diff --git a/vuln_db.json b/vuln_db.json new file mode 100644 index 0000000..9a04f50 --- /dev/null +++ b/vuln_db.json @@ -0,0 +1,17235 @@ +{ + "generated_at": "unix:1774449354", + "entries": [ + { + "advisory_id": "RUSTSEC-2026-0037", + "package": "quinn-proto", + "title": "Denial of service in Quinn endpoints", + "date": "2026-03-09", + "patched_versions": [ + ">= 0.11.14" + ], + "commit_sha": "2c315aa7f9c2a6c1db87f8f51f40623a427c78fd", + "vulnerable_symbols": [ + { + "file": "quinn-proto/src/congestion/bbr/mod.rs", + "function": "quinn_proto::congestion::bbr::Bbr::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/connection/assembler.rs", + "function": "quinn_proto::connection::assembler::Buffer::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/connection/assembler.rs", + "function": "quinn_proto::connection::assembler::State::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/connection/assembler.rs", + "function": "quinn_proto::connection::assembler::State::default", + "change_type": "Deleted" + }, + { + "file": "quinn-proto/src/transport_parameters.rs", + "function": "quinn_proto::transport_parameters::TransportParameters::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0074", + "package": "libcrux-sha3", + "title": "Incorrect Output of Incremental Portable SHAKE API", + "date": "2026-03-04", + "patched_versions": [ + ">= 0.0.8 " + ], + "commit_sha": "6bbe15ec6a24222dade456aa75a382234807c4ff", + "vulnerable_symbols": [ + { + "file": "crates/algorithms/sha3/src/generic_keccak/xof.rs", + "function": "sha3::generic_keccak::xof::KeccakXofState::", + "change_type": "Modified" + }, + { + "file": "crates/algorithms/sha3/src/simd/avx2.rs", + "function": "sha3::simd::avx2::store_block", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0073", + "package": "libcrux-poly1305", + "title": "Panic in Standalone MAC Operations", + "date": "2026-03-04", + "patched_versions": [ + ">= 0.0.5 " + ], + "commit_sha": "5730a90658437802482a2862748378619241d4b7", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2026-0076", + "package": "libcrux-ml-dsa", + "title": "Panic in Signature Hint Decoding During Verification", + "date": "2026-03-04", + "patched_versions": [ + ">= 0.0.8 " + ], + "commit_sha": "2d2ad879b287d0c9f3364fa863d105c057805a1b", + "vulnerable_symbols": [ + { + "file": "libcrux-ml-dsa/src/encoding/signature.rs", + "function": "libcrux_ml_dsa::encoding::signature::deserialize", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0077", + "package": "libcrux-ml-dsa", + "title": "Incorrect Check of Signer Response Norm During Verification", + "date": "2026-03-04", + "patched_versions": [ + ">= 0.0.8 " + ], + "commit_sha": "0b8c446d8c235086561f74dc3079d930569d9bdd", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2026-0075", + "package": "libcrux-ed25519", + "title": "All-Zero Key Generation on Catastrophic RNG Failure", + "date": "2026-03-04", + "patched_versions": [ + ">= 0.0.7 " + ], + "commit_sha": "bda2b492b1d1ab12b5c77271874d53f111af1788", + "vulnerable_symbols": [ + { + "file": "crates/algorithms/ed25519/src/impl_hacl.rs", + "function": "ed25519::impl_hacl::generate_key_pair", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0013", + "package": "pyo3", + "title": "Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up", + "date": "2026-02-18", + "patched_versions": [ + ">= 0.28.2" + ], + "commit_sha": "a7c8f38a0f204806c84c0feb872c430d3f6078db", + "vulnerable_symbols": [ + { + "file": "pyo3-build-config/src/impl_.rs", + "function": "pyo3_build_config::impl_::InterpreterConfig::", + "change_type": "Modified" + }, + { + "file": "pyo3-build-config/src/lib.rs", + "function": "pyo3_build_config::print_expected_cfgs", + "change_type": "Modified" + }, + { + "file": "pyo3-ffi/src/moduleobject.rs", + "function": "pyo3_ffi::moduleobject::PyModule_GetToken", + "change_type": "Modified" + }, + { + "file": "pyo3-ffi/src/object.rs", + "function": "pyo3_ffi::object::Py_TYPE", + "change_type": "Modified" + }, + { + "file": "pyo3-ffi/src/object.rs", + "function": "pyo3_ffi::object::Py_SIZE", + "change_type": "Added" + }, + { + "file": "pyo3-ffi/src/object.rs", + "function": "pyo3_ffi::object::Py_IS_TYPE", + "change_type": "Added" + }, + { + "file": "pyo3-ffi/src/refcount.rs", + "function": "pyo3_ffi::refcount::Py_REFCNT", + "change_type": "Modified" + }, + { + "file": "src/impl_/pymodule.rs", + "function": "impl_::pymodule::ModuleDef::", + "change_type": "Modified" + }, + { + "file": "src/impl_/pymodule.rs", + "function": "impl_::pymodule::ModuleDef::init_multi_phase", + "change_type": "Modified" + }, + { + "file": "src/pycell/impl_.rs", + "function": "pycell::impl_::test_inherited_size", + "change_type": "Modified" + }, + { + "file": "src/types/any.rs", + "function": "types::any::PyAny::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0012", + "package": "keccak", + "title": "Unsoundness in opt-in ARMv8 assembly backend for `keccak`", + "date": "2026-02-12", + "patched_versions": [ + ">= 0.1.6" + ], + "commit_sha": "7ac1920198ebb7d0192e6d2c3581e15b38a6e0e5", + "vulnerable_symbols": [ + { + "file": "keccak/src/armv8.rs", + "function": "keccak::armv8::p1600_armv8_sha3_asm", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0069", + "package": "hpke-rs", + "title": "Incorrect Length Encoding on KDF Export", + "date": "2026-02-11", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531", + "vulnerable_symbols": [ + { + "file": "libcrux_provider/src/lib.rs", + "function": "libcrux_provider::HpkeLibcruxPrng::", + "change_type": "Modified" + }, + { + "file": "libcrux_provider/src/lib.rs", + "function": "libcrux_provider::HpkeLibcruxPrng::zeroize", + "change_type": "Added" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCryptoPrng::", + "change_type": "Modified" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCryptoPrng::zeroize", + "change_type": "Added" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::dh", + "change_type": "Modified" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::all_zero", + "change_type": "Deleted" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::key_gen", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::encaps", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::auth_encaps", + "change_type": "Modified" + }, + { + "file": "src/kdf.rs", + "function": "kdf::labeled_expand", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::encaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::decaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::auth_encaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::auth_decaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::key_gen", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Context::seal", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Context::open", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Hpke::generate_key_pair", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Hpke::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KemAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KemAlgorithm::zeroize", + "change_type": "Added" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::AeadAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::AeadAlgorithm::zeroize", + "change_type": "Added" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KdfAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KdfAlgorithm::zeroize", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0070", + "package": "hpke-rs", + "title": "Panic When Opening or Sealing on Export-Only Context", + "date": "2026-02-11", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531", + "vulnerable_symbols": [ + { + "file": "libcrux_provider/src/lib.rs", + "function": "libcrux_provider::HpkeLibcruxPrng::", + "change_type": "Modified" + }, + { + "file": "libcrux_provider/src/lib.rs", + "function": "libcrux_provider::HpkeLibcruxPrng::zeroize", + "change_type": "Added" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCryptoPrng::", + "change_type": "Modified" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCryptoPrng::zeroize", + "change_type": "Added" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::dh", + "change_type": "Modified" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::all_zero", + "change_type": "Deleted" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::key_gen", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::encaps", + "change_type": "Modified" + }, + { + "file": "src/dh_kem.rs", + "function": "dh_kem::auth_encaps", + "change_type": "Modified" + }, + { + "file": "src/kdf.rs", + "function": "kdf::labeled_expand", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::encaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::decaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::auth_encaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::auth_decaps", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::key_gen", + "change_type": "Modified" + }, + { + "file": "src/kem.rs", + "function": "kem::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Context::seal", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Context::open", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Hpke::generate_key_pair", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Hpke::derive_key_pair", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KemAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KemAlgorithm::zeroize", + "change_type": "Added" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::AeadAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::AeadAlgorithm::zeroize", + "change_type": "Added" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KdfAlgorithm::", + "change_type": "Modified" + }, + { + "file": "traits/src/types.rs", + "function": "traits::types::KdfAlgorithm::zeroize", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0025", + "package": "libcrux-psq", + "title": "Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext", + "date": "2026-02-08", + "patched_versions": [ + ">= 0.0.7" + ], + "commit_sha": "f303b6446c19fe9a7c993f61e426023609cd5fac", + "vulnerable_symbols": [ + { + "file": "libcrux-psq/src/aead.rs", + "function": "libcrux_psq::aead::AEADKeyNonce::", + "change_type": "Modified" + }, + { + "file": "libcrux-psq/src/handshake/initiator/registration.rs", + "function": "libcrux_psq::handshake::initiator::registration::for RegistrationInitiator::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0026", + "package": "libcrux-ed25519", + "title": "Unnecessary clamping of seed reduces seed entropy to 251 bits", + "date": "2026-02-05", + "patched_versions": [ + ">= 0.0.6" + ], + "commit_sha": "4d6f5d3c2542b6179a6474dec8cfb8b8ddf31a84", + "vulnerable_symbols": [ + { + "file": "crates/algorithms/ed25519/src/impl_hacl.rs", + "function": "ed25519::impl_hacl::generate_key_pair", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0071", + "package": "hpke-rs", + "title": "Nonce Reuse in HPKE Context", + "date": "2026-02-05", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": "3a8254938f43bdc4e0c9c4f987f8071f19779066", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Context::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Context::sequence_number", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Context::sequence_number", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0072", + "package": "hpke-rs-rust-crypto", + "title": "Missing Check for All-Zero X25519 Shared Secret", + "date": "2026-02-04", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": "1c247b5c9aeca602ad2971c9bd49817fe2c308e6", + "vulnerable_symbols": [ + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::", + "change_type": "Modified" + }, + { + "file": "rust_crypto_provider/src/lib.rs", + "function": "rust_crypto_provider::HpkeRustCrypto::all_zero", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0008", + "package": "git2", + "title": "Potential undefined behavior when dereferencing Buf struct", + "date": "2026-02-02", + "patched_versions": [ + ">=0.20.4" + ], + "commit_sha": "9e160f15bd056f82143109bb330573381e5de719", + "vulnerable_symbols": [ + { + "file": "src/buf.rs", + "function": "buf::Buf::deref", + "change_type": "Modified" + }, + { + "file": "src/buf.rs", + "function": "buf::Buf::deref_mut", + "change_type": "Modified" + }, + { + "file": "src/buf.rs", + "function": "buf::Buf::empty_buf", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0023", + "package": "libcrux-ecdh", + "title": "X25519 secret validation did not check buffer length or clamping", + "date": "2026-01-26", + "patched_versions": [ + ">= 0.0.6" + ], + "commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734", + "vulnerable_symbols": [ + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::clamp", + "change_type": "Deleted" + }, + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::clamp", + "change_type": "Added" + }, + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::is_clamped", + "change_type": "Added" + }, + { + "file": "libcrux-ecdh/src/ecdh.rs", + "function": "libcrux_ecdh::ecdh::AsRef::validate_scalar", + "change_type": "Modified" + }, + { + "file": "libcrux-psq/src/handshake/dhkem.rs", + "function": "libcrux_psq::handshake::dhkem::DHPrivateKey::from_bytes", + "change_type": "Modified" + }, + { + "file": "libcrux-psq/src/session.rs", + "function": "libcrux_psq::session::Session::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0024", + "package": "libcrux-psq", + "title": "Incorrect X25519 clamping check rejects all secrets on import", + "date": "2026-01-26", + "patched_versions": [ + ">= 0.0.7" + ], + "commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734", + "vulnerable_symbols": [ + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::clamp", + "change_type": "Deleted" + }, + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::clamp", + "change_type": "Added" + }, + { + "file": "crates/algorithms/curve25519/src/lib.rs", + "function": "curve25519::libcrux_traits::kem::arrayref::Kem::is_clamped", + "change_type": "Added" + }, + { + "file": "libcrux-ecdh/src/ecdh.rs", + "function": "libcrux_ecdh::ecdh::AsRef::validate_scalar", + "change_type": "Modified" + }, + { + "file": "libcrux-psq/src/handshake/dhkem.rs", + "function": "libcrux_psq::handshake::dhkem::DHPrivateKey::from_bytes", + "change_type": "Modified" + }, + { + "file": "libcrux-psq/src/session.rs", + "function": "libcrux_psq::session::Session::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0005", + "package": "oneshot", + "title": "Potential use-after-free in `oneshot` when used asynchronously", + "date": "2026-01-25", + "patched_versions": [ + ">= 0.1.12" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2026-0002", + "package": "lru", + "title": "`IterMut` violates Stacked Borrows by invalidating internal pointer", + "date": "2026-01-07", + "patched_versions": [ + ">= 0.16.3" + ], + "commit_sha": "62be24c96137fcf5c6323607ff15ed878b157ee2", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "IterMut::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "IterMut::iter_mut_stacked_borrows_violation", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2026-0001", + "package": "rkyv", + "title": "Potential Undefined Behaviors in `Arc`/`Rc` impls of `from_value` on OOM", + "date": "2026-01-05", + "patched_versions": [ + ">= 0.7.46, < 0.8.0", + ">= 0.8.13" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0139", + "package": "theshit", + "title": "theshit vulnerable to unsafe loading of user-owned Python rules when running as root", + "date": "2025-12-30", + "patched_versions": [ + ">= 0.1.1" + ], + "commit_sha": "8e0b565e7876a83b0e1cfbacb8af39dadfdcc500", + "vulnerable_symbols": [ + { + "file": "src/fix/python.rs", + "function": "fix::python::check_security", + "change_type": "Added" + }, + { + "file": "src/fix/python.rs", + "function": "fix::python::process_python_rules", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0140", + "package": "gix-date", + "title": "Non-utf8 String can be created with `TimeBuf::as_str`", + "date": "2025-12-29", + "patched_versions": [ + ">= 0.12.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0143", + "package": "capnp", + "title": "Unsound APIs of public `constant::Reader` and `StructSchema`", + "date": "2025-12-24", + "patched_versions": [ + ">= 0.24.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0137", + "package": "ruint", + "title": "Unsoundness of safe `reciprocal_mg10`", + "date": "2025-12-22", + "patched_versions": [ + ">= 1.17.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0133", + "package": "libcrux-intrinsics", + "title": "Incorrect calculation on aarch64", + "date": "2025-12-04", + "patched_versions": [ + ">= 0.0.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0134", + "package": "rustls-pemfile", + "title": "rustls-pemfile is unmaintained", + "date": "2025-11-28", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0132", + "package": "maxminddb", + "title": "`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe", + "date": "2025-11-28", + "patched_versions": [ + ">= 0.27.0" + ], + "commit_sha": "98f0e4fff9678c841ed33f3b8a46322f6163c32a", + "vulnerable_symbols": [ + { + "file": "src/reader.rs", + "function": "reader::Reader::open_mmap", + "change_type": "Deleted" + }, + { + "file": "src/reader.rs", + "function": "reader::Reader::open_mmap", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0125", + "package": "thread-amount", + "title": "Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS", + "date": "2025-11-22", + "patched_versions": [ + ">=0.2.2" + ], + "commit_sha": "28860d4a38286609cb884c13b5b7941edc2390e5", + "vulnerable_symbols": [ + { + "file": "src/osx.rs", + "function": "osx::thread_amount", + "change_type": "Modified" + }, + { + "file": "src/windows.rs", + "function": "windows::thread_amount", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0119", + "package": "number_prefix", + "title": "number_prefix crate is unmaintained", + "date": "2025-11-17", + "patched_versions": [], + "commit_sha": "0ea8171492efe2784f7d820e91ced0cb79262923", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0122", + "package": "cargo-asm", + "title": "cargo-asm crate is unmaintained", + "date": "2025-11-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0153", + "package": "hexchat", + "title": "hexchat crate is unsound and unmaintained", + "date": "2025-11-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0120", + "package": "json5", + "title": "json5 crate is unmaintained", + "date": "2025-11-16", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0114", + "package": "tandem_http_client", + "title": "tandem_http_client is unmaintained", + "date": "2025-11-10", + "patched_versions": [], + "commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0116", + "package": "tandem_garble_interop", + "title": "tandem_garble_interop is unmaintained", + "date": "2025-11-10", + "patched_versions": [], + "commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0115", + "package": "tandem_http_server", + "title": "tandem_http_server is unmaintained", + "date": "2025-11-10", + "patched_versions": [], + "commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0117", + "package": "tandem", + "title": "tandem is unmaintained", + "date": "2025-11-10", + "patched_versions": [], + "commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0107", + "package": "borrowck_sacrifices", + "title": "Uninitialized memory exposure in any_as_u8_slice", + "date": "2025-10-21", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0109", + "package": "binary_vec_io", + "title": "Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref", + "date": "2025-10-21", + "patched_versions": [], + "commit_sha": "e8ee610c217b112100e784c944bbb9caa995c2ae", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0105", + "package": "direct_ring_buffer", + "title": "Uninitialized memory exposure in create_ring_buffer", + "date": "2025-10-21", + "patched_versions": [ + ">= 0.2.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0106", + "package": "orx-pinned-vec", + "title": "Undefined behavior in index_of_ptr with empty slices", + "date": "2025-10-21", + "patched_versions": [ + ">= 3.21.0" + ], + "commit_sha": "4a4007a1aaff25cd417853c76163883a7110e276", + "vulnerable_symbols": [ + { + "file": "src/utils/slice.rs", + "function": "utils::slice::index_of", + "change_type": "Modified" + }, + { + "file": "src/utils/slice.rs", + "function": "utils::slice::index_of_ptr", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0108", + "package": "ncurses", + "title": "Uninitialized memory exposure in string reading functions", + "date": "2025-10-21", + "patched_versions": [], + "commit_sha": "cbeb0465070dd7a07413f0465114f8cd43df4ecc", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0091", + "package": "unic-utils", + "title": "`unic-utils` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0099", + "package": "unic-ucd-block", + "title": "`unic-ucd-block` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0083", + "package": "unic-ucd-bidi", + "title": "`unic-ucd-bidi` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0094", + "package": "unic-ucd-category", + "title": "`unic-ucd-category` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0100", + "package": "unic-ucd-ident", + "title": "`unic-ucd-ident` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0096", + "package": "unic-bidi", + "title": "`unic-bidi` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0081", + "package": "unic-char-property", + "title": "`unic-char-property` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0085", + "package": "unic-idna", + "title": "`unic-idna` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0084", + "package": "unic-emoji", + "title": "`unic-emoji` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0104", + "package": "unic-ucd-segment", + "title": "`unic-ucd-segment` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0082", + "package": "unic-normal", + "title": "`unic-normal` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0077", + "package": "unic-ucd", + "title": "`unic-ucd` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0075", + "package": "unic-char-range", + "title": "`unic-char-range` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0097", + "package": "unic-idna-mapping", + "title": "`unic-idna-mapping` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0086", + "package": "unic-char", + "title": "`unic-char` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0088", + "package": "unic-idna-punycode", + "title": "`unic-idna-punycode` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0101", + "package": "unic-ucd-common", + "title": "`unic-ucd-common` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0076", + "package": "unic-ucd-name", + "title": "`unic-ucd-name` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0089", + "package": "unic-ucd-name_aliases", + "title": "`unic-ucd-name_aliases` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0102", + "package": "unic-ucd-age", + "title": "`unic-ucd-age` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0080", + "package": "unic-common", + "title": "`unic-common` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0087", + "package": "unic-cli", + "title": "`unic-cli` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0095", + "package": "unic", + "title": "`unic` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0098", + "package": "unic-ucd-version", + "title": "`unic-ucd-version` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0074", + "package": "unic-segment", + "title": "`unic-segment` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0079", + "package": "unic-ucd-hangul", + "title": "`unic-ucd-hangul` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0126", + "package": "nftnl", + "title": "Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)", + "date": "2025-10-18", + "patched_versions": [ + ">= 0.9.