commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Fri, 12 Nov 2021 07:00:42 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-11-12 15:59:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Fri Nov 12 15:59:22 2021 rev:15 rq:930998 version:20211112

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-11-03 17:26:54.501358305 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
        2021-11-12 16:00:09.614589797 +0100
@@ -1,0 +2,15 @@
+Fri Nov 12 00:17:17 UTC 2021 - [email protected]
+
+- Update to version 20211112:
+  * Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
+  * Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
+  * add cve info to advisories (#1099)
+  * Bump `rustsec-admin` to v0.5.3 (#1091)
+  * Add cvss information from nvd (#1085)
+  * Add missing method to time vulnerability (#1086)
+  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20211103.tar.xz

New:
----
  advisory-db-20211112.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.BHCaHC/_old  2021-11-12 16:00:10.070590008 +0100
+++ /var/tmp/diff_new_pack.BHCaHC/_new  2021-11-12 16:00:10.070590008 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20211103
+Version:        20211112
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.BHCaHC/_old  2021-11-12 16:00:10.102590022 +0100
+++ /var/tmp/diff_new_pack.BHCaHC/_new  2021-11-12 16:00:10.106590024 +0100
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20211103</param>
+    <param name="version">20211112</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">[email protected]</param>

++++++ advisory-db-20211103.tar.xz -> advisory-db-20211112.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211103/.duplicate-id-guard 
new/advisory-db-20211112/.duplicate-id-guard
--- old/advisory-db-20211103/.duplicate-id-guard        2021-10-22 
16:28:51.000000000 +0200
+++ new/advisory-db-20211112/.duplicate-id-guard        2021-11-07 
18:53:20.000000000 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-95115d8c9869b0a0e3e4bdf781cf094e564ece260a8f34a89b73c762c1eb72cd  -
+9042bc5cd75d598f6aabe16f7a520b6886ac5abe65319eaee6cb8650f0e3085a  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/algorithmica/RUSTSEC-2021-0053.md 
new/advisory-db-20211112/crates/algorithmica/RUSTSEC-2021-0053.md
--- old/advisory-db-20211103/crates/algorithmica/RUSTSEC-2021-0053.md   
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/algorithmica/RUSTSEC-2021-0053.md   
2021-11-07 18:53:20.000000000 +0100
@@ -5,6 +5,7 @@
 date = "2021-03-07"
 url = "https://github.com/AbrarNitk/algorithmica/issues/1";
 categories = ["memory-corruption"]
+aliases = ["CVE-2021-31996"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/ammonia/RUSTSEC-2021-0074.md 
new/advisory-db-20211112/crates/ammonia/RUSTSEC-2021-0074.md
--- old/advisory-db-20211103/crates/ammonia/RUSTSEC-2021-0074.md        
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/ammonia/RUSTSEC-2021-0074.md        
2021-11-07 18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/rust-ammonia/ammonia/pull/142";
 categories = ["format-injection"]
 keywords = ["html", "xss"]
+aliases = ["CVE-2021-38193"]
 
 [versions]
 patched = [">= 3.1.0", ">= 2.1.3, < 3.0.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/anymap/RUSTSEC-2021-0065.md 
new/advisory-db-20211112/crates/anymap/RUSTSEC-2021-0065.md
--- old/advisory-db-20211103/crates/anymap/RUSTSEC-2021-0065.md 2021-10-22 
16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/anymap/RUSTSEC-2021-0065.md 2021-11-07 
18:53:20.000000000 +0100
@@ -5,6 +5,8 @@
 date = "2021-05-07"
 informational = "unmaintained"
 url = "https://github.com/chris-morgan/anymap/issues/37";
+aliases = ["CVE-2021-38187"]
+
 [versions]
 patched = []
 unaffected = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/ark-r1cs-std/RUSTSEC-2021-0075.md 
new/advisory-db-20211112/crates/ark-r1cs-std/RUSTSEC-2021-0075.md
--- old/advisory-db-20211103/crates/ark-r1cs-std/RUSTSEC-2021-0075.md   
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/ark-r1cs-std/RUSTSEC-2021-0075.md   
2021-11-07 18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 categories = ["crypto-failure"]
 keywords = ["r1cs", "zksnark", "arkworks"]
 url = "https://github.com/arkworks-rs/r1cs-std/pull/70";
+aliases = ["CVE-2021-38194"]
 
 [versions]
 patched = [">= 0.3.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/better-macro/RUSTSEC-2021-0077.md 
new/advisory-db-20211112/crates/better-macro/RUSTSEC-2021-0077.md
--- old/advisory-db-20211103/crates/better-macro/RUSTSEC-2021-0077.md   
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/better-macro/RUSTSEC-2021-0077.md   
2021-11-07 18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = 
"https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38";
 categories = ["code-execution"]
 keywords = ["rce", "proc-macro"]
+aliases = ["CVE-2021-38196"]
 
