advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard

Published 20 hours ago verified publisher icon github

"ansi_term is Unmaintained" is not a security advisory

Open KamilaBorowska opened this issue 1 year ago • 2 comments

I don't think GHSA-74w3-p89x-ffgh is a security advisory, and as such probably shouldn't be in Advisory Database. This crate does what it's supposed to, and there are no known security vulnerabilities in it.

On RUSTSEC (https://rustsec.org/advisories/RUSTSEC-2021-0139.html), it's indicated as "Unmaintained" advisory, not a security one.

KamilaBorowska avatar Sep 17 '22 05:09 KamilaBorowska

This was a response to a comment that appears to have been deleted.

It's security advisory as others but it should be represented in canonical way as RustSec intended.

Readme for https://github.com/rustsec/advisory-db/ makes it clear that it's not:

The database also contains non-security advisories (known as informational advisories), such as advisories about unmaintained crates, which are optionally surfaced as warnings in cargo audit.

KamilaBorowska avatar Sep 17 '22 06:09 KamilaBorowska

These github advisories are assigned the Critical severity while they are marked as Info in the RUSTSEC database. The severity should be lowered if these advisories are kept.

sduquette-devolutions avatar Sep 17 '22 19:09 sduquette-devolutions

Closing this issue out as the advisory has been withdrawn. Apologies for the error 🙇

darakian avatar Oct 18 '22 22:10 darakian