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0092", + "package": "unic-ucd-case", + "title": "`unic-ucd-case` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0103", + "package": "unic-ucd-core", + "title": "`unic-ucd-core` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0090", + "package": "unic-emoji-char", + "title": "`unic-emoji-char` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0093", + "package": "unic-char-basics", + "title": "`unic-char-basics` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0142", + "package": "mnl", + "title": "Segmentation fault and invalid memory read in `mnl::cb_run`", + "date": "2025-10-18", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0078", + "package": "unic-ucd-normal", + "title": "`unic-ucd-normal` is unmaintained", + "date": "2025-10-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0069", + "package": "daemonize", + "title": "`daemonize` is Unmaintained", + "date": "2025-09-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0067", + "package": "libyml", + "title": "`libyml::string::yaml_string_extend` is unsound and unmaintained", + "date": "2025-09-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0068", + "package": "serde_yml", + "title": "serde_yml crate is unsound and unmaintained", + "date": "2025-09-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0061", + "package": "iron", + "title": "iron crate is unmaintained", + "date": "2025-09-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0059", + "package": "servo-fontconfig", + "title": "servo-fontconfig crate is unmaintained", + "date": "2025-09-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0060", + "package": "crypto-hash", + "title": "crypto-hash crate is unmaintained", + "date": "2025-09-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0058", + "package": "custom_derive", + "title": "custom_derive crate is unmaintained", + "date": "2025-09-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0057", + "package": "fxhash", + "title": "fxhash - no longer maintained", + "date": "2025-09-05", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0049", + "package": "scratchpad", + "title": "User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows", + "date": "2025-08-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0050", + "package": "id-map", + "title": "IdMap::from_iter may lead to uninitialized memory being freed on drop", + "date": "2025-08-14", + "patched_versions": [ + ">= 0.2.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0054", + "package": "array-queue", + "title": "ArrayQueue::push_front is not panic-safe", + "date": "2025-08-14", + "patched_versions": [ + ">=0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0053", + "package": "arenavec", + "title": "Multiple memory corruption vulnerabilities in safe APIs", + "date": "2025-08-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0047", + "package": "slab", + "title": "Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check", + "date": "2025-08-12", + "patched_versions": [ + ">= 0.4.11" + ], + "commit_sha": "2d65c514bc964b192bab212ddf3c1fcea4ae96b8", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Slab::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0051", + "package": "xcb", + "title": "`xcb::Connection::connect_to_fd*` functions violate I/O safety", + "date": "2025-08-05", + "patched_versions": [ + ">= 1.6.0" + ], + "commit_sha": "da830976870c1174e3b33eb0643177be3991c002", + "vulnerable_symbols": [ + { + "file": "src/base.rs", + "function": "base::Connection::", + "change_type": "Modified" + }, + { + "file": "src/base.rs", + "function": "base::Connection::connect_to_fd", + "change_type": "Modified" + }, + { + "file": "src/base.rs", + "function": "base::Connection::connect_with_fd", + "change_type": "Added" + }, + { + "file": "src/base.rs", + "function": "base::Connection::connect_with_fd_and_extensions", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0048", + "package": "tsify-next", + "title": "tsify-next is unmaintained, use tsify instead", + "date": "2025-07-29", + "patched_versions": [], + "commit_sha": "0b377ed27073b0be76c67a88dc9b3934122559c1", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0045", + "package": "static_cell", + "title": "ConstStaticCell could have been used to pass non-Send values to another thread", + "date": "2025-07-17", + "patched_versions": [ + ">= 2.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0042", + "package": "static-alloc", + "title": "Uninitialized read after allocating MemBump", + "date": "2025-07-11", + "patched_versions": [ + ">= 0.2.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0044", + "package": "slice-ring-buffer", + "title": "Four unique double-free vulnerabilities triggered via safe APIs", + "date": "2025-06-16", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0138", + "package": "deno", + "title": "--allow-read / --allow-write permission bypass in `node:sqlite`", + "date": "2025-06-03", + "patched_versions": [ + ">= 2.2.5" + ], + "commit_sha": "31a97803995bd94629528ba841b2418d3ca01860", + "vulnerable_symbols": [ + { + "file": "ext/node/ops/sqlite/database.rs", + "function": "ext::node::ops::sqlite::database::DatabaseSync::set_db_config", + "change_type": "Added" + }, + { + "file": "ext/node/ops/sqlite/database.rs", + "function": "ext::node::ops::sqlite::database::DatabaseSync::open_db", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0062", + "package": "toodee", + "title": "Heap Buffer Overflow in the DrainCol Destructor", + "date": "2025-05-22", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0036", + "package": "surf", + "title": "surf is unmaintained", + "date": "2025-05-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0027", + "package": "mp3-metadata", + "title": "Panic in mp3-metadata due to the lack of bounds checking", + "date": "2025-04-28", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0035", + "package": "macroquad", + "title": "Multiple soundness issues in `macroquad`", + "date": "2025-04-23", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0024", + "package": "crossbeam-channel", + "title": "crossbeam-channel: double free on Drop", + "date": "2025-04-08", + "patched_versions": [ + ">= 0.5.15" + ], + "commit_sha": "596df785c0e6f00b1775bba1b5506d998fb94b63", + "vulnerable_symbols": [ + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Channel::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0023", + "package": "tokio", + "title": "Broadcast channel calls clone in parallel, but does not require `Sync`", + "date": "2025-04-07", + "patched_versions": [ + ">= 1.38.2, < 1.39.0", + ">= 1.42.1, < 1.43.0", + ">= 1.43.1, < 1.44.0", + ">= 1.44.2" + ], + "commit_sha": "aa303bc2051f7c21b48bb7bfcafe8fd4f39afd21", + "vulnerable_symbols": [ + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::Recv::", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::WaiterCell::", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::Sender::", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::Receiver::", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::Recv::new", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::RecvGuard::new", + "change_type": "Modified" + }, + { + "file": "tokio/src/sync/broadcast.rs", + "function": "tokio::sync::broadcast::RecvGuard::drop", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0022", + "package": "openssl", + "title": "Use-After-Free in `Md::fetch` and `Cipher::fetch`", + "date": "2025-04-04", + "patched_versions": [ + ">= 0.10.72" + ], + "commit_sha": "87085bd67896b7f92e6de35d081f607a334beae4", + "vulnerable_symbols": [ + { + "file": "openssl/src/cipher.rs", + "function": "openssl::cipher::Cipher::", + "change_type": "Modified" + }, + { + "file": "openssl/src/cipher.rs", + "function": "openssl::cipher::CipherRef::", + "change_type": "Modified" + }, + { + "file": "openssl/src/cipher.rs", + "function": "openssl::cipher::CipherRef::test_cipher_fetch_properties", + "change_type": "Added" + }, + { + "file": "openssl/src/md.rs", + "function": "openssl::md::Md::", + "change_type": "Modified" + }, + { + "file": "openssl/src/md.rs", + "function": "openssl::md::MdRef::", + "change_type": "Modified" + }, + { + "file": "openssl/src/md.rs", + "function": "openssl::md::MdRef::test_md_fetch_properties", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0020", + "package": "pyo3", + "title": "Risk of buffer overflow in `PyString::from_object`", + "date": "2025-04-01", + "patched_versions": [ + ">= 0.24.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0019", + "package": "array-init-cursor", + "title": "`array-init-cursor` in version 0.2.0 and below is unsound when used with types that implement `Drop`", + "date": "2025-03-27", + "patched_versions": [ + ">= 0.2.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0033", + "package": "scanner", + "title": "Public API without sufficient bounds checking", + "date": "2025-03-27", + "patched_versions": [], + "commit_sha": "20e260a42a8279aac5bccdcaa56daefc20d852d3", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "ScanIter::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Match::ptr", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Match::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Match::ptr", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Match::get", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Match::get", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0018", + "package": "xmas-elf", + "title": "Potential out-of-bounds read with a malformed ELF file and the HashTable API.", + "date": "2025-03-26", + "patched_versions": [ + ">=0.10" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0017", + "package": "trust-dns-proto", + "title": "The `trust-dns` project has been rebranded to `hickory-dns`", + "date": "2025-03-23", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0016", + "package": "pared", + "title": "Use after free in `Parc` and `Prc` due to missing lifetime constraints", + "date": "2025-03-13", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0014", + "package": "humantime", + "title": "humantime is unmaintained", + "date": "2025-03-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0012", + "package": "backoff", + "title": "`backoff` is unmaintained.", + "date": "2025-03-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0008", + "package": "openh264-sys2", + "title": "Openh264 Decoding Functions Heap Overflow Vulnerability", + "date": "2025-02-24", + "patched_versions": [ + ">=0.8.0" + ], + "commit_sha": "63db555e30986e3a5f07871368dc90ae78c27449", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0015", + "package": "web-push", + "title": "Denial of Service via malicious Web Push endpoint", + "date": "2025-02-16", + "patched_versions": [ + ">= 0.10.3" + ], + "commit_sha": "8447ed86bf3f24629abd7022b94104bf3cd64453", + "vulnerable_symbols": [ + { + "file": "src/clients/hyper_client.rs", + "function": "clients::hyper_client::HyperWebPushClient::", + "change_type": "Modified" + }, + { + "file": "src/clients/isahc_client.rs", + "function": "clients::isahc_client::IsahcWebPushClient::", + "change_type": "Modified" + }, + { + "file": "src/error.rs", + "function": "error::WebPushError::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0004", + "package": "openssl", + "title": "ssl::select_next_proto use after free", + "date": "2025-02-02", + "patched_versions": [ + ">= 0.10.70" + ], + "commit_sha": "f014afb230de4d77bc79dea60e7e58c2f47b60f2", + "vulnerable_symbols": [ + { + "file": "openssl/src/ssl/mod.rs", + "function": "openssl::ssl::select_next_proto", + "change_type": "Deleted" + }, + { + "file": "openssl/src/ssl/mod.rs", + "function": "openssl::ssl::select_next_proto", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2025-0040", + "package": "users", + "title": "`root` appended to group listings", + "date": "2025-01-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0003", + "package": "fast-float", + "title": "Segmentation fault due to lack of bound check", + "date": "2025-01-13", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0002", + "package": "fast-float2", + "title": "Segmentation fault due to lack of bound check", + "date": "2025-01-13", + "patched_versions": [ + ">=0.2.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2025-0026", + "package": "registry", + "title": "registry is unmaintained", + "date": "2025-01-13", + "patched_versions": [], + "commit_sha": "41dc296c786e5943d3238535e45e1df60b258050", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0430", + "package": "magic-crypt", + "title": "Use of insecure cryptographic algorithms", + "date": "2024-12-28", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0431", + "package": "xous", + "title": "Unsound usages of `core::slice::from_raw_parts`", + "date": "2024-12-23", + "patched_versions": [ + ">= 0.9.51" + ], + "commit_sha": "3e051fa39e456e3981996e5cbe88f51b8bd68d76", + "vulnerable_symbols": [ + { + "file": "apps/transientdisk/src/flash_drive.rs", + "function": "transientdisk::flash_drive::FlashDrive::", + "change_type": "Modified" + }, + { + "file": "apps/transientdisk/src/flash_drive.rs", + "function": "transientdisk::flash_drive::FlashDrive::read_inner", + "change_type": "Modified" + }, + { + "file": "apps/transientdisk/src/flash_drive.rs", + "function": "transientdisk::flash_drive::FlashDrive::write_inner", + "change_type": "Modified" + }, + { + "file": "kernel/src/services.rs", + "function": "kernel::services::SystemServices::", + "change_type": "Modified" + }, + { + "file": "services/dns/src/main.rs", + "function": "dns::main::fill_response", + "change_type": "Modified" + }, + { + "file": "services/dns/src/main.rs", + "function": "dns::main::fill_error", + "change_type": "Modified" + }, + { + "file": "services/early_settings/src/main.rs", + "function": "early_settings::main::State::", + "change_type": "Modified" + }, + { + "file": "services/graphics-server/src/backend/betrusted.rs", + "function": "graphics_server::backend::betrusted::XousDisplay::pop", + "change_type": "Modified" + }, + { + "file": "services/graphics-server/src/backend/betrusted.rs", + "function": "graphics_server::backend::betrusted::XousDisplay::resume", + "change_type": "Modified" + }, + { + "file": "services/graphics-server/src/backend/betrusted.rs", + "function": "graphics_server::backend::betrusted::XousDisplay::as_slice", + "change_type": "Modified" + }, + { + "file": "services/graphics-server/src/main.rs", + "function": "graphics_server::main::wrapped_main", + "change_type": "Modified" + }, + { + "file": "services/net/src/main.rs", + "function": "net::main::main", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_glue.rs", + "function": "net::std_glue::respond_with_error", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_glue.rs", + "function": "net::std_glue::respond_with_connected", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_glue.rs", + "function": "net::std_glue::insert_or_append", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcplistener.rs", + "function": "net::std_tcplistener::std_tcp_listen", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcplistener.rs", + "function": "net::std_tcplistener::std_tcp_accept", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcpstream.rs", + "function": "net::std_tcpstream::std_tcp_connect", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcpstream.rs", + "function": "net::std_tcpstream::std_tcp_tx", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcpstream.rs", + "function": "net::std_tcpstream::std_tcp_rx", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcpstream.rs", + "function": "net::std_tcpstream::std_tcp_peek", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_tcpstream.rs", + "function": "net::std_tcpstream::std_tcp_can_close", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_udp.rs", + "function": "net::std_udp::std_udp_bind", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_udp.rs", + "function": "net::std_udp::std_udp_rx", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_udp.rs", + "function": "net::std_udp::std_udp_tx", + "change_type": "Modified" + }, + { + "file": "services/net/src/std_udp.rs", + "function": "net::std_udp::std_failure", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::EmuStorage::as_slice", + "change_type": "Deleted" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::EmuStorage::", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::EmuStorage::as_slice", + "change_type": "Added" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::EmuStorage::as_mut_slice", + "change_type": "Deleted" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::EmuStorage::as_mut_slice", + "change_type": "Added" + }, + { + "file": "services/pddb/src/backend/hosted.rs", + "function": "pddb::backend::hosted::HostedSpinor::as_mut_slice", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::patch_pagetable_raw", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::patch_mbbb", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::patch_fscb", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::pt_find_erased_slot", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::pt_as_slice", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::static_crypto_data_get", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::mbbb_as_slice", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::mbbb_retrieve", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::fscb_deref", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::data_decrypt_page", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/backend/hw.rs", + "function": "pddb::backend::hw::PddbOs::checksums", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/lib.rs", + "function": "pddb::Pddb::", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::stat_path", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::list_path", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::list_basis", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::open_key", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::delete_key", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::write_key", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::read_key", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::list_dict", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::list_key", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::delete_dict", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/libstd/mod.rs", + "function": "pddb::libstd::create_dict", + "change_type": "Modified" + }, + { + "file": "services/pddb/src/main.rs", + "function": "pddb::main::wrapped_main", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::gateware", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::staging", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::loader_code", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::kernel", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::purge_sensitive_data", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::populate_sensitive_data", + "change_type": "Modified" + }, + { + "file": "services/root-keys/src/implementation.rs", + "function": "root_keys::implementation::RootKeys::read_staged_key_256", + "change_type": "Modified" + }, + { + "file": "services/shellchat/src/cmds/test.rs", + "function": "shellchat::cmds::test::for Test::", + "change_type": "Modified" + }, + { + "file": "services/status/src/ecup.rs", + "function": "status::ecup::ecupdate_thread", + "change_type": "Modified" + }, + { + "file": "services/status/src/ecup.rs", + "function": "status::ecup::is_ec_rev_sane", + "change_type": "Modified" + }, + { + "file": "xous-rs/src/arch/hosted/mod.rs", + "function": "xous_rs::arch::hosted::read_next_syscall_result", + "change_type": "Modified" + }, + { + "file": "xous-rs/src/arch/riscv/process.rs", + "function": "xous_rs::arch::riscv::process::create_process_pre", + "change_type": "Modified" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::", + "change_type": "Modified" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::new", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::from_parts", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::len", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::is_empty", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::as_ptr", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::as_mut_ptr", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::as_slice", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions.rs", + "function": "xous_rs::definitions::MemoryRange::as_slice_mut", + "change_type": "Deleted" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::", + "change_type": "Modified" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::new", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::len", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::is_empty", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::as_ptr", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::as_mut_ptr", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::as_slice", + "change_type": "Added" + }, + { + "file": "xous-rs/src/definitions/memoryrange.rs", + "function": "xous_rs::definitions::memoryrange::MemoryRange::as_slice_mut", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0424", + "package": "libafl", + "title": "Unsound usages of `core::slice::from_raw_parts_mut`", + "date": "2024-12-19", + "patched_versions": [ + ">= 0.11.2" + ], + "commit_sha": "f70a16a09a8096d3c50159dd8a912a75c2af157c", + "vulnerable_symbols": [ + { + "file": "libafl/src/observers/map.rs", + "function": "libafl::observers::map::hash_slice", + "change_type": "Modified" + }, + { + "file": "libafl_bolts/src/staterestore.rs", + "function": "libafl_bolts::staterestore::content_mut", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0435", + "package": "fyrox-core", + "title": "Unsound usages of `Vec::from_raw_parts`", + "date": "2024-12-19", + "patched_versions": [ + ">= 0.36" + ], + "commit_sha": "474e3b01a884366cdb7d704f7456ef692e992232", + "vulnerable_symbols": [ + { + "file": "fyrox-core/src/lib.rs", + "function": "fyrox_core::transmute_vec_as_bytes", + "change_type": "Deleted" + }, + { + "file": "fyrox-core/src/lib.rs", + "function": "fyrox_core::transmute_vec_as_bytes", + "change_type": "Added" + }, + { + "file": "fyrox-core/src/lib.rs", + "function": "fyrox_core::test_combine_uuids", + "change_type": "Modified" + }, + { + "file": "fyrox-core/src/lib.rs", + "function": "fyrox_core::test_transmute_vec_as_bytes_length_new_f32", + "change_type": "Added" + }, + { + "file": "fyrox-core/src/lib.rs", + "function": "fyrox_core::test_transmute_vec_as_bytes_length_new_usize", + "change_type": "Added" + }, + { + "file": "fyrox-impl/src/scene/mesh/surface.rs", + "function": "fyrox_impl::scene::mesh::surface::BlendShapesContainer::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0426", + "package": "spl-token-swap", + "title": "Unsound usages of `u8` type casting", + "date": "2024-12-19", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0437", + "package": "protobuf", + "title": "Crash due to uncontrolled recursion in protobuf crate", + "date": "2024-12-12", + "patched_versions": [ + ">= 3.7.