commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2024-07-30 11:55:16

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1882 (New)


Package is "cargo-audit-advisory-db"

Tue Jul 30 11:55:16 2024 rev:41 rq:1190363 version:20240730

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2024-05-29 19:36:52.626715764 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1882/cargo-audit-advisory-db.changes
2024-07-30 11:57:32.936999013 +0200
@@ -1,0 +2,15 @@
+Tue Jul 30 02:41:17 UTC 2024 - william.br...@suse.com
+
+- Update to version 20240730:
+  * Assigned RUSTSEC-2024-0360 to xmp_toolkit (#2030)
+  * Unsoundness notice for xmp_toolkit < 1.9.0 (#2029)
+  * Assigned RUSTSEC-2024-0359 to gix-attributes (#2028)
+  * Unsoundness notice for gix-attributes (kstring integration) (#2027)
+  * Assigned RUSTSEC-2024-0358 to object_store (#2026)
+  * Add advisory for object_store credentials leak via logs (#2025)
+  * Assigned RUSTSEC-2024-0357 to openssl (#2022)
+  * Added advisory for undefined behavior in openssl (#2021)
+  * Assigned RUSTSEC-2024-0356 to matrix-sdk-crypto (#2019)
+  * Add CVE-2024-40648 for matrix-sdk-crypto (#2018)
+
+---

Old:

  advisory-db-20240528.tar.xz

New:

  advisory-db-20240730.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.9sNEcD/_old  2024-07-30 11:57:33.605026031 +0200
+++ /var/tmp/diff_new_pack.9sNEcD/_new  2024-07-30 11:57:33.605026031 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20240528
+Version:20240730
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.9sNEcD/_old  2024-07-30 11:57:33.637027326 +0200
+++ /var/tmp/diff_new_pack.9sNEcD/_new  2024-07-30 11:57:33.641027487 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20240528
+20240730
 main
 enable
 william.br...@suse.com

++ advisory-db-20240528.tar.xz -> advisory-db-20240730.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20240528/.duplicate-id-guard 
new/advisory-db-20240730/.duplicate-id-guard
--- old/advisory-db-20240528/.duplicate-id-guard2024-05-26 
22:27:57.0 +0200
+++ new/advisory-db-20240730/.duplicate-id-guard2024-07-26 
20:09:25.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-033b059b6cbbf2107fc1270372f4f929601a920f3927c9d46b3f1f937901c634  -
+f52db948a1d9ab0f9f40dfdb4192e6e0762ffdbcf4c28552b8002cde58d02c6e  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20240528/CONTRIBUTING.md 
new/advisory-db-20240730/CONTRIBUTING.md
--- old/advisory-db-20240528/CONTRIBUTING.md2024-05-26 22:27:57.0 
+0200
+++ new/advisory-db-20240730/CONTRIBUTING.md2024-07-26 20:09:25.0 
+0200
@@ -69,6 +69,19 @@
have been lifted and details have been disclosed to the public prior to 
filing
them against RustSec.
 
+**Q: Is this where I report a vulnerability in `rustc`?**
+
+A: No, for official Rust projects, please see the [Rust Security 
Policy](https://www.rust-lang.org/policies/security) and follow the guidelines 
there.
+
+**Q: Is this where I report intentionally malicious code or malware present on 
crates.io?**
+
+A: No, please see the [Crates.io Security 
Policy](https://crates.io/policies/security) to get content violating 
crates.io's policies taken down.
+
+**Q: I'm a crate author and someone reported a vulnerability in my crate to 
me. Can you help me?**
+
+A: The Rust Foundation has resources that can help handle Rust ecosystem 
security issues.
+Please see the [Ecosystem security help for crate 
authors](https://crates.io/policies/security#ecosystem-security-help) section 
of the crates.io security policy.
+
 [Pull Request]: https://github.com/RustSec/advisory-db/pulls
 [TOML advisory template]: 
https://github.com/RustSec/advisory-db#advisory-format
 [Yank]: https://doc.rust-lang.org/cargo/commands/cargo-yank.html
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20240528/HOWTO_UNMAINTAINED.md 
new/advisory-db-20240730/

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2024-05-29 19:36:06

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.24587 (New)


Package is "cargo-audit-advisory-db"

Wed May 29 19:36:06 2024 rev:40 rq:1177430 version:20240528

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2024-04-04 22:27:20.517704019 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.24587/cargo-audit-advisory-db.changes
   2024-05-29 19:36:52.626715764 +0200
@@ -1,0 +2,15 @@
+Tue May 28 05:56:45 UTC 2024 - william.br...@suse.com
+
+- Update to version 20240528:
+  * Add some civility language to HOWTO_UNMAINTAINED.md (#1972)
+  * Synchronize IDs (2024-05-21) (#1966)
+  * Assigned RUSTSEC-2024-0342 to vodozemac (#1965)
+  * Add CVE-2024-34063 for vodozemac (#1955)
+  * Assigned RUSTSEC-2024-0341 to tls-listener (#1964)
+  * Assigned RUSTSEC-2024-0340 to tor-circmgr (#1963)
+  * add CVE-2024-28854 for tls-listener (#1926)
+  * Add advisory for tor-circmgr TROVE-2024-004 (#1958)
+  * Assigned RUSTSEC-2024-0339 to tor-circmgr (#1962)
+  * Add advisory for tor-circmgr TROVE-2024-003 (#1957)
+
+---

Old:

  advisory-db-20240330.tar.xz

New:

  advisory-db-20240528.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.wxhzrJ/_old  2024-05-29 19:36:53.078732122 +0200
+++ /var/tmp/diff_new_pack.wxhzrJ/_new  2024-05-29 19:36:53.082732267 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20240330
+Version:20240528
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.wxhzrJ/_old  2024-05-29 19:36:53.118733570 +0200
+++ /var/tmp/diff_new_pack.wxhzrJ/_new  2024-05-29 19:36:53.126733859 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20240330
+20240528
 main
 enable
 william.br...@suse.com

++ advisory-db-20240330.tar.xz -> advisory-db-20240528.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20240330/.duplicate-id-guard 
new/advisory-db-20240528/.duplicate-id-guard
--- old/advisory-db-20240330/.duplicate-id-guard2024-03-25 
10:34:40.0 +0100
+++ new/advisory-db-20240528/.duplicate-id-guard2024-05-26 
22:27:57.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-c815ab1ade2f35f9cd20b24ae50fe24ba9b0a9a1461f04f787bdd4c89e835534  -
+033b059b6cbbf2107fc1270372f4f929601a920f3927c9d46b3f1f937901c634  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20240330/HOWTO_UNMAINTAINED.md 
new/advisory-db-20240528/HOWTO_UNMAINTAINED.md
--- old/advisory-db-20240330/HOWTO_UNMAINTAINED.md  2024-03-25 
10:34:40.0 +0100
+++ new/advisory-db-20240528/HOWTO_UNMAINTAINED.md  2024-05-26 
22:27:57.0 +0200
@@ -7,6 +7,11 @@
 of unmaintained crates within a particular project, and also serve to guide
 switching to maintained alternatives.
 
+When approaching a potentially unmaintained crate, do not behave rudely
+towards open soruce maintainers. Submitting a RUSTSEC advisory for an
+unmaintained crate should not be treated as a weapon to coerce open source
+maintainers.
+
 ## Definition of an "unmaintained" crate
 
 We consider crates unmaintained when they fall into either of the following
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20240330/crates/cassandra-cpp/RUSTSEC-2024-0017.md 
new/advisory-db-20240528/crates/cassandra-cpp/RUSTSEC-2024-0017.md
--- old/advisory-db-20240330/crates/cassandra-cpp/RUSTSEC-2024-0017.md  
2024-03-25 10:34:40.0 +0100
+++ new/advisory-db-20240528/crates/cassandra-cpp/RUSTSEC-2024-0017.md  
2024-05-26 22:27:57.0 +0200
@@ -7,11 +7,12 @@
 informational = "unsound"
 categories = ["memory-corruption", "memory-exposure"]
 keywords = ["memory-safety", "use-after-free"]
-aliases = ["GHSA-x9xc-63hg-vcfq"]
+aliases = ["CVE-2024-27284", "GHSA-x9xc-63hg-vcfq"]
 
