"new" rust-smallvec issue

rust-sha2 n/a
NFUs

4 files changed, 23 insertions, 19 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 0f1b18d972..05fecbe7cd 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,15 +1,18 @@
 CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust.  ...)
-	TODO: check
+	- rust-smallvec 1.1.0-1
+	[buster] - rust-smallvec <no-dsa> (Minor issue)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html
+	NOTE: https://github.com/servo/rust-smallvec/issues/126
 CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...)
 	- libtoxcore 0.2.2-1
 	NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 800f2f6e17..f2c191388a 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,7 +1,7 @@
 CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust crate pnet
 CVE-2019-25053
 	RESERVED
 CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c6f8f575a2..189bc0aa17 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,11 +1,11 @@
 CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate acc_reader
 CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate acc_reader
 CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate buffoon
 CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bite
 CVE-2020-36510
 	RESERVED
 CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 21e3739376..7efc90ca65 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -738,7 +738,8 @@ CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust.
 CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
 	NOT-FOR-US: Rust crate molecule
 CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
-	TODO: check
+	- rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
 CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
 	NOT-FOR-US: Rust crate mopa
 CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
@@ -760,17 +761,17 @@ CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for
 CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
 	NOT-FOR-US: Rust crate csv-sniffer
 CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
-	TODO: check
+	NOT-FOR-US: Rust crate columnar
 CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate flumedb
 CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
-	TODO: check
+	NOT-FOR-US: Rust crate binjs
 CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bronzedb-protocol
 CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate derive-com-impl
 CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate vec-const
 CVE-2021-45111
 	RESERVED
 CVE-2021-45071