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0423", + "package": "gtk-layer-shell-sys", + "title": "gtk-layer-shell-sys GTK3 bindings - no longer maintained", + "date": "2024-12-09", + "patched_versions": [], + "commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0422", + "package": "gtk-layer-shell", + "title": "gtk-layer-shell GTK3 bindings - no longer maintained", + "date": "2024-12-09", + "patched_versions": [], + "commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0428", + "package": "kvm-ioctls", + "title": "Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`", + "date": "2024-12-05", + "patched_versions": [ + ">= 0.19.1" + ], + "commit_sha": "ade910b953771f59c1c7d0622087ac44b49bf13c", + "vulnerable_symbols": [ + { + "file": "kvm-ioctls/src/ioctls/vm.rs", + "function": "kvm_ioctls::ioctls::vm::VmFd::create_device", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0409", + "package": "pyo3", + "title": "Build corruption when using `PYO3_CONFIG_FILE` environment variable", + "date": "2024-12-04", + "patched_versions": [ + ">= 0.23.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0408", + "package": "pprof", + "title": "Unsound usages of `std::slice::from_raw_parts`", + "date": "2024-12-04", + "patched_versions": [ + ">= 0.14.0" + ], + "commit_sha": "b1d02fda496d836d755b7d9fb85831aca5c64be2", + "vulnerable_symbols": [ + { + "file": "src/addr_validate.rs", + "function": "addr_validate::validate", + "change_type": "Modified" + }, + { + "file": "src/collector.rs", + "function": "collector::TempFdArray::", + "change_type": "Modified" + }, + { + "file": "src/collector.rs", + "function": "collector::Iterator::try_iter", + "change_type": "Modified" + }, + { + "file": "src/collector.rs", + "function": "collector::TempFdArray::try_iter", + "change_type": "Modified" + }, + { + "file": "src/collector.rs", + "function": "collector::TempFdArray::add_map", + "change_type": "Deleted" + }, + { + "file": "src/collector.rs", + "function": "collector::TempFdArray::add_map", + "change_type": "Added" + }, + { + "file": "src/collector.rs", + "function": "collector::TempFdArray::collector_align_test", + "change_type": "Added" + }, + { + "file": "src/profiler.rs", + "function": "profiler::ErrnoProtector::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0400", + "package": "ruzstd", + "title": "`ruzstd` uninit and out-of-bounds memory reads", + "date": "2024-11-28", + "patched_versions": [ + ">= 0.7.3" + ], + "commit_sha": "db68f68c1a83cdb33e12a66a23b5adec240db6bf", + "vulnerable_symbols": [ + { + "file": "src/decoding/ringbuffer.rs", + "function": "decoding::ringbuffer::RingBuffer::extend_from_within_unchecked", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0399", + "package": "rustls", + "title": "rustls network-reachable panic in `Acceptor::accept`", + "date": "2024-11-22", + "patched_versions": [ + ">= 0.23.18" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0445", + "package": "cap-primitives", + "title": "cap-primitives doesn't fully sandbox all the Windows device filenames", + "date": "2024-11-05", + "patched_versions": [ + ">= 3.4.1" + ], + "commit_sha": "dcc3818039761331fbeacbb3a40c542b65b5ebf7", + "vulnerable_symbols": [ + { + "file": "cap-primitives/src/windows/fs/open_impl.rs", + "function": "cap_primitives::windows::fs::open_impl::open_impl", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0379", + "package": "fast-float", + "title": "Multiple soundness issues", + "date": "2024-10-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0378", + "package": "pyo3", + "title": "Risk of use-after-free in `borrowed` reads from Python weak references", + "date": "2024-10-12", + "patched_versions": [ + ">= 0.22.4" + ], + "commit_sha": "10cd042e03a2c6e83ff67c91b9bcb6395e200d48", + "vulnerable_symbols": [ + { + "file": "pyo3-ffi/src/compat/py_3_13.rs", + "function": "pyo3_ffi::compat::py_3_13::PyWeakref_GetRef", + "change_type": "Added" + }, + { + "file": "pyo3-ffi/src/weakrefobject.rs", + "function": "pyo3_ffi::weakrefobject::PyWeakref_GetObject", + "change_type": "Deleted" + }, + { + "file": "pyo3-ffi/src/weakrefobject.rs", + "function": "pyo3_ffi::weakrefobject::PyWeakref_NewProxy", + "change_type": "Modified" + }, + { + "file": "pyo3-ffi/src/weakrefobject.rs", + "function": "pyo3_ffi::weakrefobject::PyWeakref_GetObject", + "change_type": "Added" + }, + { + "file": "pyo3-ffi/src/weakrefobject.rs", + "function": "pyo3_ffi::weakrefobject::PyWeakref_GetRef", + "change_type": "Added" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_as", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_borrowed_as", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_as_unchecked", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_borrowed_as_unchecked", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_as_exact", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_borrowed_as_exact", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::upgrade_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::PyWeakref::get_object", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for Bound::get_object", + "change_type": "Added" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for Bound::get_object_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for Bound::test_weakref_upgrade_borrowed_as", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for Bound::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_upgrade_borrowed_as_unchecked", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_upgrade_borrowed", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_get_object_borrowed", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_upgrade_borrowed_as", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_upgrade_borrowed_as_unchecked", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_upgrade_borrowed", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::test_weakref_get_object_borrowed", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/anyref.rs", + "function": "types::weakref::anyref::for::inner", + "change_type": "Deleted" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::get_object", + "change_type": "Added" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::get_object_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::test_weakref_upgrade_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::test_weakref_get_object_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::test_weakref_upgrade_borrowed_as", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/proxy.rs", + "function": "types::weakref::proxy::for Bound::test_weakref_upgrade_borrowed_as_unchecked", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::get_object", + "change_type": "Added" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::get_object_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::test_weakref_upgrade_borrowed_as", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::test_weakref_upgrade_borrowed_as_unchecked", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::test_weakref_upgrade_borrowed", + "change_type": "Modified" + }, + { + "file": "src/types/weakref/reference.rs", + "function": "types::weakref::reference::for Bound::test_weakref_get_object_borrowed", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0402", + "package": "hashbrown", + "title": "Borsh serialization of HashMap is non-canonical", + "date": "2024-10-11", + "patched_versions": [ + ">= 0.15.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0377", + "package": "dbn", + "title": "Heap Buffer overflow using c_chars_to_str function", + "date": "2024-10-07", + "patched_versions": [ + "> 0.22.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0375", + "package": "atty", + "title": "`atty` is unmaintained", + "date": "2024-09-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0374", + "package": "ouch", + "title": "Segmentation fault due to use of uninitialized memory", + "date": "2024-09-22", + "patched_versions": [ + ">0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0427", + "package": "get-size-derive", + "title": "get-size-derive is unmaintained", + "date": "2024-09-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0425", + "package": "get-size", + "title": "get-size is unmaintained", + "date": "2024-09-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0404", + "package": "anstream", + "title": "Unsoundness in anstream", + "date": "2024-09-08", + "patched_versions": [ + ">= 0.6.8" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0443", + "package": "webp", + "title": "webp crate may expose memory contents when encoding an image", + "date": "2024-09-06", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0372", + "package": "ic-cdk", + "title": "Memory leak when calling a canister method via `ic_cdk::call`", + "date": "2024-09-05", + "patched_versions": [ + "^0.8.2", + "^0.9.3", + "^0.10.1", + "^0.11.6", + "^0.12.2", + "^0.13.5", + "^0.14.1", + "^0.15.1", + ">= 0.16.0" + ], + "commit_sha": "bd17d57a7b8ca59665fea5fad6143ca02724d03b", + "vulnerable_symbols": [ + { + "file": "src/ic-cdk/src/api/call.rs", + "function": "ic_cdk::src::api::call::CallFuture::poll", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0386", + "package": "strason", + "title": "strason is unmaintained", + "date": "2024-09-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0383", + "package": "bcc", + "title": "bcc is unmaintained", + "date": "2024-09-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0384", + "package": "instant", + "title": "`instant` is unmaintained", + "date": "2024-09-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0385", + "package": "cw0", + "title": "`cw0` is unmaintained", + "date": "2024-08-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0365", + "package": "diesel", + "title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts", + "date": "2024-08-23", + "patched_versions": [ + ">= 2.2.3" + ], + "commit_sha": "9eccd7d6d705ac53618bfd478152e32ec3b4536c", + "vulnerable_symbols": [ + { + "file": "diesel/src/mysql/connection/bind.rs", + "function": "diesel::mysql::connection::bind::BindData::", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/connection/bind.rs", + "function": "diesel::mysql::connection::bind::BindData::update_buffer_length", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/connection/mod.rs", + "function": "diesel::mysql::connection::MysqlConnection::", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/connection/stmt/mod.rs", + "function": "diesel::mysql::connection::stmt::StatementUse::affected_rows", + "change_type": "Deleted" + }, + { + "file": "diesel/src/mysql/connection/stmt/mod.rs", + "function": "diesel::mysql::connection::stmt::StatementUse::affected_rows", + "change_type": "Added" + }, + { + "file": "diesel/src/mysql/connection/stmt/mod.rs", + "function": "diesel::mysql::connection::stmt::StatementUse::populate_row_buffers", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/date_and_time/chrono.rs", + "function": "diesel::mysql::types::date_and_time::chrono::ToSql::to_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/date_and_time/chrono.rs", + "function": "diesel::mysql::types::date_and_time::chrono::FromSql::from_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/date_and_time/time.rs", + "function": "diesel::mysql::types::date_and_time::time::to_time", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/date_and_time/time.rs", + "function": "diesel::mysql::types::date_and_time::time::ToSql::to_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/mod.rs", + "function": "diesel::mysql::types::FromSql::from_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/mod.rs", + "function": "diesel::mysql::types::ToSql::to_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/mod.rs", + "function": "diesel::mysql::types::FromSql::", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/primitives.rs", + "function": "diesel::mysql::types::primitives::f32_to_i64", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/types/primitives.rs", + "function": "diesel::mysql::types::primitives::FromSql::f64_to_i64", + "change_type": "Modified" + }, + { + "file": "diesel/src/mysql/value.rs", + "function": "diesel::mysql::value::MysqlValue::numeric_value", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/copy.rs", + "function": "diesel::pg::connection::copy::CopyToBuffer::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/raw.rs", + "function": "diesel::pg::connection::raw::RawConnection::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::num_rows", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::get_row", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::is_null", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::column_type", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/result.rs", + "function": "diesel::pg::connection::result::PgResult::column_count", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/connection/stmt/mod.rs", + "function": "diesel::pg::connection::stmt::Statement::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/expression/extensions/interval_dsl.rs", + "function": "diesel::pg::expression::extensions::interval_dsl::i64::days", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/expression/extensions/interval_dsl.rs", + "function": "diesel::pg::expression::extensions::interval_dsl::i64::months", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/query_builder/copy/copy_from.rs", + "function": "diesel::pg::query_builder::copy::copy_from::write_to_buffer", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/date_and_time/chrono.rs", + "function": "diesel::pg::types::date_and_time::chrono::ToSql::to_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/date_and_time/std_time.rs", + "function": "diesel::pg::types::date_and_time::std_time::ToSql::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/date_and_time/time.rs", + "function": "diesel::pg::types::date_and_time::time::ToSql::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/date_and_time/time.rs", + "function": "diesel::pg::types::date_and_time::time::ToSql::to_sql", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/floats/mod.rs", + "function": "diesel::pg::types::floats::ToSql::", + "change_type": "Modified" + }, + { + "file": "diesel/src/pg/types/numeric.rs", + "function": "diesel::pg::types::numeric::for PgNumeric::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/bind_collector.rs", + "function": "diesel::sqlite::connection::bind_collector::InternalSqliteBindValue::result_of", + "change_type": "Deleted" + }, + { + "file": "diesel/src/sqlite/connection/bind_collector.rs", + "function": "diesel::sqlite::connection::bind_collector::InternalSqliteBindValue::result_of", + "change_type": "Added" + }, + { + "file": "diesel/src/sqlite/connection/functions.rs", + "function": "diesel::sqlite::connection::functions::for FunctionRow::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/mod.rs", + "function": "diesel::sqlite::connection::SqliteConnection::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/owned_row.rs", + "function": "diesel::sqlite::connection::owned_row::for OwnedSqliteRow::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/owned_row.rs", + "function": "diesel::sqlite::connection::owned_row::for OwnedSqliteField::field_name", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::rows_affected_by_last_query", + "change_type": "Deleted" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::rows_affected_by_last_query", + "change_type": "Added" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::register_sql_function", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::as", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::deserialize", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::run_aggregator_final_function", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/raw.rs", + "function": "diesel::sqlite::connection::raw::RawConnection::context_error_str", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/row.rs", + "function": "diesel::sqlite::connection::row::for SqliteRow::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/row.rs", + "function": "diesel::sqlite::connection::row::for SqliteField::field_name", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/sqlite_value.rs", + "function": "diesel::sqlite::connection::sqlite_value::SqliteValue::new", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/sqlite_value.rs", + "function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_owned_row", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/statement_iterator.rs", + "function": "diesel::sqlite::connection::statement_iterator::StatementIterator::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/stmt.rs", + "function": "diesel::sqlite::connection::stmt::Statement::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/stmt.rs", + "function": "diesel::sqlite::connection::stmt::StatementUse::index_for_column_name", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/stmt.rs", + "function": "diesel::sqlite::connection::stmt::StatementUse::field_name", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/types/date_and_time/chrono.rs", + "function": "diesel::sqlite::types::date_and_time::chrono::parse_julian", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/types/date_and_time/mod.rs", + "function": "diesel::sqlite::types::date_and_time::ToSql::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/types/date_and_time/time.rs", + "function": "diesel::sqlite::types::date_and_time::time::parse_julian", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/types/mod.rs", + "function": "diesel::sqlite::types::Queryable::", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/types/mod.rs", + "function": "diesel::sqlite::types::FromSql::from_sql", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0364", + "package": "gitoxide-core", + "title": "gitoxide-core does not neutralize special characters for terminals", + "date": "2024-08-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0363", + "package": "sqlx", + "title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts", + "date": "2024-08-15", + "patched_versions": [ + ">= 0.8.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0390", + "package": "minitrace", + "title": "minitrace is Unmaintained", + "date": "2024-08-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0444", + "package": "boa_engine", + "title": "Uncaught exception when transitioning the state of `AsyncGenerator` objects from within a property getter of `then`", + "date": "2024-08-14", + "patched_versions": [ + ">= 0.19" + ], + "commit_sha": "69ea2f52ed976934bff588d6b566bae01be313f7", + "vulnerable_symbols": [ + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::", + "change_type": "Modified" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::enqueue", + "change_type": "Modified" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::resume", + "change_type": "Deleted" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::await_return", + "change_type": "Deleted" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::await_return", + "change_type": "Added" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::drain_queue", + "change_type": "Deleted" + }, + { + "file": "core/engine/src/builtins/async_generator/mod.rs", + "function": "engine::builtins::async_generator::AsyncGenerator::resume_next", + "change_type": "Added" + }, + { + "file": "core/engine/src/vm/call_frame/mod.rs", + "function": "engine::vm::call_frame::CallFrame::", + "change_type": "Modified" + }, + { + "file": "core/engine/src/vm/completion_record.rs", + "function": "engine::vm::completion_record::CompletionRecord::is_throw_completion", + "change_type": "Deleted" + }, + { + "file": "core/engine/src/vm/completion_record.rs", + "function": "engine::vm::completion_record::CompletionRecord::", + "change_type": "Modified" + }, + { + "file": "core/engine/src/vm/opcode/await/mod.rs", + "function": "engine::vm::opcode::await::Await::", + "change_type": "Modified" + }, + { + "file": "core/engine/src/vm/opcode/generator/mod.rs", + "function": "engine::vm::opcode::generator::AsyncGeneratorClose::execute", + "change_type": "Modified" + }, + { + "file": "core/engine/src/vm/opcode/generator/yield_stm.rs", + "function": "engine::vm::opcode::generator::yield_stm::AsyncGeneratorYield::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0362", + "package": "alloy-json-abi", + "title": "Stack overflow when parsing specially crafted JSON ABI strings", + "date": "2024-07-30", + "patched_versions": [ + ">= 0.7.7" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0360", + "package": "xmp_toolkit", + "title": "`XmpFile::close` can trigger UB", + "date": "2024-07-26", + "patched_versions": [ + ">= 1.9.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0359", + "package": "gix-attributes", + "title": "The kstring integration in gix-attributes is unsound", + "date": "2024-07-24", + "patched_versions": [ + ">= 0.22.