 [versions]
 patched = [">= 3.0.0"]
 ```
+
 # Non-idiomatic use of iterators leads to use after free
 
 Code that attempts to use an item (e.g., a row) returned by an iterator after 
the 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-10-27 22:28:30

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.17445 (New)


Package is "cargo-audit-advisory-db"

Fri Oct 27 22:28:30 2023 rev:37 rq:1120660 version:20231027

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-10-08 12:21:50.113743998 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.17445/cargo-audit-advisory-db.changes
   2023-10-27 22:29:01.829356991 +0200
@@ -1,0 +2,15 @@
+Fri Oct 27 03:02:30 UTC 2023 - william.br...@suse.com
+
+- Update to version 20231027:
+  * Assigned RUSTSEC-2023-0068 to cocoon (#1810)
+  * cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) 
(#1805)
+  * Updating information about replacements (#1803)
+  * Assigned RUSTSEC-2023-0067 to fehler (#1801)
+  * fehler is unmaintained (#1800)
+  * Assigned RUSTSEC-2023-0066 to pleaser (#1799)
+  * Document the privilege-escalation vulnerability in pleaser. (#1798)
+  * Update webpki RUSTSEC-2023-0052 advisory. (#1797)
+  * Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
+  * Create advisory for tungstenite DoS (#1795)
+
+---

Old:

  advisory-db-20231007.tar.xz

New:

  advisory-db-20231027.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.ArxNQP/_old  2023-10-27 22:29:02.713389415 +0200
+++ /var/tmp/diff_new_pack.ArxNQP/_new  2023-10-27 22:29:02.713389415 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20231007
+Version:20231027
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.ArxNQP/_old  2023-10-27 22:29:02.745390588 +0200
+++ /var/tmp/diff_new_pack.ArxNQP/_new  2023-10-27 22:29:02.749390735 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20231007
+20231027
 main
 enable
 william.br...@suse.com

++ advisory-db-20231007.tar.xz -> advisory-db-20231027.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20231007/.duplicate-id-guard 
new/advisory-db-20231027/.duplicate-id-guard
--- old/advisory-db-20231007/.duplicate-id-guard2023-10-03 
15:53:18.0 +0200
+++ new/advisory-db-20231027/.duplicate-id-guard2023-10-24 
03:38:27.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-36a9b51a48b3404a0625daab077982cb323512602246febf46ad480eee672625  -
+222dcb79d2f0a5d8698976c3b5c7852a0f117dfa2d390cb46677ccb3e7e8705a  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20231007/crates/cocoon/RUSTSEC-2023-0068.md 
new/advisory-db-20231027/crates/cocoon/RUSTSEC-2023-0068.md
--- old/advisory-db-20231007/crates/cocoon/RUSTSEC-2023-0068.md 1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20231027/crates/cocoon/RUSTSEC-2023-0068.md 2023-10-24 
03:38:27.0 +0200
@@ -0,0 +1,72 @@
+```toml
+[advisory]
+id = "RUSTSEC-2023-0068"
+package = "cocoon"
+date = "2023-10-15"
+url = "https://github.com/fadeevab/cocoon/issues/22";
+categories = ["crypto-failure"]
+cvss = "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
+keywords = ["nonce", "stream-cipher"]
+
+[affected.functions]
+"cocoon::Cocoon::encrypt" = ["<= 0.3.3"]
+"cocoon::Cocoon::dump" = ["<= 0.3.3"]
+"cocoon::Cocoon::wrap" = ["<= 0.3.3"]
+"cocoon::MiniCocoon::encrypt" = ["<= 0.3.3"]
+"cocoon::MiniCocoon::dump" = ["<= 0.3.3"]
+"cocoon::MiniCocoon::wrap" = ["<= 0.3.3"]
+
+[versions]
+patched = [">= 0.4.0"]
+```
+
+# Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in 
nonce reuse
+
+**Problem**: Trying to create a new encrypted message with the same cocoon
+object generates the same ciphertext. It mostly affects `MiniCocoon` and
+`Cocoon` objects with custom seeds and RNGs (where `StdRng` is used under
+the hood).
+
+**Note**: The issue does **NOT** affect objects created with **`Cocoon::new`**
+which utilizes `ThreadRng`.
+
+**Cause**: `StdRng` produces the same nonce because `StdRng::clone` resets its
+state.
+
+**Measure**: Make encryption API mutable (`encrypt`, `wrap`, and `dump`).
+
+**Workaround**: Create a new cocoon object with a new **seed** per each

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-10-08 12:18:26

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.28202 (New)


Package is "cargo-audit-advisory-db"

Sun Oct  8 12:18:26 2023 rev:36 rq:1116152 version:20231007

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-08-18 19:29:25.199430049 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.28202/cargo-audit-advisory-db.changes
   2023-10-08 12:21:50.113743998 +0200
@@ -1,0 +2,15 @@
+Sat Oct 07 01:19:51 UTC 2023 - william.br...@suse.com
+
+- Update to version 20231007:
+  * Assigned RUSTSEC-2023-0066 to pleaser (#1799)
+  * Document the privilege-escalation vulnerability in pleaser. (#1798)
+  * Update webpki RUSTSEC-2023-0052 advisory. (#1797)
+  * Assigned RUSTSEC-2023-0065 to tungstenite (#1796)
+  * Create advisory for tungstenite DoS (#1795)
+  * Add patch version (#1794)
+  * Update info about CVE-2023-5129 (#1793)
+  * Bump rustsec-admin to 0.8.8 (#1791)
+  * Assigned RUSTSEC-2023-0064 to gix-transport (#1790)
+  * Add notice to gix-transport crate (#1789)
+
+---

Old:

  advisory-db-20230818.tar.xz

New:

  advisory-db-20231007.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.gv6pdT/_old  2023-10-08 12:21:51.137780816 +0200
+++ /var/tmp/diff_new_pack.gv6pdT/_new  2023-10-08 12:21:51.137780816 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230818
+Version:20231007
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.gv6pdT/_old  2023-10-08 12:21:51.161781679 +0200
+++ /var/tmp/diff_new_pack.gv6pdT/_new  2023-10-08 12:21:51.165781823 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230818
+20231007
 main
 enable
 william.br...@suse.com

++ advisory-db-20230818.tar.xz -> advisory-db-20231007.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230818/.duplicate-id-guard 
new/advisory-db-20231007/.duplicate-id-guard
--- old/advisory-db-20230818/.duplicate-id-guard2023-08-14 
19:14:25.0 +0200
+++ new/advisory-db-20231007/.duplicate-id-guard2023-10-03 
15:53:18.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-e315acbba1dcf156464306c5a2fae64532f7b99cfbf4935bf3b894f2174c7de2  -
+36a9b51a48b3404a0625daab077982cb323512602246febf46ad480eee672625  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230818/.github/workflows/assign-ids.yml 
new/advisory-db-20231007/.github/workflows/assign-ids.yml
--- old/advisory-db-20230818/.github/workflows/assign-ids.yml   2023-08-14 
19:14:25.0 +0200
+++ new/advisory-db-20231007/.github/workflows/assign-ids.yml   2023-10-03 
15:53:18.0 +0200
@@ -9,17 +9,17 @@
 name: Assign IDs
 runs-on: ubuntu-latest
 steps:
-- uses: actions/checkout@v3
+- uses: actions/checkout@v4
 
 - name: Cache cargo bin
   uses: actions/cache@v3
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.8.6
+key: rustsec-admin-v0.8.8
 
 - name: Install rustsec-admin
   run: |
-VERSION="0.8.6"
+VERSION="0.8.8"
 if ! ( rustsec-admin --version | grep -q "$VERSION" ); then
   cargo install rustsec-admin --force --vers "$VERSION"
 fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230818/.github/workflows/export-osv.yml 
new/advisory-db-20231007/.github/workflows/export-osv.yml
--- old/advisory-db-20230818/.github/workflows/export-osv.yml   2023-08-14 
19:14:25.0 +0200
+++ new/advisory-db-20231007/.github/workflows/export-osv.yml   2023-10-03 
15:53:18.0 +0200
@@ -8,15 +8,15 @@
   publish-web:
 runs-on: ubuntu-latest
 steps:
-  - uses: actions/checkout@v3
+  - uses: actions/checkout@v4
 with:
   ref: osv
   - uses: actions/cache@v3
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.8.6
+  key: rustsec-admin-v0.8.8
   - run: |
-  VERSION="0.8.6"
+

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-08-18 19:28:54

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1766 (New)


Package is "cargo-audit-advisory-db"

Fri Aug 18 19:28:54 2023 rev:35 rq:1104494 version:20230818

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-08-01 15:38:40.441873868 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1766/cargo-audit-advisory-db.changes
2023-08-18 19:29:25.199430049 +0200
@@ -1,0 +2,15 @@
+Thu Aug 17 23:38:35 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230818:
+  * Assigned RUSTSEC-2022-0093 to ed25519-dalek (#1745)
+  * Add Double Public Key Signing Function Oracle Attack on `ed25519-dalek` 
(#1744)
+  * Assigned RUSTSEC-2023-0049 to tui (#1740)
+  * Add unmaintained `tui` advisory (#1739)
+  * Update aliases from GHSA OSV export (#1734)
+  * Assigned RUSTSEC-2023-0048 to intaglio (#1733)
+  * Add advisory for unsoundness in intaglio symbol interners (#1732)
+  * Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
+  * report unsoundness of lmdb-rs (#1724)
+  * Fix typos (#1729)
+
+---

Old:

  advisory-db-20230731.tar.xz

New:

  advisory-db-20230818.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.edPHZg/_old  2023-08-18 19:29:25.867431246 +0200
+++ /var/tmp/diff_new_pack.edPHZg/_new  2023-08-18 19:29:25.875431261 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230731
+Version:20230818
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.edPHZg/_old  2023-08-18 19:29:25.939431376 +0200
+++ /var/tmp/diff_new_pack.edPHZg/_new  2023-08-18 19:29:25.943431383 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230731
+20230818
 main
 enable
 william.br...@suse.com

++ advisory-db-20230731.tar.xz -> advisory-db-20230818.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230731/.duplicate-id-guard 
new/advisory-db-20230818/.duplicate-id-guard
--- old/advisory-db-20230731/.duplicate-id-guard2023-07-29 
19:20:00.0 +0200
+++ new/advisory-db-20230818/.duplicate-id-guard2023-08-14 
19:14:25.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-c180e114f092d808a8efaab98d0138ec1d49f659bfc4edfb340dd84e2fedd88b  -
+e315acbba1dcf156464306c5a2fae64532f7b99cfbf4935bf3b894f2174c7de2  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230731/crates/ed25519-dalek/RUSTSEC-2022-0093.md 
new/advisory-db-20230818/crates/ed25519-dalek/RUSTSEC-2022-0093.md
--- old/advisory-db-20230731/crates/ed25519-dalek/RUSTSEC-2022-0093.md  
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20230818/crates/ed25519-dalek/RUSTSEC-2022-0093.md  
2023-08-14 19:14:25.0 +0200
@@ -0,0 +1,29 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0093"
+package = "ed25519-dalek"
+date = "2022-06-11"
+categories = ["crypto-failure"]
+url = "https://github.com/MystenLabs/ed25519-unsafe-libs";
+
+[versions]
+patched = [">= 2"]
+```
+
+# Double Public Key Signing Function Oracle Attack on `ed25519-dalek`
+
+Versions of `ed25519-dalek` prior to v2.0 model private and public keys as
+separate types which can be assembled into a `Keypair`, and also provide APIs
+for serializing and deserializing 64-byte private/public keypairs.
+
+Such APIs and serializations are inherently unsafe as the public key is one of
+the inputs used in the deterministic computation of the `S` part of the 
signature,
+but not in the `R` value. An adversary could somehow use the signing function 
as
+an oracle that allows arbitrary public keys as input can obtain two signatures
+for the same message sharing the same `R` and only differ on the `S` part.
+
+Unfortunately, when this happens, one can easily extract the private key.
+
+Revised public APIs in v2.0 of `ed25519-dalek` do NOT allow a decoupled
+private/public keypair as signing input, except as part of specially labeled
+"hazmat" APIs which are clearly labeled as being dangerous if misused.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-08-01 15:38:38

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.32662 (New)


Package is "cargo-audit-advisory-db"

Tue Aug  1 15:38:38 2023 rev:34 rq:1101676 version:20230731

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-07-11 15:57:29.921239566 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.32662/cargo-audit-advisory-db.changes
   2023-08-01 15:38:40.441873868 +0200
@@ -1,0 +2,15 @@
+Mon Jul 31 04:07:19 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230731:
+  * Update aliases from GHSA OSV export (#1734)
+  * Assigned RUSTSEC-2023-0048 to intaglio (#1733)
+  * Add advisory for unsoundness in intaglio symbol interners (#1732)
+  * Assigned RUSTSEC-2023-0047 to lmdb-rs (#1730)
+  * report unsoundness of lmdb-rs (#1724)
+  * Fix typos (#1729)
+  * Bump rustsec-admin to 0.8.6 (#1728)
+  * Update aliases from GHSA OSV export (#1727)
+  * Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
+  * Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
+
+---

Old:

  advisory-db-20230711.tar.xz

New:

  advisory-db-20230731.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.XziKuT/_old  2023-08-01 15:38:42.289885312 +0200
+++ /var/tmp/diff_new_pack.XziKuT/_new  2023-08-01 15:38:42.337885609 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230711
+Version:20230731
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.XziKuT/_old  2023-08-01 15:38:42.689887789 +0200
+++ /var/tmp/diff_new_pack.XziKuT/_new  2023-08-01 15:38:42.721887987 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230711
+20230731
 main
 enable
 william.br...@suse.com

++ advisory-db-20230711.tar.xz -> advisory-db-20230731.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230711/.duplicate-id-guard 
new/advisory-db-20230731/.duplicate-id-guard
--- old/advisory-db-20230711/.duplicate-id-guard2023-07-08 
16:04:33.0 +0200
+++ new/advisory-db-20230731/.duplicate-id-guard2023-07-29 
19:20:00.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-aee1905cc6111a8085b4836e39124a2cc0f34e8106f07f116df13ee0057dc8e3  -
+c180e114f092d808a8efaab98d0138ec1d49f659bfc4edfb340dd84e2fedd88b  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230711/crates/intaglio/RUSTSEC-2023-0048.md 
new/advisory-db-20230731/crates/intaglio/RUSTSEC-2023-0048.md
--- old/advisory-db-20230711/crates/intaglio/RUSTSEC-2023-0048.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20230731/crates/intaglio/RUSTSEC-2023-0048.md   
2023-07-29 19:20:00.0 +0200
@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-2023-0048"
+package = "intaglio"
+date = "2023-07-26"
+url = "https://github.com/artichoke/intaglio/pull/236";
+references = [
+  "https://github.com/artichoke/intaglio/issues/235";,
+  "https://github.com/artichoke/intaglio/pull/236";,
+  "https://github.com/artichoke/intaglio/releases/tag/v1.9.0";,
+]
+informational = "unsound"
+aliases = ["GHSA-gch5-hwqf-mxhp"]
+
+[affected]
+functions = { "intaglio::SymbolTable::intern" = ["< 1.9.0"], 
"intaglio::bytes::SymbolTable::intern" = ["< 1.9.0"], 
"intaglio::cstr::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"], 
"intaglio::osstr::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"], 
"intaglio::path::SymbolTable::intern" = ["< 1.9.0, >= 1.5.0"] }
+
+[versions]
+patched = [">= 1.9.0"]
+```
+
+# Unsoundness in `intern` methods on `intaglio` symbol interners
+
+Affected versions of this crate have a stacked borrows violation when creating
+references to interned contents. All interner types are affected.
+
+The flaw was corrected in version 1.9.0 by reordering move and borrowing
+operations and storing interned contents by raw pointer instead of as a `Box`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230711/crates/lmdb-rs/RUSTSEC-2023-0047.md 
new/advisory-db-2023073

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-07-11 15:57:09

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.8922 (New)


Package is "cargo-audit-advisory-db"

Tue Jul 11 15:57:09 2023 rev:33 rq:1098035 version:20230711

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-06-04 00:13:17.249779699 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.8922/cargo-audit-advisory-db.changes
2023-07-11 15:57:29.921239566 +0200
@@ -1,0 +2,15 @@
+Tue Jul 11 00:47:33 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230711:
+  * Bump rustsec-admin to 0.8.6 (#1728)
+  * Update aliases from GHSA OSV export (#1727)
+  * Update RUSTSEC-2021-0145.md with stable IsTerminal (#1725)
+  * Assigned RUSTSEC-2023-0046 to cyfs-base (#1723)
+  * report misaligned pointer dereference in cyfs-base (#1718)
+  * Assigned RUSTSEC-2023-0045 to memoffset (#1722)
+  * Add advisory to `memoffset` (#1721)
+  * Assigned RUSTSEC-2023-0044 to openssl (#1720)
+  * Report buffer-overread in OpenSSL (#1719)
+  * Update RUSTSEC-2023-0042 to reflect patch. (#1717)
+
+---

Old:

  advisory-db-20230530.tar.xz

New:

  advisory-db-20230711.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.WIc3gM/_old  2023-07-11 15:57:30.557243266 +0200
+++ /var/tmp/diff_new_pack.WIc3gM/_new  2023-07-11 15:57:30.565243312 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230530
+Version:20230711
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.WIc3gM/_old  2023-07-11 15:57:30.621243639 +0200
+++ /var/tmp/diff_new_pack.WIc3gM/_new  2023-07-11 15:57:30.629243685 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230530
+20230711
 main
 enable
 william.br...@suse.com

++ advisory-db-20230530.tar.xz -> advisory-db-20230711.tar.xz ++
 4874 lines of diff (skipped)

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-06-04 00:13:16

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.15902 (New)


Package is "cargo-audit-advisory-db"

Sun Jun  4 00:13:16 2023 rev:32 rq:1090593 version:20230530

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-05-24 20:23:13.868490325 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.15902/cargo-audit-advisory-db.changes
   2023-06-04 00:13:17.249779699 +0200
@@ -1,0 +2,15 @@
+Tue May 30 04:33:12 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230530:
+  * Suggest kuchikiki as an alternative to kuchiki (#1698)
+  * Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
+  * xsalsa20poly1305 is unmaintained (#1694)
+  * xml-rs is maintained (#1691)
+  * Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
+  * Add unmaintained tree_magic crate (#1678)
+  * Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
+  * enumflags2::make_bitflags unsoundness (#1686)
+  * Assigned RUSTSEC-2023-0034 to h2 (#1687)
+  * Add advisory for h2: resource exhaustion vulnerability may lead to DoS 
(#1684)
+
+---

Old:

  advisory-db-20230523.tar.xz

New:

  advisory-db-20230530.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.FG8VQh/_old  2023-06-04 00:13:17.737782617 +0200
+++ /var/tmp/diff_new_pack.FG8VQh/_new  2023-06-04 00:13:17.741782641 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230523
+Version:20230530
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.FG8VQh/_old  2023-06-04 00:13:17.773782832 +0200
+++ /var/tmp/diff_new_pack.FG8VQh/_new  2023-06-04 00:13:17.82856 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230523
+20230530
 main
 enable
 william.br...@suse.com

++ advisory-db-20230523.tar.xz -> advisory-db-20230530.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230523/crates/kuchiki/RUSTSEC-2023-0019.md 
new/advisory-db-20230530/crates/kuchiki/RUSTSEC-2023-0019.md
--- old/advisory-db-20230523/crates/kuchiki/RUSTSEC-2023-0019.md
2023-05-17 05:02:51.0 +0200
+++ new/advisory-db-20230530/crates/kuchiki/RUSTSEC-2023-0019.md
2023-05-23 22:17:25.0 +0200
@@ -18,5 +18,6 @@
 
 Possible alternatives may include:
 
+- [kuchikiki](https://crates.io/crates/kuchikiki)
 - [html5ever](https://crates.io/crates/html5ever)
 - [xml-rs](https://crates.io/crates/xml-rs)

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-05-24 20:22:53

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1533 (New)


Package is "cargo-audit-advisory-db"

Wed May 24 20:22:53 2023 rev:31 rq:1088755 version:20230523

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-04-13 14:10:54.720353234 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1533/cargo-audit-advisory-db.changes
2023-05-24 20:23:13.868490325 +0200
@@ -1,0 +2,15 @@
+Tue May 23 04:42:24 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230523:
+  * Assigned RUSTSEC-2023-0037 to xsalsa20poly1305 (#1695)
+  * xsalsa20poly1305 is unmaintained (#1694)
+  * xml-rs is maintained (#1691)
+  * Assigned RUSTSEC-2023-0036 to tree_magic (#1689)
+  * Add unmaintained tree_magic crate (#1678)
+  * Assigned RUSTSEC-2023-0035 to enumflags2 (#1688)
+  * enumflags2::make_bitflags unsoundness (#1686)
+  * Assigned RUSTSEC-2023-0034 to h2 (#1687)
+  * Add advisory for h2: resource exhaustion vulnerability may lead to DoS 
(#1684)
+  * Fix typos in RUSTSEC-2023-0033 (#1685)
+
+---

Old:

  advisory-db-20230413.tar.xz

New:

  advisory-db-20230523.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.5Yc6ab/_old  2023-05-24 20:23:14.252492615 +0200
+++ /var/tmp/diff_new_pack.5Yc6ab/_new  2023-05-24 20:23:14.256492639 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230413
+Version:20230523
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.5Yc6ab/_old  2023-05-24 20:23:14.300492901 +0200
+++ /var/tmp/diff_new_pack.5Yc6ab/_new  2023-05-24 20:23:14.304492925 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230413
+20230523
 main
 enable
 william.br...@suse.com

++ advisory-db-20230413.tar.xz -> advisory-db-20230523.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230413/.duplicate-id-guard 
new/advisory-db-20230523/.duplicate-id-guard
--- old/advisory-db-20230413/.duplicate-id-guard2023-04-10 
17:47:56.0 +0200
+++ new/advisory-db-20230523/.duplicate-id-guard2023-05-17 
05:02:51.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-7de8d28e9de5141ab2c6b113aa3f887c5625e6644bd2c9375ba45f7360359e8d  -
+0fb250fe04189cca31d0cb7f88f03512dbbdc2cf4e06c1d51b04393b5ae545ce  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230413/crates/borsh/RUSTSEC-2023-0033.md 
new/advisory-db-20230523/crates/borsh/RUSTSEC-2023-0033.md
--- old/advisory-db-20230413/crates/borsh/RUSTSEC-2023-0033.md  1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20230523/crates/borsh/RUSTSEC-2023-0033.md  2023-05-17 
05:02:51.0 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2023-0033"
+package = "borsh"
+date = "2023-04-12"
+url = "https://github.com/near/borsh-rs/issues/19";
+references = ["https://github.com/near/borsh-rs/pull/136";]
+informational = "unsound"
+categories = ["memory-corruption"]
+
+[affected]
+[versions]
+patched = []
+```
+
+# Parsing borsh messages with ZST which are not-copy/clone is unsound
+
+Affected versions of borsh cause undefined behavior when zero-sized-types 
(ZST) 
+are parsed and the Copy/Clone traits are not implemented/derived.
+For instance if 1000 instances of a ZST are deserialized, and the ZST is not 
copy 
+(this can be achieved through a singleton), then accessing/writing to 
deserialized 
+data will cause a segmentation fault.
+
+There is currently no way for borsh to read data without also providing a Rust 
type. 
+Therefore, if not ZST are used for serialization, then you are not affected by 
this issue. 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230413/crates/enumflags2/RUSTSEC-2023-0035.md 
new/advisory-db-20230523/crates/enumflags2/RUSTSEC-2023-0035.md
--- old/advisory-db-20230413/crates/enumflags2/RUSTSEC-2023-0035.md 
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20230523/crates/enumflags2/RUSTSEC-2023-0

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-04-13 14:10:49

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.19717 (New)


Package is "cargo-audit-advisory-db"

Thu Apr 13 14:10:49 2023 rev:30 rq:1078825 version:20230413

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-02-23 16:53:28.181157874 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.19717/cargo-audit-advisory-db.changes
   2023-04-13 14:10:54.720353234 +0200
@@ -1,0 +2,15 @@
+Thu Apr 13 01:00:08 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230413:
+  * Bump peter-evans/create-pull-request from 4 to 5 (#1677)
+  * Withdraw RUSTSEC-2021-0147 (#1676)
+  * Assigned RUSTSEC-2023-0032 to ntru (#1674)
+  * Add unsound ntru (#1652)
+  * Assigned RUSTSEC-2023-0031 to spin (#1673)
+  * Added unsound `spin` (#1671)
+  * Assigned RUSTSEC-2023-0030 to versionize (#1669)
+  * Add advisory for versionize crate (#1662)
+  * Assigned RUSTSEC-2023-0029 to nats (#1668)
+  * Fix `nats` directory (#1667)
+
+---

Old:

  advisory-db-20230223.tar.xz

New:

  advisory-db-20230413.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.4ljuLg/_old  2023-04-13 14:10:56.164361525 +0200
+++ /var/tmp/diff_new_pack.4ljuLg/_new  2023-04-13 14:10:56.168361548 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230223
+Version:20230413
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.4ljuLg/_old  2023-04-13 14:10:56.196361709 +0200
+++ /var/tmp/diff_new_pack.4ljuLg/_new  2023-04-13 14:10:56.200361732 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230223
+20230413
 main
 enable
 william.br...@suse.com

++ advisory-db-20230223.tar.xz -> advisory-db-20230413.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230223/.duplicate-id-guard 
new/advisory-db-20230413/.duplicate-id-guard
--- old/advisory-db-20230223/.duplicate-id-guard2023-02-14 
13:38:31.0 +0100
+++ new/advisory-db-20230413/.duplicate-id-guard2023-04-10 
17:47:56.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-1d62e76ee351b7c3b8588635db0fe94bdf0aee8ff48199cb635aaf3468945844  -
+7de8d28e9de5141ab2c6b113aa3f887c5625e6644bd2c9375ba45f7360359e8d  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230223/.github/workflows/assign-ids.yml 
new/advisory-db-20230413/.github/workflows/assign-ids.yml
--- old/advisory-db-20230223/.github/workflows/assign-ids.yml   2023-02-14 
13:38:31.0 +0100
+++ new/advisory-db-20230413/.github/workflows/assign-ids.yml   2023-04-10 
17:47:56.0 +0200
@@ -19,8 +19,9 @@
 
 - name: Install rustsec-admin
   run: |
-if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.8.5
+VERSION="0.8.5"
+if ! ( rustsec-admin --version | grep -q "$VERSION" ); then
+  cargo install rustsec-admin --force --vers "$VERSION"
 fi
 
 - name: Assign IDs
@@ -36,7 +37,7 @@
 ls -R ./crates/ ./rust/ | sha256sum >> .duplicate-id-guard
 
 - name: Create pull request
-  uses: peter-evans/create-pull-request@v4
+  uses: peter-evans/create-pull-request@v5
   with:
 token: ${{ secrets.GITHUB_TOKEN }}
 commit-message: ${{ steps.assign.outputs.commit_message }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20230223/.github/workflows/export-osv.yml 
new/advisory-db-20230413/.github/workflows/export-osv.yml
--- old/advisory-db-20230223/.github/workflows/export-osv.yml   2023-02-14 
13:38:31.0 +0100
+++ new/advisory-db-20230413/.github/workflows/export-osv.yml   2023-04-10 
17:47:56.0 +0200
@@ -16,8 +16,9 @@
   path: ~/.cargo/bin
   key: rustsec-admin-v0.8.5
   - run: |
-  if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.8.5
+  VERSION="0.8.5"
+  if ! ( rustsec-admin --version

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-02-23 16:29:21

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1706 (New)


Package is "cargo-audit-advisory-db"

Thu Feb 23 16:29:21 2023 rev:29 rq:1067276 version:20230223

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2023-01-18 13:12:26.241242178 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1706/cargo-audit-advisory-db.changes
2023-02-23 16:53:28.181157874 +0100
@@ -1,0 +2,15 @@
+Thu Feb 23 00:12:48 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230223:
+  * Assigned RUSTSEC-2022-0090 to libsqlite3-sys (#1607)
+  * Add sqlite advisory (#1599)
+  * Assigned RUSTSEC-2023-0014 to cortex-m-rt (#1606)
+  * Add soundness advisory for cortex-m-rt (#1601)
+  * Update RUSTSEC-2020-0097.md (#1600)
+  * Better docs (#1598)
+  * Assigned RUSTSEC-2020-0167 to pnet_packet (#1596)
+  * Fix some typos (#1593)
+  * Add advisory for pnet_packet (#1595)
+  * Update RUSTSEC-2020-0071.md (#1594)
+
+---

Old:

  advisory-db-20230117.tar.xz

New:

  advisory-db-20230223.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.3nKmVQ/_old  2023-02-23 16:53:28.649160588 +0100
+++ /var/tmp/diff_new_pack.3nKmVQ/_new  2023-02-23 16:53:28.653160611 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20230117
+Version:20230223
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.3nKmVQ/_old  2023-02-23 16:53:28.697160866 +0100
+++ /var/tmp/diff_new_pack.3nKmVQ/_new  2023-02-23 16:53:28.705160913 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20230117
+20230223
 main
 enable
 william.br...@suse.com

++ advisory-db-20230117.tar.xz -> advisory-db-20230223.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230117/.duplicate-id-guard 
new/advisory-db-20230223/.duplicate-id-guard
--- old/advisory-db-20230117/.duplicate-id-guard2023-01-16 
10:26:23.0 +0100
+++ new/advisory-db-20230223/.duplicate-id-guard2023-02-14 
13:38:31.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-47ac6576d0eaab6436fdc15b1625f5018bac1fdd0cc2add55d0c7b4f9e922ff1  -
+1d62e76ee351b7c3b8588635db0fe94bdf0aee8ff48199cb635aaf3468945844  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230117/EXAMPLE_ADVISORY.md 
new/advisory-db-20230223/EXAMPLE_ADVISORY.md
--- old/advisory-db-20230117/EXAMPLE_ADVISORY.md2023-01-16 
10:26:23.0 +0100
+++ new/advisory-db-20230223/EXAMPLE_ADVISORY.md2023-02-14 
13:38:31.0 +0100
@@ -4,19 +4,21 @@
 package = "crate-name"
 date = "2020-01-31"
 url = "https://example.com";
+# Valid categories: "code-execution", "crypto-failure", "denial-of-service", 
"file-disclosure"
+# "format-injection", "memory-corruption", "memory-exposure", 
"privilege-escalation"
 categories = ["code-execution", "privilege-escalation"]
 keywords = ["example", "freeform", "keywords"]
 #aliases = ["CVE--"]
 #cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
 
 [versions]
-patched = [">= 1.2.3"]
-unaffected = ["0.1.2"]
+patched = [">= 1.2.3, < 1.3.0", ">= 1.3.4"]
+unaffected = ["<= 0.1.2"]
 
 [affected]
 #arch = ["x86"]
 #os = ["windows"]
-functions = { "crate_name::MyStruct::vulnerable_fn" = ["< 1.2.3"] }
+#functions = { "crate_name::MyStruct::vulnerable_fn" = [">= 1.3.0, < 1.3.4"] }
 ```
 
