020.md
--- old/advisory-db-20211005/crates/generator/RUSTSEC-2019-0020.md      
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/generator/RUSTSEC-2019-0020.md      
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2019-09-06"
 keywords = ["memory-corruption"]
 url = "https://github.com/Xudong-Huang/generator-rs/issues/9";
+aliases = ["CVE-2019-16144"]
 
 [versions]
 patched = [">= 0.6.18"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/generic-array/RUSTSEC-2020-0146.md 
new/advisory-db-20211019/crates/generic-array/RUSTSEC-2020-0146.md
--- old/advisory-db-20211005/crates/generic-array/RUSTSEC-2020-0146.md  
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/generic-array/RUSTSEC-2020-0146.md  
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/fizyk20/generic-array/issues/98";
 categories = ["memory-corruption"]
 keywords = ["soundness"]
+aliases = ["CVE-2020-36465"]
 
 [versions]
 patched = [
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/heapless/RUSTSEC-2020-0145.md 
new/advisory-db-20211019/crates/heapless/RUSTSEC-2020-0145.md
--- old/advisory-db-20211005/crates/heapless/RUSTSEC-2020-0145.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/heapless/RUSTSEC-2020-0145.md       
2021-10-18 18:22:07.000000000 +0200
@@ -7,6 +7,7 @@
 categories = ["memory-corruption", "memory-exposure"]
 keywords = ["use-after-free"]
 informational = "unsound"
+aliases = ["CVE-2020-36464"]
 
 [affected.functions]
 "heapless::vec::IntoIter::clone" = ["<= 0.6"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/kekbit/RUSTSEC-2020-0129.md 
new/advisory-db-20211019/crates/kekbit/RUSTSEC-2020-0129.md
--- old/advisory-db-20211005/crates/kekbit/RUSTSEC-2020-0129.md 2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/kekbit/RUSTSEC-2020-0129.md 2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-18"
 url = "https://github.com/motoras/kekbit/issues/34";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36449"]
 
 [versions]
 patched = [">= 0.3.4"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/lever/RUSTSEC-2020-0137.md 
new/advisory-db-20211019/crates/lever/RUSTSEC-2020-0137.md
--- old/advisory-db-20211005/crates/lever/RUSTSEC-2020-0137.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/lever/RUSTSEC-2020-0137.md  2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/vertexclique/lever/issues/15";
 categories = ["memory-corruption", "thread-safety"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36457"]
 
 [versions]
 patched = [">= 0.1.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/lexer/RUSTSEC-2020-0138.md 
new/advisory-db-20211019/crates/lexer/RUSTSEC-2020-0138.md
--- old/advisory-db-20211005/crates/lexer/RUSTSEC-2020-0138.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/lexer/RUSTSEC-2020-0138.md  2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-10"
 url = "https://gitlab.com/nathanfaucett/rs-lexer/-/issues/2";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36458"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/libp2p-deflate/RUSTSEC-2020-0123.md 
new/advisory-db-20211019/crates/libp2p-deflate/RUSTSEC-2020-0123.md
--- old/advisory-db-20211005/crates/libp2p-deflate/RUSTSEC-2020-0123.md 
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/libp2p-deflate/RUSTSEC-2020-0123.md 
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-01-24"
 url = "https://github.com/libp2p/rust-libp2p/issues/1932";
 categories = ["memory-exposure"]
+aliases = ["CVE-2020-36443"]
 
 [versions]
 patched = [">= 0.27.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/libpulse-binding/RUSTSEC-2018-0020.md 
new/advisory-db-20211019/crates/libpulse-binding/RUSTSEC-2018-0020.md
--- old/advisory-db-20211005/crates/libpulse-binding/RUSTSEC-2018-0020.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/libpulse-binding/RUSTSEC-2018-0020.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,7 +5,7 @@
 date = "2018-12-22"
 url = "https://github.com/advisories/GHSA-6gvc-4jvj-pwq4";
 categories = ["memory-corruption"]
-aliases = ["GHSA-6gvc-4jvj-pwq4"]
+aliases = ["GHSA-6gvc-4jvj-pwq4", "CVE-2018-25001"]
 