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0358", + "package": "object_store", + "title": "Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files", + "date": "2024-07-23", + "patched_versions": [ + ">= 0.10.2" + ], + "commit_sha": "4978e32654235f569062f2cad6c7361e410f1254", + "vulnerable_symbols": [ + { + "file": "object_store/src/aws/credential.rs", + "function": "object_store::aws::credential::web_identity", + "change_type": "Modified" + }, + { + "file": "object_store/src/client/retry.rs", + "function": "object_store::client::retry::RetryableRequest::", + "change_type": "Modified" + }, + { + "file": "object_store/src/client/retry.rs", + "function": "object_store::client::retry::RetryableRequest::sensitive", + "change_type": "Added" + }, + { + "file": "object_store/src/client/retry.rs", + "function": "object_store::client::retry::RetryableRequest::payload", + "change_type": "Modified" + }, + { + "file": "object_store/src/client/retry.rs", + "function": "object_store::client::retry::reqwest::RequestBuilder::payload", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0357", + "package": "openssl", + "title": "`MemBio::get_buf` has undefined behavior with empty buffers", + "date": "2024-07-21", + "patched_versions": [ + ">= 0.10.66" + ], + "commit_sha": "aef36e0f3950653148d6644309ee41ccf16e02bb", + "vulnerable_symbols": [ + { + "file": "openssl/src/bio.rs", + "function": "openssl::bio::MemBio::", + "change_type": "Modified" + }, + { + "file": "openssl/src/bio.rs", + "function": "openssl::bio::MemBio::test_mem_bio_get_buf_empty", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0392", + "package": "cggmp21-keygen", + "title": "Ambiguous challenge derivation", + "date": "2024-07-18", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51", + "vulnerable_symbols": [ + { + "file": "cggmp21-keygen/src/non_threshold.rs", + "function": "cggmp21_keygen::non_threshold::run_keygen", + "change_type": "Modified" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::", + "change_type": "Modified" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::new", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::next_u32", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::next_u64", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::fill_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::try_fill_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::generate_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/threshold.rs", + "function": "cggmp21_keygen::threshold::run_threshold_keygen", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/key_refresh/aux_only.rs", + "function": "cggmp21::key_refresh::aux_only::run_aux_gen", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/key_refresh/non_threshold.rs", + "function": "cggmp21::key_refresh::non_threshold::run_refresh", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/utils.rs", + "function": "cggmp21::utils::integers_list", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/utils.rs", + "function": "cggmp21::utils::AsRef::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::derive_challenge", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::derive_challenge", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::prove", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::prove", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::verify", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::verify", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::passing", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::failing", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0391", + "package": "paillier-zk", + "title": "Ambiguous challenge derivation", + "date": "2024-07-18", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": "06e2159e2756fa6048be90d549e9a6938ef7a26e", + "vulnerable_symbols": [ + { + "file": "src/common.rs", + "function": "common::udigest::Digestable::digest_public_data", + "change_type": "Added" + }, + { + "file": "src/common.rs", + "function": "common::udigest::Digestable::digest_integer", + "change_type": "Added" + }, + { + "file": "src/common.rs", + "function": "common::udigest::Digestable::digest_encryption_key", + "change_type": "Added" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::", + "change_type": "Modified" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::new", + "change_type": "Deleted" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::next_u32", + "change_type": "Deleted" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::next_u64", + "change_type": "Deleted" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::fill_bytes", + "change_type": "Deleted" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::try_fill_bytes", + "change_type": "Deleted" + }, + { + "file": "src/common/rng.rs", + "function": "common::rng::HashRng::generate_bytes", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::prove", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::prove", + "change_type": "Added" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::RngCore,::", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::RngCore,::verify", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::RngCore,::verify", + "change_type": "Added" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::challenge", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::run", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::run", + "change_type": "Added" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::passing_test", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::passing_test", + "change_type": "Added" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::failing_test", + "change_type": "Deleted" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::failing_test", + "change_type": "Added" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::passing_p256", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::failing_p256", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::passing_million", + "change_type": "Modified" + }, + { + "file": "src/group_element_vs_paillier_encryption_in_range.rs", + "function": "group_element_vs_paillier_encryption_in_range::udigest::Digestable,::failing_million", + "change_type": "Modified" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::prove", + "change_type": "Deleted" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::prove", + "change_type": "Added" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::rand_core::RngCore,::challenge", + "change_type": "Deleted" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::rand_core::RngCore,::challenge", + "change_type": "Added" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::udigest::Digestable,::verify", + "change_type": "Deleted" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::udigest::Digestable,::verify", + "change_type": "Added" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::udigest::Digestable,::passing", + "change_type": "Modified" + }, + { + "file": "src/no_small_factor.rs", + "function": "no_small_factor::udigest::Digestable,::failing", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::prove", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::prove", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::rand_core::RngCore,::verify", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::rand_core::RngCore,::verify", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::challenge", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::challenge", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::run", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::run", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::passing_test", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::passing_test", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_on_additive", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_on_additive", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_on_multiplicative", + "change_type": "Deleted" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_on_multiplicative", + "change_type": "Added" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::passing_p256", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_p256_add", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_p256_mul", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::passing_million", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_million_add", + "change_type": "Modified" + }, + { + "file": "src/paillier_affine_operation_in_range.rs", + "function": "paillier_affine_operation_in_range::udigest::Digestable,::failing_million_mul", + "change_type": "Modified" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::prove", + "change_type": "Deleted" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::prove", + "change_type": "Added" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::rand_core::RngCore,::verify", + "change_type": "Deleted" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::rand_core::RngCore,::verify", + "change_type": "Added" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::udigest::Digestable,::challenge", + "change_type": "Deleted" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::udigest::Digestable,::challenge", + "change_type": "Added" + }, + { + "file": "src/paillier_blum_modulus.rs", + "function": "paillier_blum_modulus::udigest::Digestable,::passing", + "change_type": "Modified" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::prove", + "change_type": "Deleted" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::prove", + "change_type": "Added" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::rand_core::RngCore,::challenge", + "change_type": "Deleted" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::rand_core::RngCore,::challenge", + "change_type": "Added" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::udigest::Digestable,::verify", + "change_type": "Deleted" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::udigest::Digestable,::verify", + "change_type": "Added" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::udigest::Digestable,::run_with", + "change_type": "Deleted" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::udigest::Digestable,::run_with", + "change_type": "Added" + }, + { + "file": "src/paillier_encryption_in_range.rs", + "function": "paillier_encryption_in_range::rand_core::CryptoRngCore,::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0393", + "package": "cggmp21", + "title": "Ambiguous challenge derivation", + "date": "2024-07-18", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51", + "vulnerable_symbols": [ + { + "file": "cggmp21-keygen/src/non_threshold.rs", + "function": "cggmp21_keygen::non_threshold::run_keygen", + "change_type": "Modified" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::", + "change_type": "Modified" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::new", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::next_u32", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::next_u64", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::fill_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::try_fill_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/rng.rs", + "function": "cggmp21_keygen::rng::HashRng::generate_bytes", + "change_type": "Deleted" + }, + { + "file": "cggmp21-keygen/src/threshold.rs", + "function": "cggmp21_keygen::threshold::run_threshold_keygen", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/key_refresh/aux_only.rs", + "function": "cggmp21::key_refresh::aux_only::run_aux_gen", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/key_refresh/non_threshold.rs", + "function": "cggmp21::key_refresh::non_threshold::run_refresh", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/utils.rs", + "function": "cggmp21::utils::integers_list", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/utils.rs", + "function": "cggmp21::utils::AsRef::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::derive_challenge", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::derive_challenge", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::prove", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::prove", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::verify", + "change_type": "Deleted" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::rand_core::RngCore,::verify", + "change_type": "Added" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::passing", + "change_type": "Modified" + }, + { + "file": "cggmp21/src/zk/ring_pedersen_parameters.rs", + "function": "cggmp21::zk::ring_pedersen_parameters::udigest::Digestable,::failing", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0403", + "package": "js-sandbox", + "title": "op_panic in the base runtime can force a panic in the runtime's containing thread", + "date": "2024-07-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0405", + "package": "rustyscript", + "title": "op_panic in the base runtime can force a panic in the runtime's containing thread", + "date": "2024-07-18", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0442", + "package": "wasmtime-jit-debug", + "title": "Dump Undefined Memory by `JitDumpFile`", + "date": "2024-07-06", + "patched_versions": [ + ">= 24.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0387", + "package": "opentelemetry_api", + "title": "`opentelemetry_api` has been merged into the `opentelemetry` crate", + "date": "2024-07-03", + "patched_versions": [], + "commit_sha": "42e58fc356aea17811391e7127a07acd1d6720db", + "vulnerable_symbols": [ + { + "file": "opentelemetry-api/src/lib.rs", + "function": "opentelemetry_api::now", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-api/src/lib.rs", + "function": "opentelemetry_api::now", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-otlp/src/exporter/grpcio/mod.rs", + "function": "opentelemetry_otlp::exporter::grpcio::GrpcioExporterBuilder::build_span_exporter", + "change_type": "Modified" + }, + { + "file": "opentelemetry-otlp/src/exporter/grpcio/mod.rs", + "function": "opentelemetry_otlp::exporter::grpcio::GrpcioExporterBuilder::build_log_exporter", + "change_type": "Modified" + }, + { + "file": "opentelemetry-otlp/src/exporter/http/mod.rs", + "function": "opentelemetry_otlp::exporter::http::HttpExporterBuilder::build_span_exporter", + "change_type": "Modified" + }, + { + "file": "opentelemetry-otlp/src/exporter/http/mod.rs", + "function": "opentelemetry_otlp::exporter::http::HttpExporterBuilder::build_log_exporter", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-otlp/src/exporter/http/mod.rs", + "function": "opentelemetry_otlp::exporter::http::HttpExporterBuilder::build_log_exporter", + "change_type": "Added" + }, + { + "file": "opentelemetry-otlp/src/exporter/tonic/mod.rs", + "function": "opentelemetry_otlp::exporter::tonic::TonicExporterBuilder::build_log_exporter", + "change_type": "Modified" + }, + { + "file": "opentelemetry-otlp/src/exporter/tonic/mod.rs", + "function": "opentelemetry_otlp::exporter::tonic::TonicExporterBuilder::build_span_exporter", + "change_type": "Modified" + }, + { + "file": "opentelemetry-otlp/src/logs.rs", + "function": "opentelemetry_otlp::logs::LogExporter::export", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-otlp/src/logs.rs", + "function": "opentelemetry_otlp::logs::LogExporter::export", + "change_type": "Added" + }, + { + "file": "opentelemetry-otlp/src/metric.rs", + "function": "opentelemetry_otlp::metric::MetricsExporterBuilder::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::resource_attributes", + "change_type": "Modified" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/common.rs", + "function": "opentelemetry_proto::transform::common::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/logs.rs", + "function": "opentelemetry_proto::transform::logs::From::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-proto/src/transform/logs.rs", + "function": "opentelemetry_proto::transform::logs::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/logs.rs", + "function": "opentelemetry_proto::transform::logs::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/logs.rs", + "function": "opentelemetry_proto::transform::logs::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/logs.rs", + "function": "opentelemetry_proto::transform::logs::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/metrics.rs", + "function": "opentelemetry_proto::transform::metrics::From::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-proto/src/transform/metrics.rs", + "function": "opentelemetry_proto::transform::metrics::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/metrics.rs", + "function": "opentelemetry_proto::transform::metrics::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/metrics.rs", + "function": "opentelemetry_proto::transform::metrics::From::from", + "change_type": "Deleted" + }, + { + "file": "opentelemetry-proto/src/transform/metrics.rs", + "function": "opentelemetry_proto::transform::metrics::From::from", + "change_type": "Added" + }, + { + "file": "opentelemetry-proto/src/transform/trace.rs", + "function": "opentelemetry_proto::transform::trace::From::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/logs/log_emitter.rs", + "function": "opentelemetry_sdk::logs::log_emitter::LoggerProvider::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/logs/log_emitter.rs", + "function": "opentelemetry_sdk::logs::log_emitter::Into::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/logs/log_emitter.rs", + "function": "opentelemetry_sdk::logs::log_emitter::Logger::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/metrics/meter_provider.rs", + "function": "opentelemetry_sdk::metrics::meter_provider::MeterProvider::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/metrics/meter_provider.rs", + "function": "opentelemetry_sdk::metrics::meter_provider::MeterProviderBuilder::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/propagation/baggage.rs", + "function": "opentelemetry_sdk::propagation::baggage::BaggagePropagator::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/propagation/composite.rs", + "function": "opentelemetry_sdk::propagation::composite::TextMapCompositePropagator::new", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/propagation/trace_context.rs", + "function": "opentelemetry_sdk::propagation::trace_context::TraceContextPropagator::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/resource/os.rs", + "function": "opentelemetry_sdk::resource::os::OsResourceDetector::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/testing/trace.rs", + "function": "opentelemetry_sdk::testing::trace::new_test_export_span_data", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/id_generator/aws.rs", + "function": "opentelemetry_sdk::trace::id_generator::aws::XrayIdGenerator::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/id_generator/aws.rs", + "function": "opentelemetry_sdk::trace::id_generator::aws::XrayIdGenerator::test_trace_id_generation", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/provider.rs", + "function": "opentelemetry_sdk::trace::provider::TracerProvider::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/provider.rs", + "function": "opentelemetry_sdk::trace::provider::Into::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/sampler.rs", + "function": "opentelemetry_sdk::trace::sampler::should_sample", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/sampler/jaeger_remote/rate_limit.rs", + "function": "opentelemetry_sdk::trace::sampler::jaeger_remote::rate_limit::LeakyBucket::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/sampler/jaeger_remote/rate_limit.rs", + "function": "opentelemetry_sdk::trace::sampler::jaeger_remote::rate_limit::LeakyBucket::should_sample", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/sampler/jaeger_remote/rate_limit.rs", + "function": "opentelemetry_sdk::trace::sampler::jaeger_remote::rate_limit::LeakyBucket::check_availability", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/span.rs", + "function": "opentelemetry_sdk::trace::span::Span::", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/span.rs", + "function": "opentelemetry_sdk::trace::span::Span::init", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/span.rs", + "function": "opentelemetry_sdk::trace::span::Span::end_with_timestamp", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/span.rs", + "function": "opentelemetry_sdk::trace::span::Span::end_only_once", + "change_type": "Modified" + }, + { + "file": "opentelemetry-sdk/src/trace/tracer.rs", + "function": "opentelemetry_sdk::trace::tracer::Tracer::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0389", + "package": "openslide", + "title": "`openslide` is unmaintained", + "date": "2024-07-03", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0388", + "package": "derivative", + "title": "`derivative` is unmaintained; consider using an alternative", + "date": "2024-06-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0395", + "package": "chrono-english", + "title": "The maintainer of chrono-english is unresponsive", + "date": "2024-06-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0344", + "package": "curve25519-dalek", + "title": "Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`", + "date": "2024-06-18", + "patched_versions": [ + ">= 4.1.3" + ], + "commit_sha": "415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6a", + "vulnerable_symbols": [ + { + "file": "curve25519-dalek/src/backend/serial/u64/scalar.rs", + "function": "curve25519_dalek::backend::serial::u64::scalar::Scalar52::black_box", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0406", + "package": "ic-stable-structures", + "title": "BTreeMap memory leak when deallocating nodes with overflows", + "date": "2024-05-17", + "patched_versions": [ + ">= 0.6.4" + ], + "commit_sha": "4f6b8ae521884833498bae26369c353c10f28ea7", + "vulnerable_symbols": [ + { + "file": "src/btreemap.rs", + "function": "btreemap::merge", + "change_type": "Modified" + }, + { + "file": "src/btreemap.rs", + "function": "btreemap::deallocating_node_with_overflows", + "change_type": "Added" + }, + { + "file": "src/btreemap.rs", + "function": "btreemap::repeatedly_deallocating_nodes_with_overflows", + "change_type": "Added" + }, + { + "file": "src/btreemap/node.rs", + "function": "btreemap::node::Node::merge", + "change_type": "Deleted" + }, + { + "file": "src/btreemap/node.rs", + "function": "btreemap::node::Node::merge", + "change_type": "Added" + }, + { + "file": "src/btreemap/node.rs", + "function": "btreemap::node::Node::deallocate", + "change_type": "Added" + }, + { + "file": "src/btreemap/proptests.rs", + "function": "btreemap::proptests::iter_count_test", + "change_type": "Modified" + }, + { + "file": "src/btreemap/proptests.rs", + "function": "btreemap::proptests::no_memory_leaks", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0337", + "package": "zip_next", + "title": "The crate `zip_next` has been renamed to `zip`.", + "date": "2024-04-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0334", + "package": "libp2p-tokio-socks5", + "title": "`libp2p-tokio-socks5` is unmaintained", + "date": "2024-04-05", + "patched_versions": [], + "commit_sha": "e1fdc92ca69ffd254824ab80fbad5660f4aac911", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0331", + "package": "puccinier", + "title": "Puccinier is unmainted.", + "date": "2024-03-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0429", + "package": "glib", + "title": "Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`", + "date": "2024-03-30", + "patched_versions": [ + ">=0.20.0" + ], + "commit_sha": "05dff0ee696f9bcd8617cd48c4b812d046d440cb", + "vulnerable_symbols": [ + { + "file": "glib/src/variant_iter.rs", + "function": "glib::variant_iter::VariantStrIter::impl_get", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0320", + "package": "yaml-rust", + "title": "yaml-rust is unmaintained.", + "date": "2024-03-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0407", + "package": "linkme", + "title": "Fails to ensure slice elements match the slice's declared type", + "date": "2024-03-05", + "patched_versions": [ + ">= 0.3.24" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0021", + "package": "eyre", + "title": "Parts of Report are dropped as the wrong type during downcast", + "date": "2024-03-05", + "patched_versions": [ + ">= 0.6.12" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0417", + "package": "gdkx11", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0418", + "package": "gdk-sys", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0412", + "package": "gdk", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0415", + "package": "gtk", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0420", + "package": "gtk-sys", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0410", + "package": "gdkwayland", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0413", + "package": "atk", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0419", + "package": "gtk3-macros", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0414", + "package": "gdkx11-sys", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0411", + "package": "gdkwayland-sys", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0416", + "package": "atk-sys", + "title": "gtk-rs GTK3 bindings - no longer maintained", + "date": "2024-03-04", + "patched_versions": [], + "commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0020", + "package": "whoami", + "title": "Stack buffer overflow with whoami on several Unix platforms", + "date": "2024-02-28", + "patched_versions": [ + ">= 1.5.