 # RustSec Advisory Template - Advisory Title Goes Here
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20230117/HOWTO_UNMAINTAINED.md 
new/advisory-db-20230223/HOWTO_UNMAINTAINED.md
--- old/advisory-db-20230117/HOWTO_UNMAINTAINED.md  2023-01-16 
10:26:23.0 +0100
+++ new/advisory-db-20230223/HOWTO_UNMAINTAINED.md  2023-02-14 
13:38:31.0 +0100
@@ -47,7 +47,7 @@
 
 - Stale repository: no recent maintenance activity, including any of the
   following: recent commits, responses from the author on open issues,
-  crate releases, or other publically visible activity by the author.

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2023-01-18 13:12:20

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.32243 (New)


Package is "cargo-audit-advisory-db"

Wed Jan 18 13:12:20 2023 rev:28 rq:1059180 version:20230117

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-11-02 12:47:59.597827453 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.32243/cargo-audit-advisory-db.changes
   2023-01-18 13:12:26.241242178 +0100
@@ -1,0 +2,15 @@
+Tue Jan 17 03:29:22 UTC 2023 - william.br...@suse.com
+
+- Update to version 20230117:
+  * Assigned RUSTSEC-2022-0080 to parity-util-mem (#1530)
+  * Add parity-util-mem unmaintained (#1528)
+  * Assigned RUSTSEC-2021-0146 to twoway (#1529)
+  * Add unmaintained `twoway` (#1435)
+  * Assigned RUSTSEC-2022-0079 to elf_rs (#1527)
+  * Add advisory for elf_rs crate (#1450)
+  * Update RUSTSEC-2021-0088.md (#1512)
+  * Assigned RUSTSEC-2022-0078 to bumpalo (#1526)
+  * Add advisory for bumpalo Vec iterator unsoundness (#1525)
+  * Assigned RUSTSEC-2022-0077 to claim (#1523)
+
+---

Old:

  advisory-db-20221102.tar.xz

New:

  advisory-db-20230117.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.sYRxQp/_old  2023-01-18 13:12:26.689243873 +0100
+++ /var/tmp/diff_new_pack.sYRxQp/_new  2023-01-18 13:12:26.697243904 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cargo-audit-advisory-db
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20221102
+Version:20230117
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.sYRxQp/_old  2023-01-18 13:12:26.725244010 +0100
+++ /var/tmp/diff_new_pack.sYRxQp/_new  2023-01-18 13:12:26.729244025 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20221102
+20230117
 main
 enable
 william.br...@suse.com

++ advisory-db-20221102.tar.xz -> advisory-db-20230117.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20221102/.duplicate-id-guard 
new/advisory-db-20230117/.duplicate-id-guard
--- old/advisory-db-20221102/.duplicate-id-guard2022-11-01 
18:11:10.0 +0100
+++ new/advisory-db-20230117/.duplicate-id-guard2023-01-16 
10:26:23.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-1550808dc193737c18ba8ca656a087512d904f1a8bd8b64a7a37195f0c887eae  -
+47ac6576d0eaab6436fdc15b1625f5018bac1fdd0cc2add55d0c7b4f9e922ff1  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20221102/.github/workflows/assign-ids.yml 
new/advisory-db-20230117/.github/workflows/assign-ids.yml
--- old/advisory-db-20221102/.github/workflows/assign-ids.yml   2022-11-01 
18:11:10.0 +0100
+++ new/advisory-db-20230117/.github/workflows/assign-ids.yml   2023-01-16 
10:26:23.0 +0100
@@ -15,19 +15,19 @@
   uses: actions/cache@v3
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.7.0
+key: rustsec-admin-v0.8.5
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.7.0
+cargo install rustsec-admin --vers 0.8.5
 fi
 
 - name: Assign IDs
   id: assign
   run: |
 message=$(rustsec-admin assign-id --github-actions-output)
-echo "::set-output name=commit_message::${message}"
+echo "commit_message=${message}" >> $GITHUB_OUTPUT
 
 - name: Create duplicate ID assignment guard
   run: |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20221102/.github/workflows/export-osv.yml 
new/advisory-db-20230117/.github/workflows/export-osv.yml
--- old/advisory-db-20221102/.github/workflows/export-osv.yml   2022-11-01 
18:11:10.0 +0100
+++ new/advisory-db-20230117/.github/workflows/export-osv.yml   2023

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-11-02 12:47:12

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2275 (New)


Package is "cargo-audit-advisory-db"

Wed Nov  2 12:47:12 2022 rev:27 rq:1032758 version:20221102

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-09-28 17:51:49.555241039 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2275/cargo-audit-advisory-db.changes
2022-11-02 12:47:59.597827453 +0100
@@ -1,0 +2,15 @@
+Tue Nov 01 22:16:48 UTC 2022 - william.br...@suse.com
+
+- Update to version 20221102:
+  * Assigned RUSTSEC-2022-0065 to openssl-src (#1455)
+  * CVE-2022-3786 in openssl (#1453)
+  * Assigned RUSTSEC-2022-0064 to openssl-src (#1454)
+  * CVE-2022-3602 in openssl (#1452)
+  * Assigned RUSTSEC-2022-0063 to linked_list_allocator (#1449)
+  * Add CVE-2022-36086 for linked_list_allocator (#1448)
+  * Assigned RUSTSEC-2022-0062 to matrix-sdk (#1445)
+  * Add advisory for logging of access tokens in matrix-sdk (#1444)
+  * Assigned RUSTSEC-2022-0061 to parity-wasm (#1443)
+  * Add unmaintained `parity-wasm` (#1441)
+
+---

Old:

  advisory-db-20220928.tar.xz

New:

  advisory-db-20221102.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.yuQEYN/_old  2022-11-02 12:48:00.093829971 +0100
+++ /var/tmp/diff_new_pack.yuQEYN/_new  2022-11-02 12:48:00.097829991 +0100
@@ -17,14 +17,13 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220928
+Version:20221102
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0
 URL:https://github.com/RustSec/advisory-db
 Source0:advisory-db-%{version}.tar.xz
 Source1:%{name}-rpmlintrc
-BuildRequires:  cargo-packaging
 Requires:   cargo-audit
 ExclusiveArch:  %{rust_tier1_arches}
 

++ _service ++
--- /var/tmp/diff_new_pack.yuQEYN/_old  2022-11-02 12:48:00.129830154 +0100
+++ /var/tmp/diff_new_pack.yuQEYN/_new  2022-11-02 12:48:00.133830174 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220928
+20221102
 main
 enable
 william.br...@suse.com

++ advisory-db-20220928.tar.xz -> advisory-db-20221102.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220928/.duplicate-id-guard 
new/advisory-db-20221102/.duplicate-id-guard
--- old/advisory-db-20220928/.duplicate-id-guard2022-09-24 
13:52:27.0 +0200
+++ new/advisory-db-20221102/.duplicate-id-guard2022-11-01 
18:11:10.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-d41972b4bad0bdc0c390493295dc286e9202606244c0a38d83c51169b93a46bf  -
+1550808dc193737c18ba8ca656a087512d904f1a8bd8b64a7a37195f0c887eae  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220928/crates/badge/RUSTSEC-2022-0057.md 
new/advisory-db-20221102/crates/badge/RUSTSEC-2022-0057.md
--- old/advisory-db-20220928/crates/badge/RUSTSEC-2022-0057.md  1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20221102/crates/badge/RUSTSEC-2022-0057.md  2022-11-01 
18:11:10.0 +0100
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0057"
+package = "badge"
+date = "2022-08-31"
+url = 
"https://github.com/rust-lang/docs.rs/issues/1813#issuecomment-1232875809";
+informational = "unmaintained"
+
+[versions]
+patched = []
+```
+# badge is Unmaintained
+
+The maintainer has adviced this crate is deprecated and will not receive any 
maintenance.
+
+The crate depends on the deprecated `rusttype` crate and won't receive updates
+anymore.
+
+## Possible Alternative(s)
+
+ The below list has not been vetted in any way and may or may not contain 
alternatives;
+
+ - [badge-maker](https://crates.io/crates/badge-maker)
+ - [badgeland](https://crates.io/crates/badgeland)
+ - [badgen](https://crates.io/crates/badgen)
+ - [badgers](https://crates.io/crates/badgers) (API compatible fork of the 
`badge` crate using `ab_glyph` as a replacement for `rusttype`)
+ - [rsbadges](https://crates.io/crates/rsbadges) (used deprecated `rusttype`)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220928/crate

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-09-28 17:51:48

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2275 (New)


Package is "cargo-audit-advisory-db"

Wed Sep 28 17:51:48 2022 rev:26 rq:1006549 version:20220928

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-05-17 17:24:49.875192613 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2275/cargo-audit-advisory-db.changes
2022-09-28 17:51:49.555241039 +0200
@@ -1,0 +2,15 @@
+Wed Sep 28 01:22:33 UTC 2022 - william.br...@suse.com
+
+- Update to version 20220928:
+  * Assigned RUSTSEC-2022-0056 to clipboard (#1425)
+  * Add unmaintained `clipboard` (#1267)
+  * Fix informational footnote wording (#1420)
+  * Add `stylish` as `ansi_term` alternative (#1421)
+  * Assigned RUSTSEC-2022-0055 to axum-core (#1419)
+  * Add `axum-core` DoS (#1417)
+  * Assigned RUSTSEC-2021-0144 to traitobject (#1415)
+  * Add unmaintained `traitobject` (#1390)
+  * Assigned RUSTSEC-2019-0039 to typemap (#1414)
+  * Add unmaintained `typemap` (#1406)
+
+---

