advisory-db
advisory-db copied to clipboard
rustsec
Security advisory database for Rust crates published through crates.io
I am aware of a number of memory safety issues that are slated to get fixes soon™ but do not have a release shipping yet. My life is a bit...
The template file has the following section in it, which is marked as being mandatory. ```toml # Versions which include fixes for this vulnerability (mandatory) [versions] patched = [">= 1.2.0"]...
I've just noticed there's https://crates.io/crates/alt_serde_derive which points to the same repo as https://crates.io/crates/serde_derive It pops up in autocomplete  Any information about this package? Is it secure?
This library seems to be completely unsound, see [this reddit thread](https://www.reddit.com/r/rust/comments/6t96tp/conditional_zero_cost_refcell/?utm_medium=android_app&utm_source=share). The github repository: https://github.com/da-x/czc-refcell Edit: This crate doesn't seem to be available on crates.io, but maybe this library could...
This is similar to [plutonium](https://github.com/rustsec/advisory-db/tree/main/crates/plutonium).
https://github.com/3Hren/msgpack-rust/issues/305 https://gist.github.com/Lucretiel/5deaf285f06a85056aa76276abf9bd77 @Lucretiel would you mind contributing a PR on `informational = "unsound"` advisory on this ? Do we know what release these Raw deprecations ended up into ?
Release about 3 years ago - 1,132,172 downloads - ~ 600 a day I see a new project today is getting hyper v0.10.16 - [RUSTSEC-2021-0078](https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0078.md) and [RUSTSEC-2021-0079](https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0079.md) affected Interesting issues...
## Background Cargo has new CVEs: https://blog.rust-lang.org/2022/09/14/cargo-cves.html - [CVE-2022-36113](https://nvd.nist.gov/vuln/detail/CVE-2022-36113) - [GHSA-rfj2-q3h3-hm5j](https://github.com/advisories/GHSA-rfj2-q3h3-hm5j) - [CVE-2022-36114](https://nvd.nist.gov/vuln/detail/CVE-2022-36114) - [GHSA-2hvr-h6gw-qrxp](https://github.com/advisories/GHSA-2hvr-h6gw-qrxp) - https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 - https://github.com/rust-lang/cargo/commit/d87d57dbbda61754f4fab0f329a7ac520e062c46 There was a fix here: https://github.com/rust-lang/cargo/pull/11088 that targeted beta five days...
Fixes #1405 Mind reviewing this avisory @LovecraftianHorror @RalfJung Would be nice to know if there are maintained fork(s) or alternative implementation(s) around to perhaps list Cheers https://github.com/bcmyers/num-format/issues/21, https://github.com/bcmyers/num-format/issues/27, https://github.com/bcmyers/num-format/issues/29