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0018", + "package": "crayon", + "title": "ObjectPool creates uninitialized memory when freeing objects", + "date": "2024-02-27", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0014", + "package": "generational-arena", + "title": "`generational-arena` is unmaintained", + "date": "2024-02-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0013", + "package": "libgit2-sys", + "title": "Memory corruption, denial of service, and arbitrary code execution in libgit2", + "date": "2024-02-06", + "patched_versions": [ + ">= 0.16.2" + ], + "commit_sha": "9e57876be78924c1e5f3f268bb599e3981fe58bb", + "vulnerable_symbols": [ + { + "file": "libgit2-sys/build.rs", + "function": "libgit2_sys::build::try_system_libgit2", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0010", + "package": "svix", + "title": "Improper comparison of different-length signatures", + "date": "2024-02-06", + "patched_versions": [ + ">= 1.17.0" + ], + "commit_sha": "958821bd3b956d1436af65f70a0964d4ffb7daf6", + "vulnerable_symbols": [ + { + "file": "rust/src/webhooks.rs", + "function": "rust::webhooks::Webhook::", + "change_type": "Modified" + }, + { + "file": "rust/src/webhooks.rs", + "function": "rust::webhooks::Webhook::test_verify_partial_signature", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0396", + "package": "conrod_core", + "title": "`conrod_core` is unmaintained", + "date": "2024-01-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0015", + "package": "filesystem", + "title": "filesystem-rs may be implicitly unmaintained", + "date": "2024-01-25", + "patched_versions": [], + "commit_sha": "895c59a81f85009fca8a5e9e8e727d4642f3adbc", + "vulnerable_symbols": [ + { + "file": "src/os.rs", + "function": "os::OsFileSystem::temp_dir", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0004", + "package": "cosmwasm", + "title": "`cosmwasm` is unmaintained", + "date": "2024-01-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0007", + "package": "rust-i18n-support", + "title": "Use-after-free when setting the locale", + "date": "2024-01-19", + "patched_versions": [ + ">= 3.0.1" + ], + "commit_sha": "22e0609591a2c08930f52a0e6bc860f02a0e88c0", + "vulnerable_symbols": [ + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::GuardedStr::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::GuardedStr::deref", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::new", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::new", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::as_str", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::clone_string", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Deref::as_str", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::replace", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::Into::replace", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AtomicStr::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AtomicStr::drop", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::From::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::From::from", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AsRef::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AsRef::as_ref", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AtomicStr::fmt", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::for AtomicStr::", + "change_type": "Modified" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::for AtomicStr::from", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::From::from", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::From::test_str", + "change_type": "Added" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AtomicStr::fmt", + "change_type": "Deleted" + }, + { + "file": "crates/support/src/atomic_str.rs", + "function": "support::atomic_str::AtomicStr::test_atomic_str", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "locale", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "set_locale", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Deref::locale", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Deref::replace_patterns", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Deref::test_locale", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2024-0001", + "package": "ferris-says", + "title": "Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8", + "date": "2024-01-13", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": "bb661f29e0d88968c495a4ea4dc63ff0e2c2c11a", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2024-0005", + "package": "threadalone", + "title": "Unsound sending of non-Send types across threads", + "date": "2024-01-07", + "patched_versions": [ + ">= 0.2.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0075", + "package": "unsafe-libyaml", + "title": "Unaligned write of u64 on 32-bit and 16-bit platforms", + "date": "2023-12-20", + "patched_versions": [ + ">= 0.2.10" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0080", + "package": "transpose", + "title": "Buffer overflow due to integer overflow in `transpose`", + "date": "2023-12-18", + "patched_versions": [ + ">= 0.2.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0074", + "package": "zerocopy", + "title": "Some Ref methods are unsound with some type parameters", + "date": "2023-12-14", + "patched_versions": [ + ">= 0.2.9, < 0.3.0", + ">= 0.3.2, < 0.4.0", + ">= 0.4.1, < 0.5.0", + ">= 0.5.2, < 0.6.0", + ">= 0.6.6, < 0.7.0", + ">= 0.7.31" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0073", + "package": "candid", + "title": "Infinite decoding loop through specially crafted payload", + "date": "2023-12-08", + "patched_versions": [ + ">= 0.9.10" + ], + "commit_sha": "b233dbc2d2bcc79c9fc574dd5968269df680b073", + "vulnerable_symbols": [ + { + "file": "rust/candid/src/de.rs", + "function": "candid::de::Deserializer::", + "change_type": "Modified" + }, + { + "file": "rust/candid/src/types/value.rs", + "function": "candid::types::value::for IDLValueVisitor::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0079", + "package": "pqc_kyber", + "title": "KyberSlash: division timings depending on secrets", + "date": "2023-12-01", + "patched_versions": [], + "commit_sha": "b5c6ad13f4eece80e59c6ebeafd787ba1519f5f6", + "vulnerable_symbols": [ + { + "file": "src/reference/poly.rs", + "function": "reference::poly::poly_compress", + "change_type": "Modified" + }, + { + "file": "src/reference/poly.rs", + "function": "reference::poly::poly_tomsg", + "change_type": "Modified" + }, + { + "file": "src/reference/polyvec.rs", + "function": "reference::polyvec::polyvec_compress", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0072", + "package": "openssl", + "title": "`openssl` `X509StoreRef::objects` is unsound", + "date": "2023-11-23", + "patched_versions": [ + ">= 0.10.60" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0071", + "package": "rsa", + "title": "Marvin Attack: potential key recovery through timing sidechannels", + "date": "2023-11-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0076", + "package": "cpython", + "title": "`cpython` is unmaintained", + "date": "2023-11-14", + "patched_versions": [], + "commit_sha": "e815555629e557be084813045ca1ddebc2f76ef9", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0088", + "package": "loopdev", + "title": "`loopdev` crate is unmaintained; use 'loopdev-3` instead.", + "date": "2023-11-13", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0070", + "package": "self_cell", + "title": "Insufficient covariance check makes self_cell unsound", + "date": "2023-11-10", + "patched_versions": [ + ">= 0.10.3, < 1.0.0", + ">= 1.0.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0077", + "package": "rosenpass", + "title": "Remotely exploitable DoS condition in Rosenpass <=0.2.0", + "date": "2023-11-04", + "patched_versions": [ + ">= 0.2.1" + ], + "commit_sha": "93439858d1c44294a7b377f775c4fc897a370bb2", + "vulnerable_symbols": [ + { + "file": "rosenpass/src/msgs.rs", + "function": "rosenpass::msgs::check_size", + "change_type": "Modified" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::initiate_handshake", + "change_type": "Modified" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::init_crypto_server", + "change_type": "Deleted" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::handles_incorrect_size_messages", + "change_type": "Added" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::test_incorrect_sizes_for_msg", + "change_type": "Added" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::handle_empty_message", + "change_type": "Deleted" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::keygen", + "change_type": "Added" + }, + { + "file": "rosenpass/src/protocol.rs", + "function": "rosenpass::protocol::CryptoServer::make_server_pair", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0094", + "package": "martin-mbtiles", + "title": "`martin-mbtiles` has been renamed to `mbtiles`", + "date": "2023-10-30", + "patched_versions": [], + "commit_sha": "8a8814e7cc97d44f4d194586b3e9deb904c99488", + "vulnerable_symbols": [ + { + "file": "martin-mbtiles/src/copier.rs", + "function": "martin_mbtiles::copier::MbtilesCopier::", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/pool.rs", + "function": "martin_mbtiles::pool::MbtilesPool::", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::is_empty_database", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::is_normalized_tables_type", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::has_tiles_with_hash", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::is_flat_with_hash_tables_type", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::is_flat_tables_type", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::create_metadata_table", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::create_flat_tables", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::create_flat_with_hash_tables", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::create_normalized_tables", + "change_type": "Modified" + }, + { + "file": "martin-mbtiles/src/queries.rs", + "function": "martin_mbtiles::queries::create_tiles_with_hash_view", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0078", + "package": "tracing", + "title": "Potential stack use-after-free in `Instrumented::into_inner`", + "date": "2023-10-19", + "patched_versions": [ + ">= 0.1.40" + ], + "commit_sha": "82a22ee4cc4aeca2c3c1537e4115521c4a7c3c31", + "vulnerable_symbols": [ + { + "file": "tracing/src/instrument.rs", + "function": "tracing::instrument::Instrumented::into_inner", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0068", + "package": "cocoon", + "title": "Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse", + "date": "2023-10-15", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0087", + "package": "simd-json-derive", + "title": "`MaybeUninit` misuse in `simd-json-derive`", + "date": "2023-10-14", + "patched_versions": [ + ">= 0.12.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0067", + "package": "fehler", + "title": "`fehler` is unmaintained; use `culpa` instead", + "date": "2023-10-12", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0065", + "package": "tungstenite", + "title": "Tungstenite allows remote attackers to cause a denial of service", + "date": "2023-09-25", + "patched_versions": [ + ">= 0.20.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0064", + "package": "gix-transport", + "title": "gix-transport code execution vulnerability", + "date": "2023-09-23", + "patched_versions": [ + ">= 0.36.1" + ], + "commit_sha": "c53bbd265005c7eedc316205b217e137e2b9896e", + "vulnerable_symbols": [ + { + "file": "gix-transport/src/client/blocking_io/file.rs", + "function": "gix_transport::client::blocking_io::file::SpawnProcessOnDemand::", + "change_type": "Modified" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/mod.rs", + "function": "gix_transport::client::blocking_io::ssh::Error::", + "change_type": "Modified" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/mod.rs", + "function": "gix_transport::client::blocking_io::ssh::Error::connect", + "change_type": "Modified" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/program_kind.rs", + "function": "gix_transport::client::blocking_io::ssh::program_kind::ProgramKind::", + "change_type": "Modified" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/tests.rs", + "function": "gix_transport::client::blocking_io::ssh::tests::ambiguous_host_is_allowed_with_user", + "change_type": "Added" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/tests.rs", + "function": "gix_transport::client::blocking_io::ssh::tests::ambiguous_host_is_disallowed", + "change_type": "Added" + }, + { + "file": "gix-transport/src/client/blocking_io/ssh/tests.rs", + "function": "gix_transport::client::blocking_io::ssh::tests::simple_cannot_handle_any_arguments", + "change_type": "Modified" + }, + { + "file": "gix-transport/src/client/git/mod.rs", + "function": "gix_transport::client::git::with_strange_host_and_port", + "change_type": "Added" + }, + { + "file": "gix-url/src/lib.rs", + "function": "gix_url::Url::host_argument_safe", + "change_type": "Added" + }, + { + "file": "gix-url/src/lib.rs", + "function": "gix_url::Url::path_argument_safe", + "change_type": "Added" + }, + { + "file": "gix-url/src/lib.rs", + "function": "gix_url::Url::looks_like_argument", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0063", + "package": "quinn-proto", + "title": "Denial of service in Quinn servers", + "date": "2023-09-21", + "patched_versions": [ + "^0.9.5", + ">= 0.10.5" + ], + "commit_sha": "f81c2fafa7381a826c76506126b217c584082177", + "vulnerable_symbols": [ + { + "file": "quinn-proto/src/connection/mod.rs", + "function": "quinn_proto::connection::Connection::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/connection/stats.rs", + "function": "quinn_proto::connection::stats::FrameStats::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::Frame::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::Iter::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::Iter::next", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::From::", + "change_type": "Modified" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::From::from", + "change_type": "Added" + }, + { + "file": "quinn-proto/src/frame.rs", + "function": "quinn_proto::frame::From::frames", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0085", + "package": "hpack", + "title": "HPACK decoder panics on invalid input", + "date": "2023-09-15", + "patched_versions": [], + "commit_sha": "d669282924a95311599e9e7dd53869ee96b3a2f5", + "vulnerable_symbols": [ + { + "file": "src/decoder.rs", + "function": "decoder::Decoder::", + "change_type": "Modified" + }, + { + "file": "src/decoder.rs", + "function": "decoder::Decoder::update_max_dynamic_size", + "change_type": "Deleted" + }, + { + "file": "src/decoder.rs", + "function": "decoder::Decoder::update_max_dynamic_size", + "change_type": "Added" + }, + { + "file": "src/decoder.rs", + "function": "decoder::Decoder::test_invalid_dynamic_size_update", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0084", + "package": "hpack", + "title": "`hpack` is unmaintained", + "date": "2023-09-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0062", + "package": "bcder", + "title": "BER/CER/DER decoder panics on invalid input", + "date": "2023-09-13", + "patched_versions": [ + ">= 0.7.3" + ], + "commit_sha": "4da91c3fd853e3d466d8581cf1d82b7f3255de56", + "vulnerable_symbols": [ + { + "file": "src/decode/content.rs", + "function": "decode::content::Primitive::with_slice_all", + "change_type": "Added" + }, + { + "file": "src/decode/content.rs", + "function": "decode::content::Constructed::exhausted", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::skip_in", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::skip_opt_in", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::take_from", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::take_opt_from", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::skip_primitive", + "change_type": "Added" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::from_primitive", + "change_type": "Added" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::check_content", + "change_type": "Added" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::skip_if", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Oid::fmt", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Component::", + "change_type": "Modified" + }, + { + "file": "src/oid.rs", + "function": "oid::Component::fmt", + "change_type": "Added" + }, + { + "file": "src/oid.rs", + "function": "oid::Component::take_and_skip_primitive", + "change_type": "Added" + }, + { + "file": "src/oid.rs", + "function": "oid::Component::check", + "change_type": "Added" + }, + { + "file": "src/string/bit.rs", + "function": "string::bit::BitString::new", + "change_type": "Modified" + }, + { + "file": "src/string/bit.rs", + "function": "string::bit::BitSliceEncoder::new", + "change_type": "Modified" + }, + { + "file": "src/string/bit.rs", + "function": "string::bit::BitSliceEncoder::bitstring_from_der_content", + "change_type": "Added" + }, + { + "file": "src/string/bit.rs", + "function": "string::bit::BitSliceEncoder::check", + "change_type": "Added" + }, + { + "file": "src/string/octet.rs", + "function": "string::octet::OctetStringOctets::next", + "change_type": "Modified" + }, + { + "file": "src/string/restricted.rs", + "function": "string::restricted::RestrictedString::partial_cmp", + "change_type": "Modified" + }, + { + "file": "src/tag.rs", + "function": "tag::Tag::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0059", + "package": "users", + "title": "Unaligned read of `*const *const c_char` pointer", + "date": "2023-09-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0057", + "package": "inventory", + "title": "Fails to prohibit standard library access prior to initialization of Rust standard library runtime", + "date": "2023-09-10", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": "b499293ff75e4f65e8cdcb50280a9247d8df814a", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Node::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Node::submit", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "T::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "T::submit", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "T::registry", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "T::registry", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "T::submit", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Registry::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Registry::submit", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Registry::new", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Registry::submit", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Registry::into_iter", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Iter::next", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Iter::registry", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Iter::registry", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Iter::__init", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0058", + "package": "inventory", + "title": "Exposes reference to non-Sync data to an arbitrary thread", + "date": "2023-09-10", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": "762b5ce107a9f0d80121e614cad2d33c89c88584", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0055", + "package": "lexical", + "title": "Multiple soundness issues", + "date": "2023-09-03", + "patched_versions": [ + ">= 7.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0086", + "package": "lexical-core", + "title": "Multiple soundness issues", + "date": "2023-09-03", + "patched_versions": [ + ">= 1.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0056", + "package": "vm-memory", + "title": "Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses", + "date": "2023-09-01", + "patched_versions": [ + ">= 0.12.2" + ], + "commit_sha": "aff1dd4a5259f7deba56692840f7a2d9ca34c9c8", + "vulnerable_symbols": [ + { + "file": "src/volatile_memory.rs", + "function": "volatile_memory::get_ref", + "change_type": "Modified" + }, + { + "file": "src/volatile_memory.rs", + "function": "volatile_memory::aligned_as_ref", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0049", + "package": "tui", + "title": "`tui` is unmaintained; use `ratatui` instead", + "date": "2023-08-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0095", + "package": "odoh-rs", + "title": "Invalid Slice Split Results in Server Panic", + "date": "2023-08-03", + "patched_versions": [ + ">= 1.0.2" + ], + "commit_sha": "c1bc4ed71dcc9842b7dc1ea26f278f105074bbaa", + "vulnerable_symbols": [ + { + "file": "src/protocol.rs", + "function": "protocol::decrypt_query", + "change_type": "Modified" + }, + { + "file": "src/protocol.rs", + "function": "protocol::parse_encapsulated_key", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0051", + "package": "dlopen_derive", + "title": "`dlopen_derive` is unmaintained", + "date": "2023-07-30", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0048", + "package": "intaglio", + "title": "Unsoundness in `intern` methods on `intaglio` symbol interners", + "date": "2023-07-26", + "patched_versions": [ + ">= 1.9.0" + ], + "commit_sha": "e2820d278a0a583a74c8fd5d662ab0a0b1892af7", + "vulnerable_symbols": [ + { + "file": "src/internal.rs", + "function": "internal::as_slice", + "change_type": "Deleted" + }, + { + "file": "src/internal.rs", + "function": "internal::as_slice", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::From::from", + "change_type": "Modified" + }, + { + "file": "src/internal.rs", + "function": "internal::From::as_slice", + "change_type": "Deleted" + }, + { + "file": "src/internal.rs", + "function": "internal::From::as_slice", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::Slice::as_slice", + "change_type": "Modified" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::", + "change_type": "Modified" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::new", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::as_ref", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::drop", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::fmt", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::test_drop", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::test_as_ref", + "change_type": "Added" + }, + { + "file": "src/internal.rs", + "function": "internal::PinBox::test_debug_format", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0089", + "package": "atomic-polyfill", + "title": "atomic-polyfill is unmaintained", + "date": "2023-07-11", + "patched_versions": [], + "commit_sha": "48e55c166684f37af0b00fbee5a0809b1a2bae8e", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0047", + "package": "lmdb-rs", + "title": "impl `FromMdbValue` for bool is unsound", + "date": "2023-06-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0045", + "package": "memoffset", + "title": "memoffset allows reading uninitialized memory", + "date": "2023-06-21", + "patched_versions": [ + ">= 0.6.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0044", + "package": "openssl", + "title": "`openssl` `X509VerifyParamRef::set_host` buffer over-read", + "date": "2023-06-20", + "patched_versions": [ + ">= 0.10.55" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0046", + "package": "cyfs-base", + "title": "Misaligned pointer dereference in `ChunkId::new`", + "date": "2023-06-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0042", + "package": "ouroboros", + "title": "Ouroboros is Unsound", + "date": "2023-06-11", + "patched_versions": [ + ">=0.16.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0040", + "package": "users", + "title": "`users` crate is unmaintained", + "date": "2023-06-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0041", + "package": "trust-dns-server", + "title": "Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets", + "date": "2023-06-01", + "patched_versions": [ + "^0.22.1", + ">=0.23.0-alpha.