 [versions]
 patched = [">= 2.5.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/libsbc/RUSTSEC-2020-0120.md 
new/advisory-db-20211019/crates/libsbc/RUSTSEC-2020-0120.md
--- old/advisory-db-20211005/crates/libsbc/RUSTSEC-2020-0120.md 2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/libsbc/RUSTSEC-2020-0120.md 2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/mvertescher/libsbc-rs/issues/4";
 categories = ["memory-corruption", "thread-safety"]
 informational = "unsound"
+aliases = ["CVE-2020-36440"]
 
 [versions]
 patched = [">= 0.1.5"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/max7301/RUSTSEC-2020-0152.md 
new/advisory-db-20211019/crates/max7301/RUSTSEC-2020-0152.md
--- old/advisory-db-20211005/crates/max7301/RUSTSEC-2020-0152.md        
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/max7301/RUSTSEC-2020-0152.md        
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/edarc/max7301/issues/1";
 categories = ["memory-corruption"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36472"]
 
 [versions]
 patched = [">= 0.2.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/model/RUSTSEC-2020-0140.md 
new/advisory-db-20211019/crates/model/RUSTSEC-2020-0140.md
--- old/advisory-db-20211005/crates/model/RUSTSEC-2020-0140.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/model/RUSTSEC-2020-0140.md  2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/spacejam/model/issues/3";
 categories = ["thread-safety"]
 informational = "unsound"
+aliases = ["CVE-2020-36460"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/multiqueue/RUSTSEC-2020-0143.md 
new/advisory-db-20211019/crates/multiqueue/RUSTSEC-2020-0143.md
--- old/advisory-db-20211005/crates/multiqueue/RUSTSEC-2020-0143.md     
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/multiqueue/RUSTSEC-2020-0143.md     
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-25"
 url = "https://github.com/schets/multiqueue/issues/31";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36463"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/net2/RUSTSEC-2020-0078.md 
new/advisory-db-20211019/crates/net2/RUSTSEC-2020-0078.md
--- old/advisory-db-20211005/crates/net2/RUSTSEC-2020-0078.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/net2/RUSTSEC-2020-0078.md   2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/deprecrated/net2-rs/issues/105";
 keywords = ["memory", "layout", "cast"]
 informational = "unsound"
+aliases = ["CVE-2020-35919"]
 
 [versions]
 patched = [">= 0.2.36"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/crates/nix/RUSTSEC-2021-0119.md 
new/advisory-db-20211019/crates/nix/RUSTSEC-2021-0119.md
--- old/advisory-db-20211005/crates/nix/RUSTSEC-2021-0119.md    2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/nix/RUSTSEC-2021-0119.md    2021-10-18 
18:22:07.000000000 +0200
@@ -6,7 +6,6 @@
 url = "https://github.com/nix-rust/nix/issues/1541";
 categories = ["memory-corruption"]
 keywords = ["nss"]
-informational = "unsound"
 