Old:

  advisory-db-20220511.tar.xz

New:

  advisory-db-20220928.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.bRKEgD/_old  2022-09-28 17:51:49.967241868 +0200
+++ /var/tmp/diff_new_pack.bRKEgD/_new  2022-09-28 17:51:49.975241884 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220511
+Version:20220928
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.bRKEgD/_old  2022-09-28 17:51:50.007241948 +0200
+++ /var/tmp/diff_new_pack.bRKEgD/_new  2022-09-28 17:51:50.007241948 +0200
@@ -2,10 +2,10 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220511
-master
+20220928
+main
 enable
-wbr...@suse.de
+william.br...@suse.com
   
   
   

++ advisory-db-20220511.tar.xz -> advisory-db-20220928.tar.xz ++
 2085 lines of diff (skipped)

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-05-17 17:24:31

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538 (New)


Package is "cargo-audit-advisory-db"

Tue May 17 17:24:31 2022 rev:25 rq:977631 version:20220511

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-05-01 18:53:56.423182545 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538/cargo-audit-advisory-db.changes
2022-05-17 17:24:49.875192613 +0200
@@ -1,0 +2,15 @@
+Wed May 11 01:12:29 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220511:
+  * Assigned RUSTSEC-2022-0022 to hyper (#1235)
+  * add hyper advisory (#1232)
+  * Assigned RUSTSEC-2022-0019 to crossbeam-channel, RUSTSEC-2022-0020 to 
crossbeam, RUSTSEC-2022-0021 to crossbeam-queue (#1233)
+  * add crossbeam advisories for incorrect (unsound) zeroed memory (#1231)
+  * Assigned RUSTSEC-2022-0018 to totp-rs (#1230)
+  * Possible timing attack in totp-rs (#1229)
+  * HOWTO_UNMAINTAINED.md: guide for unmaintained crate advisories (#1192)
+  * Assigned RUSTSEC-2022-0017 to array-macro (#1225)
+  * Add advisory for using impure constants in array-macro (#1224)
+  * Add patch version for fruity (#1223)
+
+---

Old:

  advisory-db-20220428.tar.xz

New:

  advisory-db-20220511.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.FDlIPU/_old  2022-05-17 17:24:50.367193059 +0200
+++ /var/tmp/diff_new_pack.FDlIPU/_new  2022-05-17 17:24:50.371193062 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220428
+Version:20220511
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.FDlIPU/_old  2022-05-17 17:24:50.399193088 +0200
+++ /var/tmp/diff_new_pack.FDlIPU/_new  2022-05-17 17:24:50.403193091 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220428
+20220511
 master
 enable
 wbr...@suse.de

++ advisory-db-20220428.tar.xz -> advisory-db-20220511.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220428/.duplicate-id-guard 
new/advisory-db-20220511/.duplicate-id-guard
--- old/advisory-db-20220428/.duplicate-id-guard2022-04-27 
21:05:18.0 +0200
+++ new/advisory-db-20220511/.duplicate-id-guard2022-05-10 
20:45:40.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-05211b923d19475817ba8c9cdcc1c8079a94da53ed993f4f5af9e032b8766a4d  -
+eb98d17e9f1902d45fd686ac89031f87ceba5a8b5c34ffca8708f1998e703ad5  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220428/HOWTO_UNMAINTAINED.md 
new/advisory-db-20220511/HOWTO_UNMAINTAINED.md
--- old/advisory-db-20220428/HOWTO_UNMAINTAINED.md  1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20220511/HOWTO_UNMAINTAINED.md  2022-05-10 
20:45:40.0 +0200
@@ -0,0 +1,80 @@
+# HOWTO Guide: Unmaintained Crate Advisories
+
+This document describes the policy for adding advisories for unmaintained
+crates to the [RustSec Advisory Database].
+
+These advisories serve to inform the Rust community about both the existence
+of unmaintained crates within a particular project, and also serve to guide
+switching to maintained alternatives.
+
+## Definition of an "unmaintained" crate
+
+We consider crates unmaintained when they fall into either of the following
+categories:
+
+- Explicitly unmaintained: a crate's author has declared that they are no
+  longer maintaining a particular crate.
+- Implicitly unmaintained: the author is incommunicado for a prolonged period
+  of time and cannot advise as to a crate's status.
+
+## Creating an unmaintained crate advisory
+
+### Policy
+
+When in doubt, we always defer to the author of a crate's discretion as to
+whether they would prefer an unmaintained crate advisory be filed, provided
+we are able to make contact.
+
+First and foremost: *ASK THE AUTHOR(S)*, preferably in a public issue on the
+project's source code repository. If an author/maintainer of a particular crate
+thinks filing an unmaintained crate advisory is a good idea, then great! Go 
ahead.
+
+If the author is respon

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-05-01 18:53:47

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538 (New)


Package is "cargo-audit-advisory-db"

Sun May  1 18:53:47 2022 rev:24 rq:974165 version:20220428

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-04-20 16:57:32.826635215 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538/cargo-audit-advisory-db.changes
2022-05-01 18:53:56.423182545 +0200
@@ -1,0 +2,15 @@
+Thu Apr 28 02:57:45 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220428:
+  * Assigned RUSTSEC-2022-0017 to array-macro (#1225)
+  * Add advisory for using impure constants in array-macro (#1224)
+  * Add patch version for fruity (#1223)
+  * Update RUSTSEC-2020-0071.md (#1222)
+  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
+  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
+  * Add CVE-2022-24791 for Wasmtime (#1217)
+  * Assigned RUSTSEC-2022-0015 to pty (#1215)
+  * Add unmaintained advisory for pty (#1213)
+  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
+
+---

Old:

  advisory-db-20220420.tar.xz

New:

  advisory-db-20220428.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.KJt3QG/_old  2022-05-01 18:53:56.855182946 +0200
+++ /var/tmp/diff_new_pack.KJt3QG/_new  2022-05-01 18:53:56.863182953 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220420
+Version:20220428
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.KJt3QG/_old  2022-05-01 18:53:56.895182983 +0200
+++ /var/tmp/diff_new_pack.KJt3QG/_new  2022-05-01 18:53:56.899182986 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220420
+20220428
 master
 enable
 wbr...@suse.de

++ advisory-db-20220420.tar.xz -> advisory-db-20220428.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220420/.duplicate-id-guard 
new/advisory-db-20220428/.duplicate-id-guard
--- old/advisory-db-20220420/.duplicate-id-guard2022-04-19 
02:03:30.0 +0200
+++ new/advisory-db-20220428/.duplicate-id-guard2022-04-27 
21:05:18.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-be31153ca949684d3c0b38dba139be7cc19bd1235297389eb16eb7b16356b11e  -
+05211b923d19475817ba8c9cdcc1c8079a94da53ed993f4f5af9e032b8766a4d  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220420/crates/array-macro/RUSTSEC-2022-0017.md 
new/advisory-db-20220428/crates/array-macro/RUSTSEC-2022-0017.md
--- old/advisory-db-20220420/crates/array-macro/RUSTSEC-2022-0017.md
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20220428/crates/array-macro/RUSTSEC-2022-0017.md
2022-04-27 21:05:18.0 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0017"
+package = "array-macro"
+date = "2022-04-27"
+url = "https://gitlab.com/KonradBorowski/array-macro/-/issues/5";
+categories = ["code-execution", "memory-corruption", "memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = [">= 2.1.2"]
+unaffected = ["< 2.1.0"]
+```
+
+# `array!` macro is unsound when its length is impure constant
+
+Affected versions of this crate did substitute the array length provided by an 
user at compile-time multiple times.
+
+When an impure constant expression is passed as an array length (such as a 
result of an impure procedural macro), this can result in the initialization of 
an array with uninitialized types, which in turn can allow an attacker to 
execute arbitrary code.
+
+The flaw was corrected in commit 
[d5b63f72](https://gitlab.com/KonradBorowski/array-macro/-/commit/d5b63f72090f3809c21ac28f9cfd84f12559bf7d)
 by making sure that array length is substituted just once.

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-04-20 16:57:02

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1941 (New)


Package is "cargo-audit-advisory-db"

Wed Apr 20 16:57:02 2022 rev:23 rq:970927 version:20220420

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-03-30 20:35:55.233315784 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1941/cargo-audit-advisory-db.changes
2022-04-20 16:57:32.826635215 +0200
@@ -1,0 +2,15 @@
+Wed Apr 20 00:36:52 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220420:
+  * Add patch version for fruity (#1223)
+  * Update RUSTSEC-2020-0071.md (#1222)
+  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
+  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
+  * Add CVE-2022-24791 for Wasmtime (#1217)
+  * Assigned RUSTSEC-2022-0015 to pty (#1215)
+  * Add unmaintained advisory for pty (#1213)
+  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
+  * Add CVE-2022-0778 for openssl-src (#1210)
+  * Assigned RUSTSEC-2022-0013 to regex (#1208)
+
+---

Old:

  advisory-db-20220323.tar.xz

New:

  advisory-db-20220420.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.TfUalS/_old  2022-04-20 16:57:33.282635640 +0200
+++ /var/tmp/diff_new_pack.TfUalS/_new  2022-04-20 16:57:33.286635644 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220323
+Version:20220420
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.TfUalS/_old  2022-04-20 16:57:33.318635674 +0200
+++ /var/tmp/diff_new_pack.TfUalS/_new  2022-04-20 16:57:33.322635678 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220323
+20220420
 master
 enable
 wbr...@suse.de

++ advisory-db-20220323.tar.xz -> advisory-db-20220420.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220323/.duplicate-id-guard 
new/advisory-db-20220420/.duplicate-id-guard
--- old/advisory-db-20220323/.duplicate-id-guard2022-03-22 
15:52:42.0 +0100
+++ new/advisory-db-20220420/.duplicate-id-guard2022-04-19 
02:03:30.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-3ebd0dec6b0d10eb52fe3853c7b58d0f9a13d1fc5a84ff64509fda7c9dd4985e  -
+be31153ca949684d3c0b38dba139be7cc19bd1235297389eb16eb7b16356b11e  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/arrow2/RUSTSEC-2022-0012.md 
new/advisory-db-20220420/crates/arrow2/RUSTSEC-2022-0012.md
--- old/advisory-db-20220323/crates/arrow2/RUSTSEC-2022-0012.md 2022-03-22 
15:52:42.0 +0100
+++ new/advisory-db-20220420/crates/arrow2/RUSTSEC-2022-0012.md 2022-04-19 
02:03:30.0 +0200
@@ -7,7 +7,7 @@
 categories = ["memory-corruption"]
 
 [versions]
-patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10"]
+patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10", ">= 
0.10.0"]
 ```
 
 # Arrow2 allows double free in `safe` code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/fruity/RUSTSEC-2021-0123.md 
new/advisory-db-20220420/crates/fruity/RUSTSEC-2021-0123.md
--- old/advisory-db-20220323/crates/fruity/RUSTSEC-2021-0123.md 2022-03-22 
15:52:42.0 +0100
+++ new/advisory-db-20220420/crates/fruity/RUSTSEC-2021-0123.md 2022-04-19 
02:03:30.0 +0200
@@ -7,13 +7,14 @@
 url = "https://github.com/nvzqz/fruity/issues/14";
 
 [affected.functions]
-"fruity::foundation::NSString::to_str" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_str_with_nul" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_string" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_string_with_nul" = ["> 0.0.0"]
+"fruity::foundation::NSString::to_str" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_str_with_nul" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_string" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_string_with_nul" = ["< 0.3.0, >= 0.1.0"]
 
 [versions]
-patched = []
+patched = [">= 0.3.0"]
+unaffected = ["< 0.1.0"]
 ```

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-03-30 20:35:52

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1900 (New)


Package is "cargo-audit-advisory-db"

Wed Mar 30 20:35:52 2022 rev:22 rq:965791 version:20220323

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-03-24 23:00:12.456378376 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1900/cargo-audit-advisory-db.changes
2022-03-30 20:35:55.233315784 +0200
@@ -1,0 +2,5 @@
+Wed Mar 30 01:47:58 UTC 2022 - William Brown 
+
+- Resolve issue with obs install check on non-tier1 arches
+
+---



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.mgLIy9/_old  2022-03-30 20:35:55.745316205 +0200
+++ /var/tmp/diff_new_pack.mgLIy9/_new  2022-03-30 20:35:55.749316209 +0200
@@ -24,8 +24,9 @@
 URL:https://github.com/RustSec/advisory-db
 Source0:advisory-db-%{version}.tar.xz
 Source1:%{name}-rpmlintrc
+BuildRequires:  cargo-packaging
 Requires:   cargo-audit
-BuildArch:  noarch
+ExclusiveArch:  %{rust_tier1_arches}
 
 %description
 The RustSec Advisory Database is a repository of security advisories filed 
against Rust crates

++ cargo-audit-advisory-db-rpmlintrc ++
--- /var/tmp/diff_new_pack.mgLIy9/_old  2022-03-30 20:35:55.801316251 +0200
+++ /var/tmp/diff_new_pack.mgLIy9/_new  2022-03-30 20:35:55.805316255 +0200
@@ -1,3 +1,9 @@
 addFilter("hidden-file-or-dir .*")
 
+# We need to filter this and make this arch dependent, not because of anything 
in this
+# package, but cargo-audit is ONLY on tier 1 arches. There is an install check 
bot
+# in OBS that will spam you if we don't do this.
+addFilter("no-binary")
+
+
 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-03-24 22:58:09

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1900 (New)


Package is "cargo-audit-advisory-db"

Thu Mar 24 22:58:09 2022 rev:21 rq:964436 version:20220323

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-03-11 21:41:26.078078361 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1900/cargo-audit-advisory-db.changes
2022-03-24 23:00:12.456378376 +0100
@@ -1,0 +2,15 @@
+Wed Mar 23 10:54:26 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220323:
+  * Assigned RUSTSEC-2022-0015 to pty (#1215)
+  * Add unmaintained advisory for pty (#1213)
+  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
+  * Add CVE-2022-0778 for openssl-src (#1210)
+  * Assigned RUSTSEC-2022-0013 to regex (#1208)
+  * add cve-2022-24713 (#1207)
+  * mark RUSTSEC-2021-0019 fixed, add references (#1206)
+  * RUSTSEC-2021-0134: Remove recursive_reference from the list of 
alternatives (#1200)
+  * Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
+  * Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
+
+---

Old:

  advisory-db-20220311.tar.xz

New:

  advisory-db-20220323.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.VylnXg/_old  2022-03-24 23:00:12.932378836 +0100
+++ /var/tmp/diff_new_pack.VylnXg/_new  2022-03-24 23:00:12.952378855 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220311
+Version:20220323
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.VylnXg/_old  2022-03-24 23:00:12.988378890 +0100
+++ /var/tmp/diff_new_pack.VylnXg/_new  2022-03-24 23:00:12.996378898 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220311
+20220323
 master
 enable
 wbr...@suse.de