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0037", + "package": "xsalsa20poly1305", + "title": "crate has been renamed to `crypto_secretbox`", + "date": "2023-05-16", + "patched_versions": [], + "commit_sha": "277e3301eec9e02bf5c7fa4980d9894949c0dfcf", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0034", + "package": "h2", + "title": "Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)", + "date": "2023-04-14", + "patched_versions": [ + ">= 0.3.17" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0033", + "package": "borsh", + "title": "Parsing borsh messages with ZST which are not-copy/clone is unsound", + "date": "2023-04-12", + "patched_versions": [ + ">= 1.0.0-alpha.1", + "^0.10.4" + ], + "commit_sha": "5cb85e4f718e945a61a7255573e46fd18828e0d0", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0036", + "package": "tree_magic", + "title": "tree_magic is Unmaintained", + "date": "2023-04-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0031", + "package": "spin", + "title": "Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers", + "date": "2023-03-31", + "patched_versions": [ + ">= 0.9.8" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0023", + "package": "openssl", + "title": "`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read", + "date": "2023-03-24", + "patched_versions": [ + ">= 0.10.48" + ], + "commit_sha": "5efceaabd69c540b487f6372be4982cf94884008", + "vulnerable_symbols": [ + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::X509_EXTENSION_get_data", + "change_type": "Modified" + }, + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::i2d_X509_EXTENSION", + "change_type": "Added" + }, + { + "file": "openssl-sys/src/handwritten/x509v3.rs", + "function": "openssl_sys::handwritten::x509v3::GENERAL_NAME_new", + "change_type": "Added" + }, + { + "file": "openssl/src/asn1.rs", + "function": "openssl::asn1::Asn1Object::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::KeyUsage::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::server_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::client_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::code_signing", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::email_protection", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::other", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::AuthorityKeyIdentifier::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::email", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::uri", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dns", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::rid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::ip", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_nid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_internal", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509ExtensionRef::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509NameBuilder::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_email", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_dns", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_uri", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_ip", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_rid", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_builder", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_to_der", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::eku_invalid_other", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0024", + "package": "openssl", + "title": "`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference", + "date": "2023-03-24", + "patched_versions": [ + ">= 0.10.48" + ], + "commit_sha": "5efceaabd69c540b487f6372be4982cf94884008", + "vulnerable_symbols": [ + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::X509_EXTENSION_get_data", + "change_type": "Modified" + }, + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::i2d_X509_EXTENSION", + "change_type": "Added" + }, + { + "file": "openssl-sys/src/handwritten/x509v3.rs", + "function": "openssl_sys::handwritten::x509v3::GENERAL_NAME_new", + "change_type": "Added" + }, + { + "file": "openssl/src/asn1.rs", + "function": "openssl::asn1::Asn1Object::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::KeyUsage::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::server_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::client_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::code_signing", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::email_protection", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::other", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::AuthorityKeyIdentifier::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::email", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::uri", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dns", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::rid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::ip", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_nid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_internal", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509ExtensionRef::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509NameBuilder::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_email", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_dns", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_uri", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_ip", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_rid", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_builder", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_to_der", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::eku_invalid_other", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0022", + "package": "openssl", + "title": "`openssl` `X509NameBuilder::build` returned object is not thread safe", + "date": "2023-03-24", + "patched_versions": [ + ">= 0.10.48" + ], + "commit_sha": "5efceaabd69c540b487f6372be4982cf94884008", + "vulnerable_symbols": [ + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::X509_EXTENSION_get_data", + "change_type": "Modified" + }, + { + "file": "openssl-sys/src/handwritten/x509.rs", + "function": "openssl_sys::handwritten::x509::i2d_X509_EXTENSION", + "change_type": "Added" + }, + { + "file": "openssl-sys/src/handwritten/x509v3.rs", + "function": "openssl_sys::handwritten::x509v3::GENERAL_NAME_new", + "change_type": "Added" + }, + { + "file": "openssl/src/asn1.rs", + "function": "openssl::asn1::Asn1Object::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::KeyUsage::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::server_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::client_auth", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::code_signing", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::email_protection", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::other", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::ExtendedKeyUsage::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::AuthorityKeyIdentifier::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::email", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::uri", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dns", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::rid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::ip", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::dir_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::other_name", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Deleted" + }, + { + "file": "openssl/src/x509/extension.rs", + "function": "openssl::x509::extension::SubjectAlternativeName::build", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_nid", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509Extension::new_internal", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509ExtensionRef::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::X509NameBuilder::build", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_email", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_dns", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_uri", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_ip", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/mod.rs", + "function": "openssl::x509::GeneralName::new_rid", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_builder", + "change_type": "Modified" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_new", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::x509_extension_to_der", + "change_type": "Added" + }, + { + "file": "openssl/src/x509/tests.rs", + "function": "openssl::x509::tests::eku_invalid_other", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0030", + "package": "versionize", + "title": "`Versionize::deserialize` implementation for `FamStructWrapper` is lacking bound checks, potentially leading to out of bounds memory accesses", + "date": "2023-03-24", + "patched_versions": [ + ">= 0.1.10" + ], + "commit_sha": "3385d797c5e5f547562d8d83fb49de69f917e1f2", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0027", + "package": "async-nats", + "title": "TLS certificate common name validation bypass", + "date": "2023-03-24", + "patched_versions": [ + ">= 0.29.0" + ], + "commit_sha": "817a7b942c462fa9d9938dcb62124173634132fb", + "vulnerable_symbols": [ + { + "file": "async-nats/src/connector.rs", + "function": "async_nats::connector::Connector::", + "change_type": "Modified" + }, + { + "file": "async-nats/src/tls.rs", + "function": "async_nats::tls::config_tls", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0032", + "package": "ntru", + "title": "Unsound FFI: Wrong API usage causes write past allocated area", + "date": "2023-03-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0021", + "package": "stb_image", + "title": "NULL pointer dereference in `stb_image`", + "date": "2023-03-19", + "patched_versions": [ + ">= 0.2.5" + ], + "commit_sha": "caf178c21f7e8b3268703f3cadc6b7e57a6275a5", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0025", + "package": "git-hash", + "title": "Gitoxide has renamed its crates.", + "date": "2023-03-14", + "patched_versions": [], + "commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1", + "vulnerable_symbols": [ + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::release_depth_first", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::assure_crates_index_is_uptodate", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::present_and_validate_dependencies", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::perform_release", + "change_type": "Deleted" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::perform_release", + "change_type": "Added" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::section_to_string", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::dependencies", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::forward_propagate_breaking_changes_for_manifest_updates", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::forward_propagate_breaking_changes_for_manifest_updates", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::make_breaking", + "change_type": "Deleted" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::make_breaking", + "change_type": "Added" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::depth_first_traversal", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/utils.rs", + "function": "cargo_smart_release::utils::workspace_package_by_dependency", + "change_type": "Modified" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::decode", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::decode", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::signature", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::tz_minus", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::tz_plus", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::negative_offset_0000", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::empty_name_and_email", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::invalid_signature", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::invalid_time", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/lib.rs", + "function": "git_attributes::parse", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::parse_attr", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::check_attr", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::attr_valid", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::next", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::next", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::skip_blanks", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::parse_line", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::next", + "change_type": "Deleted" + }, + { + "file": "git-bitmap/src/lib.rs", + "function": "git_bitmap::split_at_pos", + "change_type": "Deleted" + }, + { + "file": "git-bitmap/src/lib.rs", + "function": "git_bitmap::u32", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::base_graph_count", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::commit_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::object_hash", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::id_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_base_graph_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::lookup", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::num_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::path", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::commit_data_bytes", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::extra_edges_data", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::read_u32", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::new", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::committer_timestamp", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::generation", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::iter_parents", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::parent1", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::position", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::root_tree_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::eq", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::next", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::size_hint", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentEdge::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentEdge::from_raw", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ExtraEdge::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ExtraEdge::from_raw", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::AsRef::at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::read_fan", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/mod.rs", + "function": "git_commitgraph::file::Position::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/mod.rs", + "function": "git_commitgraph::file::Position::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::checksum", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::traverse", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::verify_checksum", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::AsRef::verify_split_chain_filename_hash", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::commit_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::commit_by_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::id_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::iter_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::iter_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::lookup", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::num_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::lookup_by_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::lookup_by_pos", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_commit_graphs_dir", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_file", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_info_dir", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::new", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::Graph::verify_integrity", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::FnMut::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Into::bool_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::is_true", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::From::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::From::from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::parse_true", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::parse_false", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Color::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Color::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Into::color_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::to_decimal", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Into::int_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::bitwise_offset", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Error::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::new", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::with_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::default", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::home_for_user", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::deref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::as_ref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::as_ref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate_user", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate_user", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::File::section_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::section_mut_by_id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::section_mut_or_create_new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_or_create_new_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_filter_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::new_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section_by_id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::push_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::rename_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::rename_section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::append", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::append_or_insert", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::extend_and_assure_newline", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::File::raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::set_existing_raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_raw_value_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_existing_raw_multi_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::try_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::section_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::section_filter_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_by_name", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_ids_by_name", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_by_name_and_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::num_values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::is_void", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::set_meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::meta_owned", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_ids", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_postmatter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::frontmatter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::detect_newline_style", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::detect_newline_style_smallvec", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_includes_recursive", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::append_followed_includes_recursively", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::detach_include_paths", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::include_condition_match", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::onbranch_matches", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::gitdir_matches", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::check_interpolation_result", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_path", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::no_follow", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::follow", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::strict", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::follow_without_conditional", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::interpolate_with", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::default", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::from_globals", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::from_environment_overrides", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::Into::from_git_dir", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/from_env.rs", + "function": "git_config::file::init::from_env::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/from_env.rs", + "function": "git_config::file::init::from_env::File::from_env", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::from_bytes_no_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::from_parse_events_no_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::File::from_bytes_owned", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::Add::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::Add::add", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::AddAssign::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::AddAssign::add_assign", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::SectionId::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::SectionId::default", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::deref", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::header", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::body", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::to_bstring", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::write_to", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::to_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::normalize", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::normalize_bstr", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::normalize_bstring", + "change_type": "Deleted" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0026", + "package": "git-path", + "title": "Gitoxide has renamed its crates.", + "date": "2023-03-14", + "patched_versions": [], + "commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1", + "vulnerable_symbols": [ + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::release_depth_first", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::assure_crates_index_is_uptodate", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::present_and_validate_dependencies", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::perform_release", + "change_type": "Deleted" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::perform_release", + "change_type": "Added" + }, + { + "file": "cargo-smart-release/src/command/release/mod.rs", + "function": "cargo_smart_release::command::release::From::section_to_string", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::dependencies", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::forward_propagate_breaking_changes_for_manifest_updates", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::forward_propagate_breaking_changes_for_manifest_updates", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::make_breaking", + "change_type": "Deleted" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::make_breaking", + "change_type": "Added" + }, + { + "file": "cargo-smart-release/src/traverse.rs", + "function": "cargo_smart_release::traverse::EditForPublish::depth_first_traversal", + "change_type": "Modified" + }, + { + "file": "cargo-smart-release/src/utils.rs", + "function": "cargo_smart_release::utils::workspace_package_by_dependency", + "change_type": "Modified" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::decode", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::decode", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::signature", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::tz_minus", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::tz_plus", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::negative_offset_0000", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::empty_name_and_email", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::invalid_signature", + "change_type": "Deleted" + }, + { + "file": "git-actor/src/signature/decode.rs", + "function": "git_actor::signature::decode::invalid_time", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/lib.rs", + "function": "git_attributes::parse", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::parse_attr", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::check_attr", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::attr_valid", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Iter::next", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::next", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::skip_blanks", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/attribute.rs", + "function": "git_attributes::parse::attribute::Lines::parse_line", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::", + "change_type": "Modified" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::new", + "change_type": "Deleted" + }, + { + "file": "git-attributes/src/parse/ignore.rs", + "function": "git_attributes::parse::ignore::Lines::next", + "change_type": "Deleted" + }, + { + "file": "git-bitmap/src/lib.rs", + "function": "git_bitmap::split_at_pos", + "change_type": "Deleted" + }, + { + "file": "git-bitmap/src/lib.rs", + "function": "git_bitmap::u32", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::base_graph_count", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::commit_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::object_hash", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::id_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_base_graph_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::Iterator::iter_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::lookup", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::num_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::AsRef::path", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::commit_data_bytes", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::extra_edges_data", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/access.rs", + "function": "git_commitgraph::file::access::File::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::read_u32", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::new", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::committer_timestamp", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::generation", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::iter_parents", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::parent1", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::position", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Iterator::root_tree_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::Commit::eq", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::next", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentIterator::size_hint", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentEdge::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ParentEdge::from_raw", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ExtraEdge::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/commit.rs", + "function": "git_commitgraph::file::commit::ExtraEdge::from_raw", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::AsRef::at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/init.rs", + "function": "git_commitgraph::file::init::TryFrom::read_fan", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/mod.rs", + "function": "git_commitgraph::file::Position::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/mod.rs", + "function": "git_commitgraph::file::Position::fmt", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::checksum", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::traverse", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::File::verify_checksum", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::AsRef::verify_split_chain_filename_hash", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/file/verify.rs", + "function": "git_commitgraph::file::verify::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::commit_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::commit_by_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::id_at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::iter_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Iterator::iter_ids", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::lookup", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::AsRef::num_commits", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::lookup_by_id", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/access.rs", + "function": "git_commitgraph::graph::access::Graph::lookup_by_pos", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::at", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_commit_graphs_dir", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_file", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::from_info_dir", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::AsRef::new", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/init.rs", + "function": "git_commitgraph::graph::init::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::Graph::", + "change_type": "Modified" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::Graph::verify_integrity", + "change_type": "Deleted" + }, + { + "file": "git-commitgraph/src/graph/verify.rs", + "function": "git_commitgraph::graph::verify::FnMut::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Into::bool_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::is_true", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::From::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::From::from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::parse_true", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/boolean.rs", + "function": "git_config_value::boolean::Boolean::parse_false", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Color::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Color::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Into::color_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Name::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::Attribute::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/color.rs", + "function": "git_config_value::color::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::to_decimal", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Integer::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Into::int_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::bitwise_offset", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::fmt", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::serialize", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::Suffix::from_str", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/integer.rs", + "function": "git_config_value::integer::TryFrom::try_from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Error::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::new", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/lib.rs", + "function": "git_config_value::Into::with_err", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::default", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Context::home_for_user", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::deref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::", + "change_type": "Modified" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::as_ref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::as_ref", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::for Path::from", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate_user", + "change_type": "Deleted" + }, + { + "file": "git-config-value/src/path.rs", + "function": "git_config_value::path::Path::interpolate_user", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::File::section_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::section_mut_by_id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::section_mut_or_create_new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_or_create_new_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::AsRef::section_mut_filter_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::new_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section_by_id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::remove_section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::push_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::rename_section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::rename_section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::append", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::append_or_insert", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/mutate.rs", + "function": "git_config::file::access::mutate::Into::extend_and_assure_newline", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::File::raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_value_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::raw_values_mut_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::AsRef::set_existing_raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_raw_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_raw_value_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/raw.rs", + "function": "git_config::file::access::raw::Into::set_existing_raw_multi_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::try_value", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::File::section", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::section_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::section_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::AsRef::section_filter_by_key", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_by_name", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_ids_by_name", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_by_name_and_filter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::num_values", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::is_void", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::set_meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Into::meta_owned", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_ids", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::sections_and_postmatter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::frontmatter", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::detect_newline_style", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/access/read_only.rs", + "function": "git_config::file::access::read_only::Iterator::detect_newline_style_smallvec", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_includes_recursive", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::append_followed_includes_recursively", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::detach_include_paths", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::include_condition_match", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::onbranch_matches", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::gitdir_matches", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::check_interpolation_result", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/mod.rs", + "function": "git_config::file::includes::File::resolve_path", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::no_follow", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::follow", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::strict", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::follow_without_conditional", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::interpolate_with", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/includes/types.rs", + "function": "git_config::file::includes::types::Options::default", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::from_globals", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::File::from_environment_overrides", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::Into::from_git_dir", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/comfort.rs", + "function": "git_config::file::init::comfort::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/from_env.rs", + "function": "git_config::file::init::from_env::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/from_env.rs", + "function": "git_config::file::init::from_env::File::from_env", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::File::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::from_bytes_no_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::Into::from_parse_events_no_includes", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/init/mod.rs", + "function": "git_config::file::init::File::from_bytes_owned", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::Add::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::Add::add", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::AddAssign::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::AddAssign::add_assign", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::SectionId::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/mod.rs", + "function": "git_config::file::SectionId::default", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::deref", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::new", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::header", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::id", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::body", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::Section::to_bstring", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::write_to", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::", + "change_type": "Modified" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::meta", + "change_type": "Deleted" + }, + { + "file": "git-config/src/file/section/mod.rs", + "function": "git_config::file::section::std::io::Write::to_mut", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::normalize", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::normalize_bstr", + "change_type": "Deleted" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::", + "change_type": "Modified" + }, + { + "file": "git-config/src/value/normalize.rs", + "function": "git_config::value::normalize::Into::normalize_bstring", + "change_type": "Deleted" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0017", + "package": "maligned", + "title": "`maligned::align_first` causes incorrect deallocation", + "date": "2023-03-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0015", + "package": "ascii", + "title": "Ascii allows out-of-bounds array indexing in safe code", + "date": "2023-02-25", + "patched_versions": [ + ">= 0.9.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0018", + "package": "remove_dir_all", + "title": "Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)", + "date": "2023-02-24", + "patched_versions": [ + ">= 0.8.0" + ], + "commit_sha": "7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead", + "vulnerable_symbols": [ + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::", + "change_type": "Modified" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::remove_dir_contents", + "change_type": "Added" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::_ensure_empty_dir_path", + "change_type": "Added" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::_remove_dir_contents_path", + "change_type": "Added" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::_remove_dir_contents", + "change_type": "Added" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::remove_dir_all_path", + "change_type": "Added" + }, + { + "file": "src/_impl.rs", + "function": "_impl::std::fs::File::remove_dir_contents_recursive", + "change_type": "Added" + }, + { + "file": "src/_impl/io.rs", + "function": "_impl::io::duplicate_fd", + "change_type": "Added" + }, + { + "file": "src/_impl/io.rs", + "function": "_impl::io::open_dir", + "change_type": "Added" + }, + { + "file": "src/_impl/io.rs", + "function": "_impl::io::unique_identifier", + "change_type": "Added" + }, + { + "file": "src/_impl/io.rs", + "function": "_impl::io::clear_readonly", + "change_type": "Added" + }, + { + "file": "src/_impl/io.rs", + "function": "_impl::io::is_eloop", + "change_type": "Added" + }, + { + "file": "src/_impl/path_components.rs", + "function": "_impl::path_components::PathComponents::", + "change_type": "Modified" + }, + { + "file": "src/_impl/path_components.rs", + "function": "_impl::path_components::PathComponents::fmt", + "change_type": "Added" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::", + "change_type": "Modified" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::duplicate_fd", + "change_type": "Added" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::open_dir", + "change_type": "Added" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::unique_identifier", + "change_type": "Added" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::clear_readonly", + "change_type": "Added" + }, + { + "file": "src/_impl/unix.rs", + "function": "_impl::unix::UnixIo::is_eloop", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::", + "change_type": "Modified" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::duplicate_fd", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::open_dir", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::unique_identifier", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::clear_readonly", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::is_eloop", + "change_type": "Added" + }, + { + "file": "src/_impl/win.rs", + "function": "_impl::win::WindowsIo::is_symlink", + "change_type": "Added" + }, + { + "file": "src/fs.rs", + "function": "fs::remove_dir_all", + "change_type": "Deleted" + }, + { + "file": "src/fs.rs", + "function": "fs::_remove_dir_contents", + "change_type": "Deleted" + }, + { + "file": "src/fs.rs", + "function": "fs::_delete_dir_contents", + "change_type": "Deleted" + }, + { + "file": "src/fs.rs", + "function": "fs::delete_readonly", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "remove_dir_contents", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "ensure_empty_dir", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "remove_dir_contents", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "remove_dir_all", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "expect_failure", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "prep", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "mkdir_rm", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "ensure_rm", + "change_type": "Added" + }, + { + "file": "src/portable.rs", + "function": "portable::remove_dir_contents", + "change_type": "Deleted" + }, + { + "file": "src/portable.rs", + "function": "portable::ensure_empty_dir", + "change_type": "Deleted" + }, + { + "file": "src/portable.rs", + "function": "portable::expect_failure", + "change_type": "Deleted" + }, + { + "file": "src/portable.rs", + "function": "portable::prep", + "change_type": "Deleted" + }, + { + "file": "src/portable.rs", + "function": "portable::mkdir_rm", + "change_type": "Deleted" + }, + { + "file": "src/portable.rs", + "function": "portable::ensure_rm", + "change_type": "Deleted" + }, + { + "file": "src/unix.rs", + "function": "unix::remove_file_or_dir_all", + "change_type": "Deleted" + }, + { + "file": "src/unix.rs", + "function": "unix::_remove_dir_contents", + "change_type": "Deleted" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0016", + "package": "partial_sort", + "title": "Possible out-of-bounds read in release mode", + "date": "2023-02-20", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0043", + "package": "ftp", + "title": "ftp is unmaintained, use suppaftp instead", + "date": "2023-02-20", + "patched_versions": [], + "commit_sha": "32259e8bf17cef75949857a958b4fe7a9c2af297", + "vulnerable_symbols": [ + { + "file": "src/data_stream.rs", + "function": "data_stream::DataStream::is_ssl", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::connect", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::into_secure", + "change_type": "Deleted" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::into_secure", + "change_type": "Added" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::into_insecure", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::get_welcome_msg", + "change_type": "Added" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::data_command", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::login", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::cwd", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::cdup", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::pwd", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::noop", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::mkdir", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::pasv", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::transfer_type", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::quit", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::get", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::rename", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::retr", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::simple_retr", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::rmdir", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::rm", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::put_file", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::put", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::list_command", + "change_type": "Deleted" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::list_command", + "change_type": "Added" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::get_lines_from_stream", + "change_type": "Added" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::list", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::nlst", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::mdtm", + "change_type": "Deleted" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::mdtm", + "change_type": "Added" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::size", + "change_type": "Modified" + }, + { + "file": "src/ftp.rs", + "function": "ftp::FtpStream::read_response_in", + "change_type": "Modified" + }, + { + "file": "src/types.rs", + "function": "types::FtpError::fmt", + "change_type": "Modified" + }, + { + "file": "src/types.rs", + "function": "types::FtpError::", + "change_type": "Modified" + }, + { + "file": "src/types.rs", + "function": "types::FtpError::description", + "change_type": "Deleted" + }, + { + "file": "src/types.rs", + "function": "types::FtpError::cause", + "change_type": "Deleted" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0019", + "package": "kuchiki", + "title": "`kuchiki` is unmaintained", + "date": "2023-01-21", + "patched_versions": [], + "commit_sha": "f92e4c047fdc30619555da282ac7ccce1d313aa6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0002", + "package": "git2", + "title": "git2 Rust package suppresses ssh host key checking", + "date": "2023-01-12", + "patched_versions": [ + ">= 0.16.0" + ], + "commit_sha": "bce15556ef8fd7fb4f9c5122e78febbdb5b7f1ca", + "vulnerable_symbols": [ + { + "file": "src/cert.rs", + "function": "cert::SshHostKeyType::", + "change_type": "Modified" + }, + { + "file": "src/cert.rs", + "function": "cert::SshHostKeyType::name", + "change_type": "Added" + }, + { + "file": "src/cert.rs", + "function": "cert::SshHostKeyType::short_name", + "change_type": "Added" + }, + { + "file": "src/cert.rs", + "function": "cert::CertHostkey::hostkey", + "change_type": "Added" + }, + { + "file": "src/cert.rs", + "function": "cert::CertHostkey::hostkey_type", + "change_type": "Added" + }, + { + "file": "src/remote_callbacks.rs", + "function": "remote_callbacks::RemoteCallbacks::certificate_check", + "change_type": "Modified" + }, + { + "file": "src/remote_callbacks.rs", + "function": "remote_callbacks::RemoteCallbacks::certificate_check_cb", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0005", + "package": "tokio", + "title": "`tokio::io::ReadHalf::unsplit` is Unsound", + "date": "2023-01-11", + "patched_versions": [ + ">= 1.18.5, < 1.19.0", + ">= 1.20.4, < 1.21.0", + ">= 1.24.