 [versions]
 patched = ["^0.20.2", "^0.21.2", "^0.22.2", ">= 0.23.0",]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/noise_search/RUSTSEC-2020-0141.md 
new/advisory-db-20211019/crates/noise_search/RUSTSEC-2020-0141.md
--- old/advisory-db-20211005/crates/noise_search/RUSTSEC-2020-0141.md   
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/noise_search/RUSTSEC-2020-0141.md   
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-10"
 url = "https://github.com/pipedown/noise/issues/72";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36461"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/parc/RUSTSEC-2020-0134.md 
new/advisory-db-20211019/crates/parc/RUSTSEC-2020-0134.md
--- old/advisory-db-20211005/crates/parc/RUSTSEC-2020-0134.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/parc/RUSTSEC-2020-0134.md   2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-14"
 url = "https://github.com/hyyking/rustracts/pull/6";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36454"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/rcu_cell/RUSTSEC-2020-0131.md 
new/advisory-db-20211019/crates/rcu_cell/RUSTSEC-2020-0131.md
--- old/advisory-db-20211005/crates/rcu_cell/RUSTSEC-2020-0131.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/rcu_cell/RUSTSEC-2020-0131.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-14"
 url = "https://github.com/Xudong-Huang/rcu_cell/issues/3";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36451"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/rkyv/RUSTSEC-2021-0054.md 
new/advisory-db-20211019/crates/rkyv/RUSTSEC-2021-0054.md
--- old/advisory-db-20211005/crates/rkyv/RUSTSEC-2021-0054.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/rkyv/RUSTSEC-2021-0054.md   2021-10-18 
18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/djkoloski/rkyv/issues/113";
 categories = ["memory-exposure"]
 keywords = ["uninitialized", "memory", "information", "leak"]
+aliases = ["CVE-2021-31919"]
 
 [versions]
 patched = [">= 0.6.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/ruspiro-singleton/RUSTSEC-2020-0115.md 
new/advisory-db-20211019/crates/ruspiro-singleton/RUSTSEC-2020-0115.md
--- old/advisory-db-20211005/crates/ruspiro-singleton/RUSTSEC-2020-0115.md      
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/ruspiro-singleton/RUSTSEC-2020-0115.md      
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10";
 categories = ["memory-corruption", "thread-safety"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36435"]
 
 [versions]
 patched = [">= 0.4.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/scottqueue/RUSTSEC-2020-0133.md 
new/advisory-db-20211019/crates/scottqueue/RUSTSEC-2020-0133.md
--- old/advisory-db-20211005/crates/scottqueue/RUSTSEC-2020-0133.md     
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/scottqueue/RUSTSEC-2020-0133.md     
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-15"
 url = "https://github.com/rossdylan/rust-scottqueue/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36453"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/signal-simple/RUSTSEC-2020-0126.md 
new/advisory-db-20211019/crates/signal-simple/RUSTSEC-2020-0126.md
--- old/advisory-db-20211005/crates/signal-simple/RUSTSEC-2020-0126.md  
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/signal-simple/RUSTSEC-2020-0126.md  
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-15"
 url = "https://github.com/kitsuneninetails/signal-rust/issues/2";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36446"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/slice-deque/RUSTSEC-2020-0158.md 
new/advisory-db-20211019/crates/slice-deque/RUSTSEC-2020-0158.md
--- old/advisory-db-20211005/crates/slice-deque/RUSTSEC-2020-0158.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211019/crates/slice-deque/RUSTSEC-2020-0158.md    
2021-10-18 18:22:07.000000000 +0200
@@ -0,0 +1,15 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0158"
+package = "slice-deque"
+date = "2020-02-10"
+url = "https://github.com/gnzlbg/slice_deque/issues/94";
+informational = "unmaintained"
+
+[versions]
+patched = []
+```
+
+# slice-deque is unmaintained
+
+The author of the `slice-deque` crate is unresponsive and is not receiving 
security patches.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/slock/RUSTSEC-2020-0135.md 
new/advisory-db-20211019/crates/slock/RUSTSEC-2020-0135.md
--- old/advisory-db-20211005/crates/slock/RUSTSEC-2020-0135.md  2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/slock/RUSTSEC-2020-0135.md  2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-17"
 url = "https://github.com/BrokenLamp/slock-rs/issues/2";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36455"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/syncpool/RUSTSEC-2020-0142.md 
new/advisory-db-20211019/crates/syncpool/RUSTSEC-2020-0142.md
--- old/advisory-db-20211005/crates/syncpool/RUSTSEC-2020-0142.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/syncpool/RUSTSEC-2020-0142.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-29"
 url = "https://github.com/Chopinsky/byte_buffer/issues/2";
 categories = ["memory-corruption"]
+aliases = ["CVE-2020-36462"]
 