++ advisory-db-20220311.tar.xz -> advisory-db-20220323.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220311/.duplicate-id-guard 
new/advisory-db-20220323/.duplicate-id-guard
--- old/advisory-db-20220311/.duplicate-id-guard2022-03-08 
16:14:30.0 +0100
+++ new/advisory-db-20220323/.duplicate-id-guard2022-03-22 
15:52:42.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-f551fc85bdd3f40721d0af2ced95b014fb1dfca6b86634824e8ca8f7fc128cd2  -
+3ebd0dec6b0d10eb52fe3853c7b58d0f9a13d1fc5a84ff64509fda7c9dd4985e  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220311/crates/openssl-src/RUSTSEC-2022-0014.md 
new/advisory-db-20220323/crates/openssl-src/RUSTSEC-2022-0014.md
--- old/advisory-db-20220311/crates/openssl-src/RUSTSEC-2022-0014.md
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20220323/crates/openssl-src/RUSTSEC-2022-0014.md
2022-03-22 15:52:42.0 +0100
@@ -0,0 +1,41 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0014"
+package = "openssl-src"
+aliases = ["CVE-2022-0778"]
+categories = ["denial-of-service"]
+date = "2022-03-15"
+url = "https://www.openssl.org/news/secadv/20220315.txt";
+
+[versions]
+patched = [">= 111.18, < 300.0", ">= 300.0.5"]
+```
+
+# Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
+
+The `BN_mod_sqrt()` function, which computes a modular square root, contains
+a bug that can cause it to loop forever for non-prime moduli.
+
+Internally this function is used when parsing certificates that contain
+elliptic curve public keys in compressed form or explicit elliptic curve
+parameters with a base point encoded in compressed form.
+
+It is possible to trigger the infinite loop by crafting a certificate that
+has invalid explicit curve parameters.
+
+Since certificate parsing happens prior to verification of the certificate
+signature, any process that parses an externally supplied certificate may thus
+be subject to a denial of service attack. The infinite loop can also be
+reached when parsing crafted private keys as they can contain explicit
+elliptic curve parameters.
+
+Thus vulnerable situations include:
+
+ - TLS clients consuming server certificates
+ - TLS servers consuming client 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-03-11 21:41:13

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.25692 (New)


Package is "cargo-audit-advisory-db"

Fri Mar 11 21:41:13 2022 rev:20 rq:960956 version:20220311

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-02-15 23:57:35.604264393 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.25692/cargo-audit-advisory-db.changes
   2022-03-11 21:41:26.078078361 +0100
@@ -1,0 +2,15 @@
+Fri Mar 11 03:15:25 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220311:
+  * Assigned RUSTSEC-2022-0013 to regex (#1208)
+  * add cve-2022-24713 (#1207)
+  * mark RUSTSEC-2021-0019 fixed, add references (#1206)
+  * RUSTSEC-2021-0134: Remove recursive_reference from the list of 
alternatives (#1200)
+  * Assigned RUSTSEC-2022-0012 to arrow2 (#1205)
+  * Added advisory for `arrow2::ffi::Ffi_ArrowArray` double free (#1204)
+  * Assigned RUSTSEC-2022-0011 to rust-crypto (#1202)
+  * `rust-crypto`: miscomputation when performing AES encryption (#1201)
+  * Update RUSTSEC-2020-0150.md (#1199)
+  * Assigned RUSTSEC-2022-0010 to enum-map (#1198)
+
+---

Old:

  advisory-db-20220215.tar.xz

New:

  advisory-db-20220311.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.d0oliw/_old  2022-03-11 21:41:26.630078785 +0100
+++ /var/tmp/diff_new_pack.d0oliw/_new  2022-03-11 21:41:26.634078787 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220215
+Version:20220311
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.d0oliw/_old  2022-03-11 21:41:26.666078813 +0100
+++ /var/tmp/diff_new_pack.d0oliw/_new  2022-03-11 21:41:26.670078815 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220215
+20220311
 master
 enable
 wbr...@suse.de

++ advisory-db-20220215.tar.xz -> advisory-db-20220311.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220215/.duplicate-id-guard 
new/advisory-db-20220311/.duplicate-id-guard
--- old/advisory-db-20220215/.duplicate-id-guard2022-02-09 
15:34:03.0 +0100
+++ new/advisory-db-20220311/.duplicate-id-guard2022-03-08 
16:14:30.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-5518448e55d2a585c2a6276dba5d12fb0afe464d10790643ed57c0a18c53a126  -
+f551fc85bdd3f40721d0af2ced95b014fb1dfca6b86634824e8ca8f7fc128cd2  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220215/crates/arrow2/RUSTSEC-2022-0012.md 
new/advisory-db-20220311/crates/arrow2/RUSTSEC-2022-0012.md
--- old/advisory-db-20220215/crates/arrow2/RUSTSEC-2022-0012.md 1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20220311/crates/arrow2/RUSTSEC-2022-0012.md 2022-03-08 
16:14:30.0 +0100
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0012"
+package = "arrow2"
+date = "2022-03-04"
+url = "https://github.com/jorgecarleitao/arrow2/issues/880";
+categories = ["memory-corruption"]
+
+[versions]
+patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10"]
+```
+
+# Arrow2 allows double free in `safe` code
+
+The struct `Ffi_ArrowArray` implements `#derive(Clone)` that is inconsistent 
with
+its custom implementation of `Drop`, resulting in a double free when cloned.
+
+Cloning this struct in `safe` results in a segmentation fault, which is 
unsound.
+
+This derive was removed from this struct. All users are advised to either:
+* bump the patch version of this crate (for versions `v0.7,v0.8,v0.9`), or
+* migrate to a more recent version of  the crate (when using `<0.7`).
+
+Doing so elimitates this vulnerability (code no longer compiles).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220215/crates/disrustor/RUSTSEC-2020-0150.md 
new/advisory-db-20220311/crates/disrustor/RUSTSEC-2020-0150.md
--- old/advisory-db-20220215/crates/disrustor/RUSTSEC-2020-0150.md  
2022-02-09 15:34:03.0 +0100
+++ new/advisory-db-20220311/crates/disrustor/RUSTSEC-2020-0150.md  
2022-03-08 1

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-02-15 23:57:16

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1956 (New)


Package is "cargo-audit-advisory-db"

Tue Feb 15 23:57:16 2022 rev:19 rq:954420 version:20220215

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-01-06 15:50:50.252956571 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1956/cargo-audit-advisory-db.changes
2022-02-15 23:57:35.604264393 +0100
@@ -1,0 +2,15 @@
+Tue Feb 15 00:57:25 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220215:
+  * Suggest maintained alternatives for Rental advisory (#1187)
+  * Update RUSTSEC-2022-0009.md (#1186)
+  * Assigned RUSTSEC-2020-0162 to tokio-proto (#1185)
+  * Mark tokio-proto as deprecated (#1184)
+  * Assigned RUSTSEC-2022-0009 to libp2p-core (#1183)
+  * Add entry for libp2p-core vulnerability (#1182)
+  * Add patched version to DashMap advisory (#1181)
+  * Assigned RUSTSEC-2022-0008 to windows (#1178)
+  * Add advisory for windows (#1177)
+  * Assigned RUSTSEC-2022-0007 to qcell (#1172)
+
+---

Old:

  advisory-db-20220105.tar.xz

New:

  advisory-db-20220215.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.5T7p4E/_old  2022-02-15 23:57:36.076265696 +0100
+++ /var/tmp/diff_new_pack.5T7p4E/_new  2022-02-15 23:57:36.080265707 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20220105
+Version:20220215
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.5T7p4E/_old  2022-02-15 23:57:36.116265807 +0100
+++ /var/tmp/diff_new_pack.5T7p4E/_new  2022-02-15 23:57:36.120265818 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20220105
+20220215
 master
 enable
 wbr...@suse.de

++ advisory-db-20220105.tar.xz -> advisory-db-20220215.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220105/.duplicate-id-guard 
new/advisory-db-20220215/.duplicate-id-guard
--- old/advisory-db-20220105/.duplicate-id-guard2021-12-27 
20:44:42.0 +0100
+++ new/advisory-db-20220215/.duplicate-id-guard2022-02-09 
15:34:03.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-1c73b234ccce2c42ef5a2422c20f09804ff06fd326ac338bf1429a31fd5bf4cc  -
+5518448e55d2a585c2a6276dba5d12fb0afe464d10790643ed57c0a18c53a126  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220105/README.md 
new/advisory-db-20220215/README.md
--- old/advisory-db-20220105/README.md  2021-12-27 20:44:42.0 +0100
+++ new/advisory-db-20220215/README.md  2022-02-09 15:34:03.0 +0100
@@ -1,7 +1,7 @@
 # RustSec Advisory Database
 
 [![Build Status][build-image]][build-link]
-![Maintained: Q2 2021][maintained-image]
+![Maintained: Q1 2022][maintained-image]
 [![Project Chat][chat-image]][chat-link]
 
 The RustSec Advisory Database is a repository of security advisories filed
@@ -115,7 +115,7 @@
 
 [build-image]: 
https://github.com/rustsec/advisory-db/workflows/Validate/badge.svg
 [build-link]: https://github.com/rustsec/advisory-db/actions
-[maintained-image]: https://img.shields.io/maintenance/yes/2021.svg
+[maintained-image]: https://img.shields.io/maintenance/yes/2022.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: 
https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220105/crates/ammonia/RUSTSEC-2022-0003.md 
new/advisory-db-20220215/crates/ammonia/RUSTSEC-2022-0003.md
--- old/advisory-db-20220105/crates/ammonia/RUSTSEC-2022-0003.md
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20220215/crates/ammonia/RUSTSEC-2022-0003.md
2022-02-09 15:34:03.0 +0100
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0003"
+package = "ammonia"
+date = "2022-01-19"
+url = "https://github.com/rust-ammonia/ammonia/pull/147";
+categories = ["format-injection"]
+keywords = ["html", "xss"]
+
+[affected]
+functions = { "ammonia::clean_tex

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-01-06 15:50:48

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1896 (New)


Package is "cargo-audit-advisory-db"

Thu Jan  6 15:50:48 2022 rev:18 rq:943883 version:20220105

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-12-10 21:53:00.562909131 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1896/cargo-audit-advisory-db.changes
2022-01-06 15:50:50.252956571 +0100
@@ -1,0 +2,15 @@
+Wed Jan 05 02:13:49 UTC 2022 - wbr...@suse.de
+
+- Update to version 20220105:
+  * Assigned RUSTSEC-2021-0134 to rental (#1137)
+  * Report that rental is no longer maintained (#1136)
+  * Assigned RUSTSEC-2020-0160 to shamir (#1135)
+  * Turn the issue about shamir into an advisory (#1134)
+  * Assigned RUSTSEC-2021-0133 to cargo-download (#1133)
+  * Mark cargo-download unmaintained (#1132)
+  * Mark arrow advisories as fixed in 
https://github.com/apache/arrow-rs/issues/817 (#1131)
+  * Assigned RUSTSEC-2021-0132 to compu-brotli-sys (#1130)
+  * CVE-2020-8927 for compu-brotli-sys (#1129)
+  * Assigned RUSTSEC-2021-0131 to brotli-sys (#1128)
+
+---

Old:

  advisory-db-20211210.tar.xz

New:

  advisory-db-20220105.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.CJAg4v/_old  2022-01-06 15:50:50.940956949 +0100
+++ /var/tmp/diff_new_pack.CJAg4v/_new  2022-01-06 15:50:50.944956950 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cargo-audit-advisory-db
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211210
+Version:20220105
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.CJAg4v/_old  2022-01-06 15:50:50.972956966 +0100
+++ /var/tmp/diff_new_pack.CJAg4v/_new  2022-01-06 15:50:50.976956968 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211210
+20220105
 master
 enable
 wbr...@suse.de

++ advisory-db-20211210.tar.xz -> advisory-db-20220105.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211210/.duplicate-id-guard 
new/advisory-db-20220105/.duplicate-id-guard
--- old/advisory-db-20211210/.duplicate-id-guard2021-12-09 
01:29:19.0 +0100
+++ new/advisory-db-20220105/.duplicate-id-guard2021-12-27 
20:44:42.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-8cf581428cbaf0bc69cff6415fdca50a9c87d873da9736406dab53c8570c904e  -
+1c73b234ccce2c42ef5a2422c20f09804ff06fd326ac338bf1429a31fd5bf4cc  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211210/crates/arrow/RUSTSEC-2021-0116.md 
new/advisory-db-20220105/crates/arrow/RUSTSEC-2021-0116.md
--- old/advisory-db-20211210/crates/arrow/RUSTSEC-2021-0116.md  2021-12-09 
01:29:19.0 +0100
+++ new/advisory-db-20220105/crates/arrow/RUSTSEC-2021-0116.md  2021-12-27 
20:44:42.0 +0100
@@ -8,7 +8,7 @@
 keywords = ["buffer-overflow"]
 
 [versions]
-patched = []
+patched = [">= 6.4.0"]
 ```
 
 # `BinaryArray` does not perform bound checks on reading values and offsets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211210/crates/arrow/RUSTSEC-2021-0117.md 
new/advisory-db-20220105/crates/arrow/RUSTSEC-2021-0117.md
--- old/advisory-db-20211210/crates/arrow/RUSTSEC-2021-0117.md  2021-12-09 
01:29:19.0 +0100
+++ new/advisory-db-20220105/crates/arrow/RUSTSEC-2021-0117.md  2021-12-27 
20:44:42.0 +0100
@@ -8,7 +8,7 @@
 keywords = ["buffer-overflow"]
 
 [versions]
-patched = []
+patched = [">= 6.4.0"]
 ```
 
 # `DecimalArray` does not perform bound checks on accessing values and offsets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211210/crates/arrow/RUSTSEC-2021-0118.md 
new/advisory-db-20220105/crates/arrow/RUSTSEC-2021-0118.md
--- old/advisory-d

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-12-10 21:52:35

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2520 (New)


Package is "cargo-audit-advisory-db"

Fri Dec 10 21:52:35 2021 rev:17 rq:938982 version:20211210

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-12-02 02:10:48.443476411 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2520/cargo-audit-advisory-db.changes
2021-12-10 21:53:00.562909131 +0100
@@ -1,0 +2,15 @@
+Fri Dec 10 04:08:52 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211210:
+  * Assigned RUSTSEC-2021-0128 to rusqlite (#1120)
+  * Report `rusqlite` closure lifetime issue (#1117)
+  * correct formatting for lists in RUSTSEC-2021-0127 (#1116)
+  * Assigned RUSTSEC-2021-0127 to serde_cbor (#1115)
+  * serde_cbor is unmaintained (#1114)
+  * Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
+  * Add advisory for rust-embed path traversal (#1112)
+  * Adds maintained alternative to slice_deque (#1109)
+  * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
+  * Security advisory on simple_asn1 version 0.6.0 (#1103)
+
+---

Old:

  advisory-db-20211130.tar.xz

New:

  advisory-db-20211210.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.ux3AJf/_old  2021-12-10 21:53:01.078909360 +0100
+++ /var/tmp/diff_new_pack.ux3AJf/_new  2021-12-10 21:53:01.082909361 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211130
+Version:20211210
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.ux3AJf/_old  2021-12-10 21:53:01.106909372 +0100
+++ /var/tmp/diff_new_pack.ux3AJf/_new  2021-12-10 21:53:01.106909372 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211130
+20211210
 master
 enable
 wbr...@suse.de

++ advisory-db-20211130.tar.xz -> advisory-db-20211210.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211130/.duplicate-id-guard 
new/advisory-db-20211210/.duplicate-id-guard
--- old/advisory-db-20211130/.duplicate-id-guard2021-11-29 
19:32:40.0 +0100
+++ new/advisory-db-20211210/.duplicate-id-guard2021-12-09 
01:29:19.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-e4ababe809f177f95608bb105f034fdf7b1379c3ab84f9083b37f4356f609597  -
+8cf581428cbaf0bc69cff6415fdca50a9c87d873da9736406dab53c8570c904e  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211130/crates/rusqlite/RUSTSEC-2021-0128.md 
new/advisory-db-20211210/crates/rusqlite/RUSTSEC-2021-0128.md
--- old/advisory-db-20211130/crates/rusqlite/RUSTSEC-2021-0128.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20211210/crates/rusqlite/RUSTSEC-2021-0128.md   
2021-12-09 01:29:19.0 +0100
@@ -0,0 +1,42 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0128"
+package = "rusqlite"
+date = "2021-12-07"
+url = "https://github.com/rusqlite/rusqlite/issues/1048";
+categories = ["memory-corruption"]
+keywords = ["use-after-free", "incorrect-lifetime"]
+
+[affected.functions]
+
+# Under `cfg(feature = "functions")`
+"rusqlite::Connection::create_scalar_function" = [">= 0.25.0, < 0.25.4", ">= 
0.26.0, < 0.26.2"]
+"rusqlite::Connection::create_aggregate_function" = [">= 0.25.0, < 0.25.4", 
">= 0.26.0, < 0.26.2"]
+"rusqlite::Connection::create_window_function" = [">= 0.25.0, < 0.25.4", ">= 
0.26.0, < 0.26.2"]
+
+# Under `cfg(feature = "collation")`
+"rusqlite::Connection::create_collation" = [">= 0.25.0, < 0.25.4", ">= 0.26.0, 
< 0.26.2"]
+
+# Under `cfg(feature = "hooks")`
+"rusqlite::Connection::commit_hook" = [">= 0.25.0, < 0.25.4", ">= 0.26.0, < 
0.26.2"]
+"rusqlite::Connection::rollback_hook" = [">= 0.25.0, < 0.25.4", ">= 0.26.0, < 
0.26.2"]
+"rusqlite::Connection::update_hook" = [">= 0.25.0, < 0.25.4", ">= 0.26.0, < 
0.26.2"]
+
+[versions]
+patched = [">= 0.26.2", "0.25.4"]
+unaffected = ["< 0.25.0"]
+```
+
+# Incorrect Lifetime Bounds on Closures in `rusqlite`
+
+The lifetime bound on several closure-accepting `rusqlite` functions 
(specifically, functions which register a callb

