From 5229d25ebbfb2109b26ff10ccba6a7b7ac363a0c Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 3 Jan 2022 16:39:07 +0100 Subject: "new" rust-smallvec issue rust-sha2 n/a NFUs --- data/CVE/2018.list | 15 +++++++++------ data/CVE/2019.list | 4 ++-- data/CVE/2020.list | 8 ++++---- data/CVE/2021.list | 15 ++++++++------- 4 files changed, 23 insertions(+), 19 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 0f1b18d972..05fecbe7cd 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,15 +1,18 @@ CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) - TODO: check + NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) - TODO: check + NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate actix-web CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate actix-web CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate actix-web CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...) - TODO: check + - rust-smallvec 1.1.0-1 + [buster] - rust-smallvec (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html + NOTE: https://github.com/servo/rust-smallvec/issues/126 CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...) - libtoxcore 0.2.2-1 NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 800f2f6e17..f2c191388a 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,7 +1,7 @@ CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...) - TODO: check + NOT-FOR-US: Rust crate libpulse-binding CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...) - TODO: check + NOT-FOR-US: Rust crate pnet CVE-2019-25053 RESERVED CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c6f8f575a2..189bc0aa17 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,11 +1,11 @@ CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) - TODO: check + NOT-FOR-US: Rust crate acc_reader CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) - TODO: check + NOT-FOR-US: Rust crate acc_reader CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...) - TODO: check + NOT-FOR-US: Rust crate buffoon CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate bite CVE-2020-36510 RESERVED CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 21e3739376..7efc90ca65 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -738,7 +738,8 @@ CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...) NOT-FOR-US: Rust crate molecule CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...) - TODO: check + - rust-sha2 (Only affetced 0.9.7, never uploaded to the archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...) NOT-FOR-US: Rust crate mopa CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...) @@ -760,17 +761,17 @@ CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...) NOT-FOR-US: Rust crate csv-sniffer CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...) - TODO: check + NOT-FOR-US: Rust crate columnar CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...) - TODO: check + NOT-FOR-US: Rust crate flumedb CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...) - TODO: check + NOT-FOR-US: Rust crate binjs CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...) - TODO: check + NOT-FOR-US: Rust crate bronzedb-protocol CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...) - TODO: check + NOT-FOR-US: Rust crate derive-com-impl CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate vec-const CVE-2021-45111 RESERVED CVE-2021-45071 -- cgit v1.2.3