 [versions]
 patched = [">= 0.1.6"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/sys-info/RUSTSEC-2020-0100.md 
new/advisory-db-20211019/crates/sys-info/RUSTSEC-2020-0100.md
--- old/advisory-db-20211005/crates/sys-info/RUSTSEC-2020-0100.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/sys-info/RUSTSEC-2020-0100.md       
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/FillZpp/sys-info-rs/issues/63";
 categories = ["memory-corruption"]
 keywords = ["concurrency", "double free"]
+aliases = ["CVE-2020-36434"]
 
 [versions]
 patched = [">= 0.8.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/ticketed_lock/RUSTSEC-2020-0119.md 
new/advisory-db-20211019/crates/ticketed_lock/RUSTSEC-2020-0119.md
--- old/advisory-db-20211005/crates/ticketed_lock/RUSTSEC-2020-0119.md  
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/ticketed_lock/RUSTSEC-2020-0119.md  
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-17"
 url = "https://github.com/kvark/ticketed_lock/issues/7";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36439"]
 
 [versions]
 patched = [">= 0.3.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/time/RUSTSEC-2020-0071.md 
new/advisory-db-20211019/crates/time/RUSTSEC-2020-0071.md
--- old/advisory-db-20211005/crates/time/RUSTSEC-2020-0071.md   2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/time/RUSTSEC-2020-0071.md   2021-10-18 
18:22:07.000000000 +0200
@@ -24,6 +24,8 @@
     "freebsd",
 ]
 [affected.functions]
+"time::at" = ["^0.1"]
+"time::at_utc" = ["^0.1"]
 "time::UtcOffset::local_offset_at" = ["< 0.2.23"]
 "time::UtcOffset::try_local_offset_at" = ["< 0.2.23"]
 "time::UtcOffset::current_local_offset" = ["< 0.2.23"]
@@ -33,16 +35,16 @@
 