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-11-30 23:16:02

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.31177 (New)


Package is "cargo-audit-advisory-db"

Tue Nov 30 23:16:02 2021 rev:16 rq:934647 version:20211130

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-11-12 16:00:09.614589797 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.31177/cargo-audit-advisory-db.changes
   2021-12-02 02:10:48.443476411 +0100
@@ -1,0 +2,15 @@
+Tue Nov 30 02:12:58 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211130:
+  * Assigned RUSTSEC-2021-0126 to rust-embed (#1113)
+  * Add advisory for rust-embed path traversal (#1112)
+  * Adds maintained alternative to slice_deque (#1109)
+  * Assigned RUSTSEC-2021-0125 to simple_asn1 (#1108)
+  * Security advisory on simple_asn1 version 0.6.0 (#1103)
+  * Assigned RUSTSEC-2021-0124 to tokio (#1107)
+  * Add advisory for tokio-rs/tokio#4225 (#1106)
+  * Add CVE for RUSTSEC-2021-0123 (#1105)
+  * Assigned RUSTSEC-2021-0123 to fruity (#1104)
+  * Add fruity advisory for nvzqz/fruity#14 (#1102)
+
+---

Old:

  advisory-db-2022.tar.xz

New:

  advisory-db-20211130.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.Ul63K0/_old  2021-12-02 02:10:48.851475167 +0100
+++ /var/tmp/diff_new_pack.Ul63K0/_new  2021-12-02 02:10:48.855475154 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:2022
+Version:20211130
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.Ul63K0/_old  2021-12-02 02:10:48.879475081 +0100
+++ /var/tmp/diff_new_pack.Ul63K0/_new  2021-12-02 02:10:48.879475081 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-2022
+20211130
 master
 enable
 wbr...@suse.de

++ advisory-db-2022.tar.xz -> advisory-db-20211130.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-2022/.duplicate-id-guard 
new/advisory-db-20211130/.duplicate-id-guard
--- old/advisory-db-2022/.duplicate-id-guard2021-11-07 
18:53:20.0 +0100
+++ new/advisory-db-20211130/.duplicate-id-guard2021-11-29 
19:32:40.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-9042bc5cd75d598f6aabe16f7a520b6886ac5abe65319eaee6cb8650f0e3085a  -
+e4ababe809f177f95608bb105f034fdf7b1379c3ab84f9083b37f4356f609597  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-2022/.github/workflows/assign-ids.yml 
new/advisory-db-20211130/.github/workflows/assign-ids.yml
--- old/advisory-db-2022/.github/workflows/assign-ids.yml   2021-11-07 
18:53:20.0 +0100
+++ new/advisory-db-20211130/.github/workflows/assign-ids.yml   2021-11-29 
19:32:40.0 +0100
@@ -15,12 +15,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.5.3
+key: rustsec-admin-v0.6.0
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.5.3
+cargo install rustsec-admin --vers 0.6.0
 fi
 
 - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-2022/.github/workflows/export-osv.yml 
new/advisory-db-20211130/.github/workflows/export-osv.yml
--- old/advisory-db-2022/.github/workflows/export-osv.yml   2021-11-07 
18:53:20.0 +0100
+++ new/advisory-db-20211130/.github/workflows/export-osv.yml   2021-11-29 
19:32:40.0 +0100
@@ -14,10 +14,10 @@
   - uses: actions/cache@v1
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.5.3
+  key: rustsec-admin-v0.6.0
   - run: |
   if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.5.3
+   cargo install rustsec-admin --vers 0.6.0
   fi
   mkdir -p crates
   rustsec-admin osv crates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-11-12 15:59:22

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)


Package is "cargo-audit-advisory-db"

Fri Nov 12 15:59:22 2021 rev:15 rq:930998 version:2022

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-11-03 17:26:54.501358305 +0100
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
2021-11-12 16:00:09.614589797 +0100
@@ -1,0 +2,15 @@
+Fri Nov 12 00:17:17 UTC 2021 - wbr...@suse.de
+
+- Update to version 2022:
+  * Assigned RUSTSEC-2021-0122 to flatbuffers (#1100)
+  * Add `flatbuffers` advisory for flatbuffers#6627 (#1093)
+  * add cve info to advisories (#1099)
+  * Bump `rustsec-admin` to v0.5.3 (#1091)
+  * Add cvss information from nvd (#1085)
+  * Add missing method to time vulnerability (#1086)
+  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+
+---

Old:

  advisory-db-20211103.tar.xz

New:

  advisory-db-2022.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.BHCaHC/_old  2021-11-12 16:00:10.070590008 +0100
+++ /var/tmp/diff_new_pack.BHCaHC/_new  2021-11-12 16:00:10.070590008 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211103
+Version:2022
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.BHCaHC/_old  2021-11-12 16:00:10.102590022 +0100
+++ /var/tmp/diff_new_pack.BHCaHC/_new  2021-11-12 16:00:10.106590024 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211103
+2022
 master
 enable
 wbr...@suse.de

++ advisory-db-20211103.tar.xz -> advisory-db-2022.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211103/.duplicate-id-guard 
new/advisory-db-2022/.duplicate-id-guard
--- old/advisory-db-20211103/.duplicate-id-guard2021-10-22 
16:28:51.0 +0200
+++ new/advisory-db-2022/.duplicate-id-guard2021-11-07 
18:53:20.0 +0100
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-95115d8c9869b0a0e3e4bdf781cf094e564ece260a8f34a89b73c762c1eb72cd  -
+9042bc5cd75d598f6aabe16f7a520b6886ac5abe65319eaee6cb8650f0e3085a  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/algorithmica/RUSTSEC-2021-0053.md 
new/advisory-db-2022/crates/algorithmica/RUSTSEC-2021-0053.md
--- old/advisory-db-20211103/crates/algorithmica/RUSTSEC-2021-0053.md   
2021-10-22 16:28:51.0 +0200
+++ new/advisory-db-2022/crates/algorithmica/RUSTSEC-2021-0053.md   
2021-11-07 18:53:20.0 +0100
@@ -5,6 +5,7 @@
 date = "2021-03-07"
 url = "https://github.com/AbrarNitk/algorithmica/issues/1";
 categories = ["memory-corruption"]
+aliases = ["CVE-2021-31996"]
 
 [versions]
 patched = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/ammonia/RUSTSEC-2021-0074.md 
new/advisory-db-2022/crates/ammonia/RUSTSEC-2021-0074.md
--- old/advisory-db-20211103/crates/ammonia/RUSTSEC-2021-0074.md
2021-10-22 16:28:51.0 +0200
+++ new/advisory-db-2022/crates/ammonia/RUSTSEC-2021-0074.md
2021-11-07 18:53:20.0 +0100
@@ -6,6 +6,7 @@
 url = "https://github.com/rust-ammonia/ammonia/pull/142";
 categories = ["format-injection"]
 keywords = ["html", "xss"]
+aliases = ["CVE-2021-38193"]
 
 [versions]
 patched = [">= 3.1.0", ">= 2.1.3, < 3.0.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211103/crates/anymap/RUSTSEC-2021-0065.md 
new/advisory-db-2022/crates/anymap/RUSTSEC-2021-0065.md
--- old/advisory-db-20211103/crates/anymap/RUSTSEC-2021-0065.md 2021-10-22 
16:28:51.0 +0200
+++ new/advisory-db-2022/crates/anymap/RUSTSEC-2021-0065.md 2021-11-07 
18:53:20.0 +0100
@@ -5,6 +5,8 @@
 date = "2021-05-07"
 informational = "unmaintained"
 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-11-03 17:25:59

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)


Package is "cargo-audit-advisory-db"

Wed Nov  3 17:25:59 2021 rev:14 rq:928889 version:20211103

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-10-26 20:14:30.110035418 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
2021-11-03 17:26:54.501358305 +0100
@@ -1,0 +2,15 @@
+Wed Nov 03 00:32:55 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211103:
+  * Bump `rustsec-admin` to v0.5.3 (#1091)
+  * Add cvss information from nvd (#1085)
+  * Add missing method to time vulnerability (#1086)
+  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
+  * Update vec-const advisory (#1081)
+  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)
+
+---

Old:

  advisory-db-20211025.tar.xz

New:

  advisory-db-20211103.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.qbZak6/_old  2021-11-03 17:26:54.933358542 +0100
+++ /var/tmp/diff_new_pack.qbZak6/_new  2021-11-03 17:26:54.937358543 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211025
+Version:20211103
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.qbZak6/_old  2021-11-03 17:26:54.965358559 +0100
+++ /var/tmp/diff_new_pack.qbZak6/_new  2021-11-03 17:26:54.965358559 +0100
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211025
+20211103
 master
 enable
 wbr...@suse.de

++ advisory-db-20211025.tar.xz -> advisory-db-20211103.tar.xz ++

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-10-26 20:13:48

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)


Package is "cargo-audit-advisory-db"

Tue Oct 26 20:13:48 2021 rev:13 rq:927393 version:20211025

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-10-19 23:04:00.469277865 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
2021-10-26 20:14:30.110035418 +0200
@@ -1,0 +2,15 @@
+Sun Oct 24 23:45:27 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211025:
+  * Bump `rustsec-admin` to v0.5.3 (#1091)
+  * Add cvss information from nvd (#1085)
+  * Add missing method to time vulnerability (#1086)
+  * Add CVE alias for RUSTSEC-2021-0069 (#1087)
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
+  * Update vec-const advisory (#1081)
+  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)
+
+---

Old:

  advisory-db-20211019.tar.xz

New:

  advisory-db-20211025.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.BF9Wg7/_old  2021-10-26 20:14:30.650035703 +0200
+++ /var/tmp/diff_new_pack.BF9Wg7/_new  2021-10-26 20:14:30.654035705 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211019
+Version:20211025
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.BF9Wg7/_old  2021-10-26 20:14:30.694035726 +0200
+++ /var/tmp/diff_new_pack.BF9Wg7/_new  2021-10-26 20:14:30.694035726 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211019
+20211025
 master
 enable
 wbr...@suse.de

++ advisory-db-20211019.tar.xz -> advisory-db-20211025.tar.xz ++
 2572 lines of diff (skipped)

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-10-19 23:03:47

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890 (New)


Package is "cargo-audit-advisory-db"

Tue Oct 19 23:03:47 2021 rev:12 rq:926117 version:20211019

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-10-05 22:34:14.086909250 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1890/cargo-audit-advisory-db.changes
2021-10-19 23:04:00.469277865 +0200
@@ -1,0 +2,15 @@
+Tue Oct 19 01:15:12 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211019:
+  * Assigned RUSTSEC-2021-0121 to crypto2 (#1084)
+  * Unsound implementation of Chacha20 in crypto2 (#1072)
+  * Assigned RUSTSEC-2020-0159 to chrono (#1083)
+  * Add `chrono` advisory for chrono#499 (localtime_r) (#1082)
+  * Update vec-const advisory (#1081)
+  * Assigned RUSTSEC-2021-0120 to abomonation (#1080)
+  * Report abomonation as unsound (#1079)
+  * Update RUSTEC-2020-0071 (#1078)
+  * add missing cve info to advisories (#1077)
+  * Add CVE information to RUSTSEC-2020-0142 (#1076)
+
+---

Old:

  advisory-db-20211005.tar.xz

New:

  advisory-db-20211019.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.wX1nM4/_old  2021-10-19 23:04:01.065278135 +0200
+++ /var/tmp/diff_new_pack.wX1nM4/_new  2021-10-19 23:04:01.065278135 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20211005
+Version:20211019
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.wX1nM4/_old  2021-10-19 23:04:01.093278148 +0200
+++ /var/tmp/diff_new_pack.wX1nM4/_new  2021-10-19 23:04:01.097278150 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20211005
+20211019
 master
 enable
 wbr...@suse.de

++ advisory-db-20211005.tar.xz -> advisory-db-20211019.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/.duplicate-id-guard 
new/advisory-db-20211019/.duplicate-id-guard
--- old/advisory-db-20211005/.duplicate-id-guard2021-10-01 
23:25:09.0 +0200
+++ new/advisory-db-20211019/.duplicate-id-guard2021-10-18 
18:22:07.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-42ca4d90b4a557daf80f0be606f514ad413a5d90341135f70714161f49348a74  -
+95115d8c9869b0a0e3e4bdf781cf094e564ece260a8f34a89b73c762c1eb72cd  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20211005/README.md 
new/advisory-db-20211019/README.md
--- old/advisory-db-20211005/README.md  2021-10-01 23:25:09.0 +0200
+++ new/advisory-db-20211019/README.md  2021-10-18 18:22:07.0 +0200
@@ -8,7 +8,7 @@
 against Rust crates published via https://crates.io. A human-readable version
 of the advisory database can be found at https://rustsec.org/advisories/.
 
-We also export advisory data to [OSV](https://github.com/ossf/osv-schema) 
format,
+We also export advisory data to the [OSV](https://github.com/ossf/osv-schema) 
format,
 see the [`osv`](https://github.com/rustsec/advisory-db/tree/osv) branch.
 
 The following tools consume this advisory database and can be used for auditing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20211005/crates/abomonation/RUSTSEC-2021-0120.md 
new/advisory-db-20211019/crates/abomonation/RUSTSEC-2021-0120.md
--- old/advisory-db-20211005/crates/abomonation/RUSTSEC-2021-0120.md
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20211019/crates/abomonation/RUSTSEC-2021-0120.md
2021-10-18 18:22:07.0 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0120"
+package = "abomonation"
+date = "2021-10-17"
+url = "https://github.com/TimelyDataflow/abomonation/issues/23";
+categories = []
+keywords = []
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# abomonation transmutes &T to and from &[u8] without sufficient constraints
+
+This transmute is at the core of the abomonation crates. It's so easy to use 
it to violate alignment requirements that no test in the crate's test suite 
passes under miri.
+The

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-10-05 22:33:49

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2443 (New)


Package is "cargo-audit-advisory-db"

Tue Oct  5 22:33:49 2021 rev:11 rq:923132 version:20211005

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-08-03 22:49:00.112477976 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2443/cargo-audit-advisory-db.changes
2021-10-05 22:34:14.086909250 +0200
@@ -1,0 +2,15 @@
+Mon Oct 04 21:21:06 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211005:
+  * add CVE information to RUSTSEC-2021-0080 (#1068)
+  * Add CVE information (#1067)
+  * Assigned RUSTSEC-2021-0119 to nix (#1066)
+  * nix::unistd::getgrouplist buffer overflow (#1060)
+  * Assigned RUSTSEC-2021-0118 to arrow (#1064)
+  * Yet another arrow advisory (#1059)
+  * Assigned RUSTSEC-2021-0117 to arrow (#1063)
+  * arrow DecimalArray advisory (#1058)
+  * Assigned RUSTSEC-2021-0116 to arrow (#1062)
+  * arrow BinaryArray advisory (#1057)
+
+---

Old:

  advisory-db-20210802.tar.xz

New:

  advisory-db-20211005.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.ziD1Ji/_old  2021-10-05 22:34:14.466909912 +0200
+++ /var/tmp/diff_new_pack.ziD1Ji/_new  2021-10-05 22:34:14.466909912 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210802
+Version:20211005
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.ziD1Ji/_old  2021-10-05 22:34:14.494909960 +0200
+++ /var/tmp/diff_new_pack.ziD1Ji/_new  2021-10-05 22:34:14.498909967 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210802
+20211005
 master
 enable
 wbr...@suse.de

++ advisory-db-20210802.tar.xz -> advisory-db-20211005.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210802/.duplicate-id-guard 
new/advisory-db-20211005/.duplicate-id-guard
--- old/advisory-db-20210802/.duplicate-id-guard2021-07-26 
22:46:07.0 +0200
+++ new/advisory-db-20211005/.duplicate-id-guard2021-10-01 
23:25:09.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-bd246e1f4b34100531c2fa8edeff29e12391cca115de6b424aed2a2127e93b03  -
+42ca4d90b4a557daf80f0be606f514ad413a5d90341135f70714161f49348a74  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210802/.github/workflows/export-osv.yml 
new/advisory-db-20211005/.github/workflows/export-osv.yml
--- old/advisory-db-20210802/.github/workflows/export-osv.yml   2021-07-26 
22:46:07.0 +0200
+++ new/advisory-db-20211005/.github/workflows/export-osv.yml   2021-10-01 
23:25:09.0 +0200
@@ -1,4 +1,4 @@
-name: Export OSV
+name: Export to OSV format
 
 on:
   push:
@@ -10,14 +10,14 @@
 steps:
   - uses: actions/checkout@v2
 with:
-  ref: osv-experimental-v0.7
+  ref: osv
   - uses: actions/cache@v1
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.5.1
+  key: rustsec-admin-v0.5.2
   - run: |
   if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.5.1
+   cargo install rustsec-admin --vers 0.5.2
   fi
   mkdir -p crates
   rustsec-admin osv crates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210802/README.md 
new/advisory-db-20211005/README.md
--- old/advisory-db-20210802/README.md  2021-07-26 22:46:07.0 +0200
+++ new/advisory-db-20211005/README.md  2021-10-01 23:25:09.0 +0200
@@ -8,6 +8,9 @@
 against Rust crates published via https://crates.io. A human-readable version
 of the advisory database can be found at https://rustsec.org/advisories/.
 