 [affected]
 functions = { "better_macro::println" = ["> 1.0.0"] }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/comrak/RUSTSEC-2021-0063.md 
new/advisory-db-20211112/crates/comrak/RUSTSEC-2021-0063.md
--- old/advisory-db-20211103/crates/comrak/RUSTSEC-2021-0063.md 2021-10-22 
16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/comrak/RUSTSEC-2021-0063.md 2021-11-07 
18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/kivikakk/comrak/releases/tag/0.10.1";
 categories = ["format-injection"]
 keywords = ["xss"]
+aliases = ["CVE-2021-38186"]
 
 [versions]
 patched = [">= 0.10.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/flatbuffers/RUSTSEC-2021-0122.md 
new/advisory-db-20211112/crates/flatbuffers/RUSTSEC-2021-0122.md
--- old/advisory-db-20211103/crates/flatbuffers/RUSTSEC-2021-0122.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211112/crates/flatbuffers/RUSTSEC-2021-0122.md    
2021-11-07 18:53:20.000000000 +0100
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0122"
+package = "flatbuffers"
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+date = "2021-10-31"
+url = "https://github.com/google/flatbuffers/issues/6627";
+
+[versions]
+patched = []
+```
+
+# Generated code can read and write out of bounds in safe code
+
+Code generated by flatbuffers' compiler is `unsafe` but not marked as such.
+See https://github.com/google/flatbuffers/issues/6627 for details.
+
+All users that use generated code by `flatbuffers` compiler are recommended to:
+1. not expose flatbuffer generated code as part of their public APIs
+2. audit their code and look for any usage of `follow`, `push`, or any method 
that uses them
+   (e.g. `self_follow`).
+3. Carefuly go through the crates' documentation to understand which "safe" 
APIs are not
+   intended to be used.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/iced-x86/RUSTSEC-2021-0068.md 
new/advisory-db-20211112/crates/iced-x86/RUSTSEC-2021-0068.md
--- old/advisory-db-20211103/crates/iced-x86/RUSTSEC-2021-0068.md       
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/iced-x86/RUSTSEC-2021-0068.md       
2021-11-07 18:53:20.000000000 +0100
@@ -5,6 +5,7 @@
 date = "2021-05-19"
 url = "https://github.com/icedland/iced/issues/168";
 keywords = ["soundness"]
+aliases = ["CVE-2021-38188"]
 
 [affected]
 functions = { "iced_x86::Decoder::new" = ["<= 1.10.3"] }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/libsecp256k1/RUSTSEC-2021-0076.md 
new/advisory-db-20211112/crates/libsecp256k1/RUSTSEC-2021-0076.md
--- old/advisory-db-20211103/crates/libsecp256k1/RUSTSEC-2021-0076.md   
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/libsecp256k1/RUSTSEC-2021-0076.md   
2021-11-07 18:53:20.000000000 +0100
@@ -5,6 +5,8 @@
 date = "2021-07-13"
 url = "https://github.com/paritytech/libsecp256k1/pull/67";
 categories = ["crypto-failure"]
+aliases        = ["CVE-2021-38195"]
+
 [versions]
 patched = [">= 0.5.0"]
 ```
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/nalgebra/RUSTSEC-2021-0070.md 
new/advisory-db-20211112/crates/nalgebra/RUSTSEC-2021-0070.md
--- old/advisory-db-20211103/crates/nalgebra/RUSTSEC-2021-0070.md       
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/nalgebra/RUSTSEC-2021-0070.md       
2021-11-07 18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/dimforge/nalgebra/issues/883";
 categories = ["memory-corruption", "memory-exposure"]
 keywords = ["memory-safety"]
+aliases = ["CVE-2021-38190"]
 
 [versions]
 patched = [">= 0.27.1"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/prost-types/RUSTSEC-2021-0073.md 
new/advisory-db-20211112/crates/prost-types/RUSTSEC-2021-0073.md
--- old/advisory-db-20211103/crates/prost-types/RUSTSEC-2021-0073.md    
2021-10-22 16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/prost-types/RUSTSEC-2021-0073.md    
2021-11-07 18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/tokio-rs/prost/issues/438";
 categories = ["denial-of-service"]
 keywords = ["denial-of-service"]
+aliases = ["CVE-2021-38192"]
 
 [versions]
 patched = [">= 0.8.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/tokio/RUSTSEC-2021-0072.md 
new/advisory-db-20211112/crates/tokio/RUSTSEC-2021-0072.md
--- old/advisory-db-20211103/crates/tokio/RUSTSEC-2021-0072.md  2021-10-22 
16:28:51.000000000 +0200
+++ new/advisory-db-20211112/crates/tokio/RUSTSEC-2021-0072.md  2021-11-07 
18:53:20.000000000 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/tokio-rs/tokio/issues/3929";
 categories = ["memory-corruption"]
 keywords = ["race condition", "send"]
+aliases = ["CVE-2021-38191"]
 
 [affected]
 functions = { "tokio::task::JoinHandle::abort" = ["<= 1.8.0, >= 0.3.0"] }

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to