 [versions]
 patched = [">= 0.2.23"]
-unaffected = ["< 0.2.7"]
+unaffected = ["=0.2.0", "=0.2.1", "=0.2.2", "=0.2.3", "=0.2.4", "=0.2.5", 
"=0.2.6"]
 ```
 
 # Potential segfault in the time crate
 
-## Impact
+### Impact
 
-Unix-like operating systems may segfault due to dereferencing a dangling 
pointer in specific circumstances. This requires the user to set any 
environment variable in a different thread than the affected functions.
+Unix-like operating systems may segfault due to dereferencing a dangling 
pointer in specific circumstances. This requires an environment variable to be 
set in a different thread than the affected functions. This may occur without 
the user's knowledge, notably in a third-party library.
 
-The affected functions are:
+The affected functions from time 0.2.7 through 0.2.22 are:
 
 - `time::UtcOffset::local_offset_at`
 - `time::UtcOffset::try_local_offset_at`
@@ -51,18 +53,25 @@
 - `time::OffsetDateTime::now_local`
 - `time::OffsetDateTime::try_now_local`
 
-Non-Unix targets are unaffected. This includes Windows and wasm.
+The affected functions in time 0.1 (all versions) are:
 
-## Patches
+- `at`
+- `at_utc`
+
+Non-Unix targets (including Windows and wasm) are unaffected.
+
+### Patches
 
 Pending a proper fix, the internal method that determines the local offset has 
been modified to always return `None` on the affected operating systems. This 
has the effect of returning an `Err` on the `try_*` methods and `UTC` on the 
non-`try_*` methods.
 
-Users and library authors with time in their dependency tree should perform 
`cargo update`, which will pull in a the updated, unaffected code.
+Users and library authors with time in their dependency tree should perform 
`cargo update`, which will pull in the updated, unaffected code.
+
+Users of time 0.1 do not have a patch and should upgrade to an unaffected 
version: time 0.2.23 or greater or the 0.3. series.
 
-## Workarounds
+### Workarounds
 
 No workarounds are known.
 
-## References
+### References
 
-#293
+time-rs/time#293
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/tiny_future/RUSTSEC-2020-0118.md 
new/advisory-db-20211019/crates/tiny_future/RUSTSEC-2020-0118.md
--- old/advisory-db-20211005/crates/tiny_future/RUSTSEC-2020-0118.md    
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/tiny_future/RUSTSEC-2020-0118.md    
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/KizzyCode/tiny_future/issues/1";
 categories = ["memory-corruption", "thread-safety"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36438"]
 
 [versions]
 patched = [">= 0.4.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/toolshed/RUSTSEC-2020-0136.md 
new/advisory-db-20211019/crates/toolshed/RUSTSEC-2020-0136.md
--- old/advisory-db-20211005/crates/toolshed/RUSTSEC-2020-0136.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/toolshed/RUSTSEC-2020-0136.md       
2021-10-18 18:22:07.000000000 +0200
@@ -6,6 +6,7 @@
 url = "https://github.com/ratel-rust/toolshed/issues/12";
 categories = ["memory-corruption", "thread-safety"]
 keywords = ["concurrency"]
+aliases = ["CVE-2020-36456"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/unicycle/RUSTSEC-2020-0116.md 
new/advisory-db-20211019/crates/unicycle/RUSTSEC-2020-0116.md
--- old/advisory-db-20211005/crates/unicycle/RUSTSEC-2020-0116.md       
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/unicycle/RUSTSEC-2020-0116.md       
2021-10-18 18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-11-15"
 url = "https://github.com/udoprog/unicycle/issues/8";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36436"]
 
 [versions]
 patched = [">= 0.7.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/crates/v9/RUSTSEC-2020-0127.md 
new/advisory-db-20211019/crates/v9/RUSTSEC-2020-0127.md
--- old/advisory-db-20211005/crates/v9/RUSTSEC-2020-0127.md     2021-10-01 
23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/v9/RUSTSEC-2020-0127.md     2021-10-18 
18:22:07.000000000 +0200
@@ -5,6 +5,7 @@
 date = "2020-12-18"
 url = "https://github.com/purpleposeidon/v9/issues/1";
 categories = ["memory-corruption", "thread-safety"]
+aliases = ["CVE-2020-36447"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/vec-const/RUSTSEC-2021-0082.md 
new/advisory-db-20211019/crates/vec-const/RUSTSEC-2021-0082.md
--- old/advisory-db-20211005/crates/vec-const/RUSTSEC-2021-0082.md      
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/vec-const/RUSTSEC-2021-0082.md      
2021-10-18 18:22:07.000000000 +0200
@@ -9,9 +9,11 @@
 informational = "unsound"
 
 [versions]
-patched = []
+patched = [">= 2.0.0"]
 ```
 
 # vec-const attempts to construct a Vec from a pointer to a const slice
 
-This crate claims to construct a const `Vec` with nonzero length and capacity, 
but that cannot be done because such a `Vec` requires a pointer from an 
allocator.
+Affected versions of this crate claimed to construct a const `Vec` with 
nonzero length and capacity, but that cannot be done because such a `Vec` 
requires a pointer from an allocator.
+
+The implementation was later changed to just construct a `std::borrow::Cow`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/zeroize_derive/RUSTSEC-2021-0115.md 
new/advisory-db-20211019/crates/zeroize_derive/RUSTSEC-2021-0115.md
--- old/advisory-db-20211005/crates/zeroize_derive/RUSTSEC-2021-0115.md 
2021-10-01 23:25:09.000000000 +0200
+++ new/advisory-db-20211019/crates/zeroize_derive/RUSTSEC-2021-0115.md 
2021-10-18 18:22:07.000000000 +0200
@@ -6,7 +6,7 @@
 url = "https://github.com/iqlusioninc/crates/issues/876";
 
 [versions]
-patched = [">= 1.2.0"]
+patched = [">= 1.1.1"]
 ```
 
 # `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to