+We also export advisory data to [OSV](https://github.com/ossf/osv-schema) 
format,
+see the [`osv`](https://github.com/rustsec/advisory-db/tree/osv) branch.
+
 The following tools consume this advisory database and can be used for auditing
 and reporting (send PRs to add yours):
 
diff -urN '--exclude

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-08-03 22:48:43

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899 (New)


Package is "cargo-audit-advisory-db"

Tue Aug  3 22:48:43 2021 rev:10 rq:909876 version:20210802

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-07-22 22:44:08.123139204 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899/cargo-audit-advisory-db.changes
2021-08-03 22:49:00.112477976 +0200
@@ -1,0 +2,15 @@
+Mon Aug 02 02:47:18 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210802:
+  * Assigned RUSTSEC-2021-0077 to better-macro (#969)
+  * better-macro has deliberate RCE in proc-macro (#966)
+  * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
+  * Add advisory for libsecp256k1 (#963)
+  * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
+  * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions 
below `0.3.1` (#961)
+  * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
+  * Assigned RUSTSEC-2021-0074 to ammonia (#959)
+  * Add rust-ammonia/ammonia#142 (#956)
+  * Hotfix #957 until we figure out what to do with it (#958)
+
+---

Old:

  advisory-db-20210721.tar.xz

New:

  advisory-db-20210802.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.pCgQoo/_old  2021-08-03 22:49:01.644476128 +0200
+++ /var/tmp/diff_new_pack.pCgQoo/_new  2021-08-03 22:49:01.648476123 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210721
+Version:20210802
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.pCgQoo/_old  2021-08-03 22:49:01.680476084 +0200
+++ /var/tmp/diff_new_pack.pCgQoo/_new  2021-08-03 22:49:01.680476084 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210721
+20210802
 master
 enable
 wbr...@suse.de

++ advisory-db-20210721.tar.xz -> advisory-db-20210802.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210721/.duplicate-id-guard 
new/advisory-db-20210802/.duplicate-id-guard
--- old/advisory-db-20210721/.duplicate-id-guard2021-07-13 
14:47:59.0 +0200
+++ new/advisory-db-20210802/.duplicate-id-guard2021-07-26 
22:46:07.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-10f78efb7823f3c335f7dd815207a12473d128651d511ea71ae1a8419b59874d  -
+bd246e1f4b34100531c2fa8edeff29e12391cca115de6b424aed2a2127e93b03  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210721/crates/better-macro/RUSTSEC-2021-0077.md 
new/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md
--- old/advisory-db-20210721/crates/better-macro/RUSTSEC-2021-0077.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md   
2021-07-26 22:46:07.0 +0200
@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0077"
+package = "better-macro"
+date = "2021-07-22"
+url = 
"https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38";
+categories = ["code-execution"]
+keywords = ["rce", "proc-macro"]
+
+[affected]
+functions = { "better_macro::println" = ["> 1.0.0"] }
+
+[versions]
+patched = []
+```
+
+# `better-macro` has deliberate RCE to prove a point
+
+[better-macro](https://crates.io/crates/better-macro) is a fake crate which is
+"Proving A Point" that proc-macros can run arbitrary code. This a particularly
+novel or interesting observation.
+
+It currently opens 
`https://github.com/raycar5/better-macro/blob/master/doc/hi.md`
+which doesn't appear to have any malicious content, but there's no guarantee 
that
+will remain the case.
+
+This crate has no useful functionality, and should not be used.

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-07-22 22:43:24

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899 (New)


Package is "cargo-audit-advisory-db"

Thu Jul 22 22:43:24 2021 rev:9 rq:907608 version:20210721

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-07-05 22:23:13.433608699 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1899/cargo-audit-advisory-db.changes
2021-07-22 22:44:08.123139204 +0200
@@ -1,0 +2,15 @@
+Wed Jul 21 04:16:56 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210721:
+  * Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964)
+  * Add advisory for libsecp256k1 (#963)
+  * Assigned RUSTSEC-2021-0075 to ark-r1cs-std (#962)
+  * `ark_r1cs_std::mul_by_inverse` generated unsound constraints in versions 
below `0.3.1` (#961)
+  * Revert "Hotfix #957 until we figure out what to do with it (#958)" (#960)
+  * Assigned RUSTSEC-2021-0074 to ammonia (#959)
+  * Add rust-ammonia/ammonia#142 (#956)
+  * Hotfix #957 until we figure out what to do with it (#958)
+  * Assigned RUSTSEC-2021-0073 to prost-types (#955)
+  * prost-types: Timestamp conversion overflow (#954)
+
+---

Old:

  advisory-db-20210702.tar.xz

New:

  advisory-db-20210721.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.3GFLzY/_old  2021-07-22 22:44:08.527138677 +0200
+++ /var/tmp/diff_new_pack.3GFLzY/_new  2021-07-22 22:44:08.531138672 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210702
+Version:20210721
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.3GFLzY/_old  2021-07-22 22:44:08.559138635 +0200
+++ /var/tmp/diff_new_pack.3GFLzY/_new  2021-07-22 22:44:08.559138635 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210702
+20210721
 master
 enable
 wbr...@suse.de

++ advisory-db-20210702.tar.xz -> advisory-db-20210721.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210702/.duplicate-id-guard 
new/advisory-db-20210721/.duplicate-id-guard
--- old/advisory-db-20210702/.duplicate-id-guard2021-07-02 
01:39:03.0 +0200
+++ new/advisory-db-20210721/.duplicate-id-guard2021-07-13 
14:47:59.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-9ae15a1aa0407b9b02ec7b965943ec1541f88b9dcd54e9ba0d27a85a7cad4811  -
+10f78efb7823f3c335f7dd815207a12473d128651d511ea71ae1a8419b59874d  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210702/.github/workflows/assign-ids.yml 
new/advisory-db-20210721/.github/workflows/assign-ids.yml
--- old/advisory-db-20210702/.github/workflows/assign-ids.yml   2021-07-02 
01:39:03.0 +0200
+++ new/advisory-db-20210721/.github/workflows/assign-ids.yml   2021-07-13 
14:47:59.0 +0200
@@ -15,12 +15,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.5.0
+key: rustsec-admin-v0.5.1
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.5.0
+cargo install rustsec-admin --vers 0.5.1
 fi
 
 - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210702/.github/workflows/export-osv.yml 
new/advisory-db-20210721/.github/workflows/export-osv.yml
--- old/advisory-db-20210702/.github/workflows/export-osv.yml   1970-01-01 
01:00:00.0 +0100
+++ new/advisory-db-20210721/.github/workflows/export-osv.yml   2021-07-13 
14:47:59.0 +0200
@@ -0,0 +1,30 @@
+name: Export OSV
+
+on:
+  push:
+branches: main
+
+jobs:
+  publish-web:
+runs-on: ubuntu-latest
+steps:
+  - uses: actions/checkout@v2
+with:
+  ref: osv-experimental-v0.7
+  - uses: actions/cache@v1
+with:
+  path: ~/.cargo/bin
+  key: rustsec-admin-v0.5.1
+  - run: |
+  if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
+   cargo install rustsec-admin 

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-07-05 22:22:50

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625 (New)


Package is "cargo-audit-advisory-db"

Mon Jul  5 22:22:50 2021 rev:8 rq:903998 version:20210702

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-06-22 20:45:11.238839499 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625/cargo-audit-advisory-db.changes
2021-07-05 22:23:13.433608699 +0200
@@ -1,0 +2,15 @@
+Fri Jul 02 01:00:10 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210702:
+  * Fix RUSTSEC-2021-0048 which doesn't declare an operand (#945)
+  * Add `withdrawn` field (#942)
+  * Bump `rustsec-admin` to v0.5.0 (#944)
+  * Add patched version for flatbuffers RUSTSEC-2020-0009 (#943)
+  * Update RUSTSEC-2021-0049.md (#941)
+  * Assigned RUSTSEC-2021-0071 to grep-cli (#940)
+  * crates/grep-cli: add advisory for arbitrary binary execution on Windows 
(#939)
+  * Add GHSA mentions to `aliases` field. This is becoming more important with 
OSV enabling interop between databases (#937)
+  * Update RUSTSEC-2020-0043.md (#934)
+  * Assigned RUSTSEC-2021-0070 to nalgebra (#932)
+
+---

Old:

  advisory-db-20210619.tar.xz

New:

  advisory-db-20210702.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.dv1yVX/_old  2021-07-05 22:23:16.065588332 +0200
+++ /var/tmp/diff_new_pack.dv1yVX/_new  2021-07-05 22:23:16.069588301 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210619
+Version:20210702
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.dv1yVX/_old  2021-07-05 22:23:16.117587929 +0200
+++ /var/tmp/diff_new_pack.dv1yVX/_new  2021-07-05 22:23:16.117587929 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210619
+20210702
 master
 enable
 wbr...@suse.de

++ advisory-db-20210619.tar.xz -> advisory-db-20210702.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/.github/workflows/assign-ids.yml 
new/advisory-db-20210702/.github/workflows/assign-ids.yml
--- old/advisory-db-20210619/.github/workflows/assign-ids.yml   2021-06-16 
23:05:39.0 +0200
+++ new/advisory-db-20210702/.github/workflows/assign-ids.yml   2021-07-02 
01:39:03.0 +0200
@@ -15,12 +15,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.4.3
+key: rustsec-admin-v0.5.0
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.4.3
+cargo install rustsec-admin --vers 0.5.0
 fi
 
 - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210619/.github/workflows/publish-web.yml 
new/advisory-db-20210702/.github/workflows/publish-web.yml
--- old/advisory-db-20210619/.github/workflows/publish-web.yml  2021-06-16 
23:05:39.0 +0200
+++ new/advisory-db-20210702/.github/workflows/publish-web.yml  2021-07-02 
01:39:03.0 +0200
@@ -14,10 +14,10 @@
   - uses: actions/cache@v1
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.4.3
+  key: rustsec-admin-v0.5.0
   - run: |
   if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.4.3
+   cargo install rustsec-admin --vers 0.5.0
   fi
   rustsec-admin web .
   git config user.name github-actions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210619/.github/workflows/validate.yml 
new/advisory-db-20210702/.github/workflows/validate.yml
--- old/advisory-db-20210619/.github/workflows/validate.yml 2021-06-16 
23:05:39.0 +0200
+++ new/advisory-db-20210702/.github/workflows/validate.yml 2021-07-02 
01:39:03.0 +0200
@@ -16,12 +16,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.4.3
+key: rustsec-admin-v0.5.0
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ];

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-06-22 20:45:02

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625 (New)


Package is "cargo-audit-advisory-db"

Tue Jun 22 20:45:02 2021 rev:7 rq:901270 version:20210619

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-06-01 10:41:31.573228237 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2625/cargo-audit-advisory-db.changes
2021-06-22 20:45:11.238839499 +0200
@@ -1,0 +2,15 @@
+Sat Jun 19 06:27:26 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210619:
+  * Update RUSTSEC-2021-0049.md (#941)
+  * Assigned RUSTSEC-2021-0071 to grep-cli (#940)
+  * crates/grep-cli: add advisory for arbitrary binary execution on Windows 
(#939)
+  * Add GHSA mentions to `aliases` field. This is becoming more important with 
OSV enabling interop between databases (#937)
+  * Update RUSTSEC-2020-0043.md (#934)
+  * Assigned RUSTSEC-2021-0070 to nalgebra (#932)
+  * Add advisory for nalgebra VecStorage/MatrixVec (#931)
+  * Remove range overlaps, fix some range specifications (#930)
+  * Make ranges in trust-dns-proto advisory non-overlapping (#929)
+  * Assigned RUSTSEC-2021-0069 to lettre (#925)
+
+---

Old:

  advisory-db-20210601.tar.xz

New:

  advisory-db-20210619.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.1gUMVl/_old  2021-06-22 20:45:11.762840076 +0200
+++ /var/tmp/diff_new_pack.1gUMVl/_new  2021-06-22 20:45:11.766840080 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210601
+Version:20210619
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.1gUMVl/_old  2021-06-22 20:45:11.798840115 +0200
+++ /var/tmp/diff_new_pack.1gUMVl/_new  2021-06-22 20:45:11.802840119 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210601
+20210619
 master
 enable
 wbr...@suse.de

++ advisory-db-20210601.tar.xz -> advisory-db-20210619.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210601/.duplicate-id-guard 
new/advisory-db-20210619/.duplicate-id-guard
--- old/advisory-db-20210601/.duplicate-id-guard2021-05-22 
20:13:18.0 +0200
+++ new/advisory-db-20210619/.duplicate-id-guard2021-06-16 
23:05:39.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-ff091e2402596ebe5667596b7b07f686f263921249d154a8b98e063059c521aa  -
+9ae15a1aa0407b9b02ec7b965943ec1541f88b9dcd54e9ba0d27a85a7cad4811  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210601/crates/arc-swap/RUSTSEC-2020-0091.md 
new/advisory-db-20210619/crates/arc-swap/RUSTSEC-2020-0091.md
--- old/advisory-db-20210601/crates/arc-swap/RUSTSEC-2020-0091.md   
2021-05-22 20:13:18.0 +0200
+++ new/advisory-db-20210619/crates/arc-swap/RUSTSEC-2020-0091.md   
2021-06-16 23:05:39.0 +0200
@@ -9,7 +9,7 @@
 aliases = ["CVE-2020-35711"]
 
 [versions]
-patched = [">= 1.1.0", ">= 0.4.8"]
+patched = [">= 0.4.8, < 1.0.0-0", ">= 1.1.0"]
 unaffected = ["< 0.4.2"]
 
 [affected]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210601/crates/claxon/RUSTSEC-2018-0004.md 
new/advisory-db-20210619/crates/claxon/RUSTSEC-2018-0004.md
--- old/advisory-db-20210601/crates/claxon/RUSTSEC-2018-0004.md 2021-05-22 
20:13:18.0 +0200
+++ new/advisory-db-20210619/crates/claxon/RUSTSEC-2018-0004.md 2021-06-16 
23:05:39.0 +0200
@@ -8,7 +8,7 @@
 url = 
"https://github.com/ruuda/claxon/commit/8f28ec275e412dd3af4f3cda460605512faf332c";
 
 [versions]
-patched = ["=0.3.2", ">= 0.4.1"]
+patched = ["^0.3.2", ">= 0.4.1"]
 ```
 
 # Malicious input could cause uninitialized memory to be exposed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210601/crates/cranelift-codegen/RUSTSEC-2021-0067.md 
new/advisory-db-20210619/crates/cranelift-codegen/RUSTSEC-2021-0067.md
--- old/advisory-db-20210601/crates/cranelift-codegen/RUSTSEC-2021-0067.md  
2021-05-22 20:13:18.0 +0200
+++ n

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-06-01 10:39:54

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1898 (New)


Package is "cargo-audit-advisory-db"

Tue Jun  1 10:39:54 2021 rev:6 rq:896476 version:20210601

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-05-08 22:08:46.937388011 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1898/cargo-audit-advisory-db.changes
2021-06-01 10:41:31.573228237 +0200
@@ -1,0 +2,15 @@
+Tue Jun 01 01:28:10 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210601:
+  * Assigned RUSTSEC-2021-0069 to lettre (#925)
+  * Add lettre smtp vulnerability (#924)
+  * Assigned RUSTSEC-2021-0068 to iced-x86 (#923)
+  * iced-x86: fix lint (#922)
+  * Add advisory for iced-x86 soundness bug (#914)
+  * Assigned RUSTSEC-2021-0067 to cranelift-codegen (#921)
+  * fixes #915 - remove duplicate word (#916)
+  * Add RUSTSEC notice for CVE-2021-32629, a Cranelift miscompilation bug. 
(#918)
+  * Bump rustsec-admin to v0.4.3 (#919)
+  * evm-core: fix crate name (#911)
+
+---

Old:

  advisory-db-20210507.tar.xz

New:

  advisory-db-20210601.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.0KynPm/_old  2021-06-01 10:41:32.041229034 +0200
+++ /var/tmp/diff_new_pack.0KynPm/_new  2021-06-01 10:41:32.041229034 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210507
+Version:20210601
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.0KynPm/_old  2021-06-01 10:41:32.069229081 +0200
+++ /var/tmp/diff_new_pack.0KynPm/_new  2021-06-01 10:41:32.069229081 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210507
+20210601
 master
 enable
 wbr...@suse.de

++ advisory-db-20210507.tar.xz -> advisory-db-20210601.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210507/.duplicate-id-guard 
new/advisory-db-20210601/.duplicate-id-guard
--- old/advisory-db-20210507/.duplicate-id-guard2021-05-07 
01:45:32.0 +0200
+++ new/advisory-db-20210601/.duplicate-id-guard2021-05-22 
20:13:18.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-0ebb4b8968ecfc3c4e67cc1851642dfa8b0b61fe7bde39d0807e3cebe51000c2  -
+ff091e2402596ebe5667596b7b07f686f263921249d154a8b98e063059c521aa  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210507/.github/workflows/assign-ids.yml 
new/advisory-db-20210601/.github/workflows/assign-ids.yml
--- old/advisory-db-20210507/.github/workflows/assign-ids.yml   2021-05-07 
01:45:32.0 +0200
+++ new/advisory-db-20210601/.github/workflows/assign-ids.yml   2021-05-22 
20:13:18.0 +0200
@@ -15,12 +15,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.4.2
+key: rustsec-admin-v0.4.3
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.4.2
+cargo install rustsec-admin --vers 0.4.3
 fi
 
 - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210507/.github/workflows/publish-web.yml 
new/advisory-db-20210601/.github/workflows/publish-web.yml
--- old/advisory-db-20210507/.github/workflows/publish-web.yml  2021-05-07 
01:45:32.0 +0200
+++ new/advisory-db-20210601/.github/workflows/publish-web.yml  2021-05-22 
20:13:18.0 +0200
@@ -14,10 +14,10 @@
   - uses: actions/cache@v1
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.4.2
+  key: rustsec-admin-v0.4.3
   - run: |
   if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.4.2
+   cargo install rustsec-admin --vers 0.4.3
   fi
   rustsec-admin web .
   git config user.name github-actions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-2

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-05-08 22:07:36

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2988 (New)


Package is "cargo-audit-advisory-db"

Sat May  8 22:07:36 2021 rev:5 rq:891454 version:20210507

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-04-29 01:38:59.310628453 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2988/cargo-audit-advisory-db.changes
2021-05-08 22:08:46.937388011 +0200
@@ -1,0 +2,15 @@
+Fri May 07 03:16:33 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210507:
+  * Assigned RUSTSEC-2021-0064 to cpuid-bool (#905)
+  * Add unmaintained crate advisory for `cpuid-bool` (#904)
+  * Assigned RUSTSEC-2021-0063 to comrak (#903)
+  * Add advisory for another comrak XSS (#902)
+  * aes* crates: add crate names to advisory titles (#901)
+  * Assigned RUSTSEC-2021-0062 to miscreant (#900)
+  * Add unmaintained crate advisory for `miscreant` (#899)
+  * Assigned RUSTSEC-2021-0061 to aes-ctr (#898)
+  * Add unmaintained crate advisory for `aes-ctr` (#897)
+  * Assigned RUSTSEC-2021-0060 to aes-soft (#896)
+
+---

Old:

  advisory-db-20210428.tar.xz

New:

  advisory-db-20210507.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.lHwoUc/_old  2021-05-08 22:08:47.469385707 +0200
+++ /var/tmp/diff_new_pack.lHwoUc/_new  2021-05-08 22:08:47.473385690 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210428
+Version:20210507
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.lHwoUc/_old  2021-05-08 22:08:47.505385551 +0200
+++ /var/tmp/diff_new_pack.lHwoUc/_new  2021-05-08 22:08:47.509385534 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210428
+20210507
 master
 enable
 wbr...@suse.de

++ advisory-db-20210428.tar.xz -> advisory-db-20210507.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210428/.duplicate-id-guard 
new/advisory-db-20210507/.duplicate-id-guard
--- old/advisory-db-20210428/.duplicate-id-guard2021-04-19 
18:31:05.0 +0200
+++ new/advisory-db-20210507/.duplicate-id-guard2021-05-07 
01:45:32.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-eb74c8b3b8a4e2af330ec03f3788ec9eaf23a4184b1a97ae893ea6ec3cad792d  -
+0ebb4b8968ecfc3c4e67cc1851642dfa8b0b61fe7bde39d0807e3cebe51000c2  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210428/.github/workflows/assign-ids.yml 
new/advisory-db-20210507/.github/workflows/assign-ids.yml
--- old/advisory-db-20210428/.github/workflows/assign-ids.yml   2021-04-19 
18:31:05.0 +0200
+++ new/advisory-db-20210507/.github/workflows/assign-ids.yml   2021-05-07 
01:45:32.0 +0200
@@ -15,12 +15,12 @@
   uses: actions/cache@v1
   with:
 path: ~/.cargo/bin
-key: rustsec-admin-v0.3.4
+key: rustsec-admin-v0.4.2
 
 - name: Install rustsec-admin
   run: |
 if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-cargo install rustsec-admin --vers 0.3.4
+cargo install rustsec-admin --vers 0.4.2
 fi
 
 - name: Assign IDs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210428/.github/workflows/publish-web.yml 
new/advisory-db-20210507/.github/workflows/publish-web.yml
--- old/advisory-db-20210428/.github/workflows/publish-web.yml  2021-04-19 
18:31:05.0 +0200
+++ new/advisory-db-20210507/.github/workflows/publish-web.yml  2021-05-07 
01:45:32.0 +0200
@@ -14,10 +14,10 @@
   - uses: actions/cache@v1
 with:
   path: ~/.cargo/bin
-  key: rustsec-admin-v0.4.0
+  key: rustsec-admin-v0.4.2
   - run: |
   if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-   cargo install rustsec-admin --vers 0.4.0
+   cargo install rustsec-admin --vers 0.4.2
   fi
   rustsec-admin web .
   git config user.name github-actions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-04-29 01:37:54

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.12324 (New)


Package is "cargo-audit-advisory-db"

Thu Apr 29 01:37:54 2021 rev:4 rq:98 version:20210428

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-04-24 23:10:20.479495619 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.12324/cargo-audit-advisory-db.changes
   2021-04-29 01:38:59.310628453 +0200
@@ -1,0 +2,15 @@
+Wed Apr 28 00:52:16 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210428:
+  * Yank advisories for once-again maintained `dirs`/`directories` crates 
(#876)
+  * Mark patched tiny-http version for 2020-0031 (#875)
+  * Assigned RUSTSEC-2021-0053 to algorithmica (#874)
+  * Report 0163-algorithmica to RustSec
+  * Add std CVE (#869)
+  * Update CVE numbers (#870)
+  * Update advisory to indicate patched versions of stackvector.
+  * Added patch to "fix" vulnerability. (#866)
+  * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
+  * Add advisory for double-free issues in id-map
+
+---

Old:

  advisory-db-20210420.tar.xz

New:

  advisory-db-20210428.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.2ojHc7/_old  2021-04-29 01:38:59.774629111 +0200
+++ /var/tmp/diff_new_pack.2ojHc7/_new  2021-04-29 01:38:59.774629111 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210420
+Version:20210428
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.2ojHc7/_old  2021-04-29 01:38:59.806629156 +0200
+++ /var/tmp/diff_new_pack.2ojHc7/_new  2021-04-29 01:38:59.806629156 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210420
+20210428
 master
 enable
 wbr...@suse.de

++ advisory-db-20210420.tar.xz -> advisory-db-20210428.tar.xz ++

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-04-24 23:09:08

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.12324 (New)


Package is "cargo-audit-advisory-db"

Sat Apr 24 23:09:08 2021 rev:3 rq:888116 version:20210420

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-04-06 17:31:34.755245758 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.12324/cargo-audit-advisory-db.changes
   2021-04-24 23:10:20.479495619 +0200
@@ -1,0 +2,15 @@
+Tue Apr 20 00:45:30 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210420:
+  * Yank advisories for once-again maintained `dirs`/`directories` crates 
(#876)
+  * Mark patched tiny-http version for 2020-0031 (#875)
+  * Assigned RUSTSEC-2021-0053 to algorithmica (#874)
+  * Report 0163-algorithmica to RustSec
+  * Add std CVE (#869)
+  * Update CVE numbers (#870)
+  * Update advisory to indicate patched versions of stackvector.
+  * Added patch to "fix" vulnerability. (#866)
+  * Assigned RUSTSEC-2021-0051 to outer_cgi, RUSTSEC-2021-0052 to id-map
+  * Add advisory for double-free issues in id-map
+
+---

Old:

  advisory-db-20210401.tar.xz

New:

  advisory-db-20210420.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.G8aomC/_old  2021-04-24 23:10:20.871496172 +0200
+++ /var/tmp/diff_new_pack.G8aomC/_new  2021-04-24 23:10:20.875496178 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210401
+Version:20210420
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.G8aomC/_old  2021-04-24 23:10:20.899496212 +0200
+++ /var/tmp/diff_new_pack.G8aomC/_new  2021-04-24 23:10:20.899496212 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210401
+20210420
 master
 enable
 wbr...@suse.de

++ advisory-db-20210401.tar.xz -> advisory-db-20210420.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210401/.duplicate-id-guard 
new/advisory-db-20210420/.duplicate-id-guard
--- old/advisory-db-20210401/.duplicate-id-guard2021-03-31 
13:30:20.0 +0200
+++ new/advisory-db-20210420/.duplicate-id-guard2021-04-19 
18:31:05.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-edf964eb367af4474a41f79406f539e8399c15cfd917cd4917cb64e0e599aac1  -
+eb74c8b3b8a4e2af330ec03f3788ec9eaf23a4184b1a97ae893ea6ec3cad792d  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md 
new/advisory-db-20210420/crates/adtensor/RUSTSEC-2021-0045.md
--- old/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md   
2021-03-31 13:30:20.0 +0200
+++ new/advisory-db-20210420/crates/adtensor/RUSTSEC-2021-0045.md   
2021-04-19 18:31:05.0 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0045"
 package = "adtensor"
+aliases = ["CVE-2021-29936"]
 date = "2021-01-11"
 url = "https://github.com/charles-r-earp/adtensor/issues/4";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210401/crates/algorithmica/RUSTSEC-2021-0053.md 
new/advisory-db-20210420/crates/algorithmica/RUSTSEC-2021-0053.md
--- old/advisory-db-20210401/crates/algorithmica/RUSTSEC-2021-0053.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20210420/crates/algorithmica/RUSTSEC-2021-0053.md   
2021-04-19 18:31:05.0 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0053"
+package = "algorithmica"
+date = "2021-03-07"
+url = "https://github.com/AbrarNitk/algorithmica/issues/1";
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# 'merge_sort::merge()' crashes with double-free for `T: Drop`
+
+In the affected versions of this crate, `merge_sort::merge()` wildly 
duplicates and drops ownership of `T` without guarding against double-free. Due 
to such implementation,
+simply invoking `merge_sort::merge()` on `Vec` can cause **double 
free** bugs.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnigno

commit cargo-audit-advisory-db for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-04-06 17:30:10

Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and  /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401 (New)


Package is "cargo-audit-advisory-db"

Tue Apr  6 17:30:10 2021 rev:2 rq:882781 version:20210401

Changes:

--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-03-30 21:45:32.642667916 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401/cargo-audit-advisory-db.changes
2021-04-06 17:31:34.755245758 +0200
@@ -1,0 +2,13 @@
+Wed Mar 31 23:17:44 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210401:
+  * Assigned RUSTSEC-2021-0050 to reorder
+  * Add advisory for out-of-bounds write and uninitialized memory exposure in 
reorder
+  * max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
+  * Assigned RUSTSEC-2020-0152 to max7301
+  * Add advisory for data race in max7301
+  * Assigned RUSTSEC-2020-0151 to generator
+  * Add advisory for data race in generator (#855)
+  * Assigned RUSTSEC-2020-0150 to disrustor
+
+---

Old:

  advisory-db-20210317.tar.xz

New:

  advisory-db-20210401.tar.xz



Other differences:
--
++ cargo-audit-advisory-db.spec ++
--- /var/tmp/diff_new_pack.HtCbiA/_old  2021-04-06 17:31:35.315246391 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new  2021-04-06 17:31:35.315246391 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   cargo-audit-advisory-db
-Version:20210317
+Version:20210401
 Release:0
 Summary:A database of known security issues for Rust depedencies
 License:CC0-1.0

++ _service ++
--- /var/tmp/diff_new_pack.HtCbiA/_old  2021-04-06 17:31:35.347246428 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new  2021-04-06 17:31:35.351246432 +0200
@@ -2,7 +2,7 @@
   
 https://github.com/RustSec/advisory-db.git
 git
-20210317
+20210401
 master
 enable
 wbr...@suse.de

++ advisory-db-20210317.tar.xz -> advisory-db-20210401.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210317/.duplicate-id-guard 
new/advisory-db-20210401/.duplicate-id-guard
--- old/advisory-db-20210317/.duplicate-id-guard2021-03-07 
19:44:24.0 +0100
+++ new/advisory-db-20210401/.duplicate-id-guard2021-03-31 
13:30:20.0 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-c99c5d02ebad78e89d8918670602c37b538a99d8f9efd6aba65c468ad9e64a00  -
+edf964eb367af4474a41f79406f539e8399c15cfd917cd4917cb64e0e599aac1  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md 
new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md
--- old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md   
2021-03-31 13:30:20.0 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0045"
+package = "adtensor"
+date = "2021-01-11"
+url = "https://github.com/charles-r-earp/adtensor/issues/4";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# FromIterator implementation for Vector/Matrix can drop uninitialized memory
+
+The `FromIterator` methods for `Vector` and `Matrix` rely on the type
+parameter `N` to allocate space in the iterable.
+
+If the passed in `N` type parameter is larger than the number of items returned
+by the iterator, it can lead to uninitialized memory being left in the
+`Vector` or `Matrix` type which gets dropped.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md 
new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md
--- old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md   
1970-01-01 01:00:00.0 +0100
+++ new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md   
2021-03-31 13:30:20.0 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0149"
+package = "appendix"
+date = "2020-11-15"
+url = "https://github.com/krl/appendix/issues/6";
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = []
+```
+
+# Data race and memory safety issue in `Index`
+
+The `appendix` crate implement