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2023-0004", + "package": "bzip2", + "title": "bzip2 Denial of Service (DoS)", + "date": "2023-01-09", + "patched_versions": [ + ">= 0.4.4" + ], + "commit_sha": "90c9c182cd5a5ebc75810aebd89b347a7bdf590b", + "vulnerable_symbols": [ + { + "file": "src/mem.rs", + "function": "mem::Compress::", + "change_type": "Modified" + }, + { + "file": "src/mem.rs", + "function": "mem::Decompress::decompress", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2023-0001", + "package": "tokio", + "title": "reject_remote_clients Configuration corruption", + "date": "2023-01-04", + "patched_versions": [ + ">= 1.18.4, < 1.19.0", + ">= 1.20.3, < 1.21.0", + ">= 1.23.1" + ], + "commit_sha": "9241c3eddf4a6a218681b088d71f7191513e2376", + "vulnerable_symbols": [ + { + "file": "tokio/src/net/windows/named_pipe.rs", + "function": "tokio::net::windows::named_pipe::ServerOptions::pipe_mode", + "change_type": "Modified" + }, + { + "file": "tokio/src/net/windows/named_pipe.rs", + "function": "tokio::net::windows::named_pipe::ServerOptions::named_pipe_info", + "change_type": "Modified" + }, + { + "file": "tokio/src/net/windows/named_pipe.rs", + "function": "tokio::net::windows::named_pipe::ServerOptions::opts_default_pipe_mode", + "change_type": "Added" + }, + { + "file": "tokio/src/net/windows/named_pipe.rs", + "function": "tokio::net::windows::named_pipe::ServerOptions::opts_unset_reject_remote", + "change_type": "Added" + }, + { + "file": "tokio/src/net/windows/named_pipe.rs", + "function": "tokio::net::windows::named_pipe::ServerOptions::opts_set_pipe_mode_maintains_reject_remote_clients", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0072", + "package": "hyper-staticfile", + "title": "Location header incorporates user input, allowing open redirect", + "date": "2022-12-23", + "patched_versions": [ + "^0.9.4", + ">= 0.10.0-alpha.5" + ], + "commit_sha": "f12cadc6666c6f555d29725f5bc45da2103f24ea", + "vulnerable_symbols": [ + { + "file": "src/resolve.rs", + "function": "resolve::Resolver::", + "change_type": "Modified" + }, + { + "file": "src/response_builder.rs", + "function": "response_builder::ResponseBuilder::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0073", + "package": "alloc-cortex-m", + "title": "crate has been renamed to `embedded-alloc`", + "date": "2022-12-21", + "patched_versions": [], + "commit_sha": "89cb8d50e6634130302cd444b3f547aed0fd32dc", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "CortexMHeap::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Heap::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Heap::empty", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Heap::empty", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "CortexMHeap::init", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "CortexMHeap::used", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "CortexMHeap::free", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Heap::alloc", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "CortexMHeap::dealloc", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0077", + "package": "claim", + "title": "`claim` is Unmaintained", + "date": "2022-12-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0074", + "package": "prettytable-rs", + "title": "Force cast a &Vec to &[T]", + "date": "2022-12-02", + "patched_versions": [ + ">= 0.10.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0070", + "package": "secp256k1", + "title": "Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code", + "date": "2022-11-30", + "patched_versions": [ + ">= 0.22.2, < 0.23.0", + ">= 0.23.5, < 0.24.0", + ">= 0.24.2" + ], + "commit_sha": "29c13638dc679db708fa466376650cb0bf758eff", + "vulnerable_symbols": [ + { + "file": "src/context.rs", + "function": "context::Secp256k1::", + "change_type": "Modified" + }, + { + "file": "src/context.rs", + "function": "context::for AllPreallocated::", + "change_type": "Modified" + }, + { + "file": "src/context.rs", + "function": "context::for SignOnlyPreallocated::", + "change_type": "Modified" + }, + { + "file": "src/context.rs", + "function": "context::for VerifyOnlyPreallocated::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0069", + "package": "hyper-staticfile", + "title": "Improper validation of Windows paths could lead to directory traversal attack", + "date": "2022-11-30", + "patched_versions": [ + "^0.9.2", + ">= 0.10.0-alpha.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0080", + "package": "parity-util-mem", + "title": "parity-util-mem Unmaintained", + "date": "2022-11-30", + "patched_versions": [], + "commit_sha": "806ca48a95c06014e0fde74a1382dc128da62206", + "vulnerable_symbols": [ + { + "file": "kvdb-rocksdb/src/lib.rs", + "function": "kvdb_rocksdb::DBAndColumns::", + "change_type": "Modified" + }, + { + "file": "kvdb-rocksdb/src/lib.rs", + "function": "kvdb_rocksdb::DBAndColumns::size_of", + "change_type": "Deleted" + }, + { + "file": "kvdb-rocksdb/src/lib.rs", + "function": "kvdb_rocksdb::DBAndColumns::cf", + "change_type": "Modified" + }, + { + "file": "kvdb/src/lib.rs", + "function": "kvdb::DBTransaction::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0094", + "package": "mimalloc", + "title": "Mimalloc Can Allocate Memory with Bad Alignment", + "date": "2022-11-23", + "patched_versions": [ + ">= 0.1.39" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0075", + "package": "wasmtime", + "title": "Bug in pooling instance allocator", + "date": "2022-11-10", + "patched_versions": [ + ">= 1.0.2, < 2.0.0", + ">= 2.0.2" + ], + "commit_sha": "2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0", + "vulnerable_symbols": [ + { + "file": "crates/runtime/src/instance/allocator/pooling.rs", + "function": "runtime::instance::allocator::pooling::InstancePool::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0076", + "package": "wasmtime", + "title": "Bug in Wasmtime implementation of pooling instance allocator", + "date": "2022-11-10", + "patched_versions": [ + ">= 1.0.2, < 2.0.0", + ">= 2.0.2" + ], + "commit_sha": "e60c3742904ccbb3e26da201c9221c38a4981d72", + "vulnerable_symbols": [ + { + "file": "crates/runtime/src/instance/allocator/pooling.rs", + "function": "runtime::instance::allocator::pooling::InstancePool::", + "change_type": "Modified" + }, + { + "file": "crates/runtime/src/instance/allocator/pooling.rs", + "function": "runtime::instance::allocator::pooling::MemoryPool::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0079", + "package": "elf_rs", + "title": "ELF header parsing library doesn't check for valid offset", + "date": "2022-10-31", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0083", + "package": "evm", + "title": "evm incorrect state transition", + "date": "2022-10-25", + "patched_versions": [ + ">= 0.36.0" + ], + "commit_sha": "6534c1dd8ad77b53d05032f80e8a5f2de4d37fd2", + "vulnerable_symbols": [ + { + "file": "src/executor/stack/executor.rs", + "function": "executor::stack::executor::check_first_byte", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0062", + "package": "matrix-sdk", + "title": "matrix-sdk 0.6.0 logs access tokens", + "date": "2022-10-24", + "patched_versions": [ + ">= 0.6.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0067", + "package": "lzf", + "title": "Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`", + "date": "2022-10-22", + "patched_versions": [ + ">= 0.3.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0087", + "package": "slack-morphism", + "title": "Slack Webhooks secrets leak in debug logs", + "date": "2022-10-10", + "patched_versions": [ + ">= 1.3.2" + ], + "commit_sha": "65ef9fac4f39c4e171e2952a6cf029bb0d059a89", + "vulnerable_symbols": [ + { + "file": "src/hyper_tokio/connector.rs", + "function": "hyper_tokio::connector::SlackClientHyperConnec::", + "change_type": "Modified" + }, + { + "file": "src/hyper_tokio/connector.rs", + "function": "hyper_tokio::connector::SlackClientHttpConnect::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0061", + "package": "parity-wasm", + "title": "Crate `parity-wasm` deprecated by the author", + "date": "2022-10-01", + "patched_versions": [], + "commit_sha": "b760a74d4b533adb01c52fb5a91d59ab87587097", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0085", + "package": "matrix-sdk-crypto", + "title": "matrix-sdk Impersonation of room keys", + "date": "2022-09-29", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": "093fb5d0aa21c0b5eaea6ec96b477f1075271cbb", + "vulnerable_symbols": [ + { + "file": "crates/matrix-sdk-crypto/src/gossiping/machine.rs", + "function": "matrix_sdk_crypto::gossiping::machine::GossipMachine::should_accept_forward", + "change_type": "Added" + }, + { + "file": "crates/matrix-sdk-crypto/src/gossiping/machine.rs", + "function": "matrix_sdk_crypto::gossiping::machine::GossipMachine::receive_supported_keys", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0091", + "package": "tauri", + "title": "`tauri` filesystem scope partial bypass", + "date": "2022-09-19", + "patched_versions": [ + ">= 1.0.7, < 1.1.0", + ">= 1.1.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0055", + "package": "axum-core", + "title": "No default limit put on request bodies", + "date": "2022-08-31", + "patched_versions": [ + ">= 0.2.8, < 0.3.0-rc.1", + ">= 0.3.0-rc.2" + ], + "commit_sha": "759e9887473b2c6fee3cb5650b286a0a72215150", + "vulnerable_symbols": [ + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::DefaultBodyLimit::", + "change_type": "Modified" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::DefaultBodyLimit::disable", + "change_type": "Added" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::for DefaultBodyLimit::", + "change_type": "Modified" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::for DefaultBodyLimit::layer", + "change_type": "Added" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::for DefaultBodyLimitService::", + "change_type": "Modified" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::for DefaultBodyLimitService::poll_ready", + "change_type": "Added" + }, + { + "file": "axum-core/src/extract/default_body_limit.rs", + "function": "axum_core::extract::default_body_limit::for DefaultBodyLimitService::call", + "change_type": "Added" + }, + { + "file": "axum-core/src/extract/request_parts.rs", + "function": "axum_core::extract::request_parts::from_request", + "change_type": "Modified" + }, + { + "file": "axum-core/src/extract/request_parts.rs", + "function": "axum_core::extract::request_parts::from_request", + "change_type": "Deleted" + }, + { + "file": "axum-core/src/extract/request_parts.rs", + "function": "axum_core::extract::request_parts::from_request", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0057", + "package": "badge", + "title": "badge is Unmaintained", + "date": "2022-08-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0052", + "package": "os_socketaddr", + "title": "`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2022-08-26", + "patched_versions": [ + ">= 0.2.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0051", + "package": "lz4-sys", + "title": "Memory corruption in liblz4", + "date": "2022-08-25", + "patched_versions": [ + ">= 1.9.4" + ], + "commit_sha": "7a966c1511816b53ac93aa2f2a2ff97e036a4a60", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0053", + "package": "mapr", + "title": "mapr is Unmaintained", + "date": "2022-08-24", + "patched_versions": [], + "commit_sha": "f42031da81d0fd00d6f40030a64d53408012b971", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0049", + "package": "iana-time-zone", + "title": "Use after free in MacOS / iOS implementation", + "date": "2022-08-15", + "patched_versions": [ + ">= 0.1.45" + ], + "commit_sha": "46ac3438179013e20d6da0706b421eb402cce48e", + "vulnerable_symbols": [ + { + "file": "src/tz_macos.rs", + "function": "tz_macos::get_timezone_inner", + "change_type": "Modified" + }, + { + "file": "src/tz_macos.rs", + "function": "tz_macos::get_timezone", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0088", + "package": "tauri", + "title": "`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope", + "date": "2022-08-07", + "patched_versions": [ + ">= 1.0.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0050", + "package": "interledger-packet", + "title": "Interledger is Unmaintained", + "date": "2022-08-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0086", + "package": "slack-morphism", + "title": "Slack OAuth Secrets leak in debug logs", + "date": "2022-07-22", + "patched_versions": [ + ">= 0.41.0" + ], + "commit_sha": "4923fb7d458ed28c0302244c54cb4df0acee7ee6", + "vulnerable_symbols": [ + { + "file": "src/client/src/api/oauth.rs", + "function": "client::src::api::oauth::SlackOAuthCode::", + "change_type": "Modified" + }, + { + "file": "src/client/src/api/oauth.rs", + "function": "client::src::api::oauth::SlackOAuthCode::fmt", + "change_type": "Added" + }, + { + "file": "src/client/src/errors.rs", + "function": "client::src::errors::From::", + "change_type": "Modified" + }, + { + "file": "src/client/src/errors.rs", + "function": "client::src::errors::From::from", + "change_type": "Added" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackCommandEventsListenerConfig::", + "change_type": "Modified" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackPushEventsListenerConfig::", + "change_type": "Modified" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackInteractionEventsListenerConfig::", + "change_type": "Modified" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackOAuthListenerConfig::to_redirect_url", + "change_type": "Deleted" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackOAuthListenerConfig::", + "change_type": "Modified" + }, + { + "file": "src/client/src/listener.rs", + "function": "client::src::listener::SlackOAuthListenerConfig::to_redirect_url", + "change_type": "Added" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::new", + "change_type": "Deleted" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::", + "change_type": "Modified" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::new", + "change_type": "Added" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::check_signature_success", + "change_type": "Modified" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::test_precoded_data", + "change_type": "Modified" + }, + { + "file": "src/client/src/signature_verifier.rs", + "function": "client::src::signature_verifier::SlackEventSignatureVerifier::check_empty_secret_error_test", + "change_type": "Modified" + }, + { + "file": "src/hyper/src/listener/oauth.rs", + "function": "hyper::src::listener::oauth::SlackClientEventsHyperListener::", + "change_type": "Modified" + }, + { + "file": "src/models/src/common/mod.rs", + "function": "models::src::common::SlackClientSecret::", + "change_type": "Modified" + }, + { + "file": "src/models/src/common/mod.rs", + "function": "models::src::common::SlackClientSecret::fmt", + "change_type": "Added" + }, + { + "file": "src/models/src/common/mod.rs", + "function": "models::src::common::SlackVerificationToken::fmt", + "change_type": "Modified" + }, + { + "file": "src/models/src/common/mod.rs", + "function": "models::src::common::SlackSigningSecret::", + "change_type": "Modified" + }, + { + "file": "src/models/src/common/mod.rs", + "function": "models::src::common::SlackSigningSecret::fmt", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0034", + "package": "pkcs11", + "title": "Safety issues in `pkcs11`", + "date": "2022-07-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0037", + "package": "async-graphql", + "title": "Denial of service on deeply nested fragment requests", + "date": "2022-07-21", + "patched_versions": [ + ">= 4.0.6" + ], + "commit_sha": "521769b80039fc8043d1c9883e3d6e5b57359072", + "vulnerable_symbols": [ + { + "file": "src/schema.rs", + "function": "schema::SchemaBuilder::", + "change_type": "Modified" + }, + { + "file": "src/schema.rs", + "function": "schema::SchemaBuilder::limit_recursive_depth", + "change_type": "Added" + }, + { + "file": "src/schema.rs", + "function": "schema::SchemaBuilder::check_recursive_depth", + "change_type": "Added" + }, + { + "file": "src/schema.rs", + "function": "schema::SchemaBuilder::check_selection_set", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0056", + "package": "clipboard", + "title": "clipboard is Unmaintained", + "date": "2022-06-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0029", + "package": "crossbeam", + "title": "`MsQueue` `push`/`pop` use the wrong orderings", + "date": "2022-06-07", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": "bf1fb5627d67582a53ef712e8cb07fb9ebf878fa", + "vulnerable_symbols": [ + { + "file": "src/sync/ms_queue.rs", + "function": "sync::ms_queue::MsQueue::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0028", + "package": "neon", + "title": "Use after free in Neon external buffers", + "date": "2022-05-22", + "patched_versions": [ + ">= 0.10.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0046", + "package": "rocksdb", + "title": "Out-of-bounds read when opening multiple column families with TTL", + "date": "2022-05-11", + "patched_versions": [ + ">= 0.19.0" + ], + "commit_sha": "701d46198b847fdd8e2429c1cdea17cca665574b", + "vulnerable_symbols": [ + { + "file": "src/backup.rs", + "function": "backup::BackupEngine::", + "change_type": "Modified" + }, + { + "file": "src/backup.rs", + "function": "backup::RestoreOptions::set_keep_log_files", + "change_type": "Modified" + }, + { + "file": "src/db.rs", + "function": "db::DBWithThreadMode::", + "change_type": "Modified" + }, + { + "file": "src/db.rs", + "function": "db::DBWithThreadMode::flush_wal", + "change_type": "Modified" + }, + { + "file": "src/db.rs", + "function": "db::DBWithThreadMode::cancel_all_background_work", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::BlockBasedOptions::set_partition_filters", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::BlockBasedOptions::disable_cache", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::BlockBasedOptions::set_whole_key_filtering", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::CuckooTableOptions::set_identity_as_first_hash", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::CuckooTableOptions::set_use_module_hash", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::create_if_missing", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_error_if_exists", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_paranoid_checks", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_compaction_readahead_size", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_level_compaction_dynamic_level_bytes", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_use_fsync", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_allow_concurrent_memtable_write", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_use_direct_reads", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_is_fd_close_on_exec", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_unordered_write", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_disable_auto_compactions", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_inplace_update_support", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_enable_pipelined_write", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_report_bg_io_stats", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_advise_random_on_open", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_use_adaptive_mutex", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_skip_stats_update_on_db_open", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_allow_mmap_writes", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_allow_mmap_reads", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_manual_wal_flush", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_atomic_flush", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::Options::set_dump_malloc_stats", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::FlushOptions::set_wait", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::WriteOptions::set_sync", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::WriteOptions::disable_wal", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::WriteOptions::set_no_slowdown", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::WriteOptions::set_low_pri", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::WriteOptions::set_memtable_insert_hint_per_batch", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::fill_cache", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_prefix_same_as_start", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_total_order_seek", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_ignore_range_deletions", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_verify_checksums", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_tailing", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::ReadOptions::set_pin_data", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::IngestExternalFileOptions::set_move_files", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::IngestExternalFileOptions::set_allow_global_seqno", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::IngestExternalFileOptions::set_ingest_behind", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::CompactOptions::set_exclusive_manual_compaction", + "change_type": "Modified" + }, + { + "file": "src/db_options.rs", + "function": "db_options::CompactOptions::set_change_level", + "change_type": "Modified" + }, + { + "file": "src/perf.rs", + "function": "perf::PerfContext::report", + "change_type": "Modified" + }, + { + "file": "src/slice_transform.rs", + "function": "slice_transform::in_domain_callback", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0024", + "package": "double-checked-cell", + "title": "double-checked-cell is unmaintained", + "date": "2022-05-11", + "patched_versions": [], + "commit_sha": "9cf94d75316ef441033ce4c80def7c1a8c7643fe", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0054", + "package": "wee_alloc", + "title": "wee_alloc is Unmaintained", + "date": "2022-05-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0023", + "package": "static_type_map", + "title": "`static_type_map` has been renamed to `erased_set`", + "date": "2022-05-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0019", + "package": "crossbeam-channel", + "title": "Channel creates zero value of any type", + "date": "2022-05-10", + "patched_versions": [ + ">= 0.4.3" + ], + "commit_sha": "8903df8970454be368b00b867c668e53773df0eb", + "vulnerable_symbols": [ + { + "file": "crossbeam-channel/src/flavors/array.rs", + "function": "crossbeam_channel::flavors::array::Channel::", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Channel::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Inner::", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Injector::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::call", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::push", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/array_queue.rs", + "function": "crossbeam_queue::array_queue::ArrayQueue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::SegQueue::new", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0021", + "package": "crossbeam-queue", + "title": "`SegQueue` creates zero value of any type", + "date": "2022-05-10", + "patched_versions": [ + ">= 0.2.3" + ], + "commit_sha": "8903df8970454be368b00b867c668e53773df0eb", + "vulnerable_symbols": [ + { + "file": "crossbeam-channel/src/flavors/array.rs", + "function": "crossbeam_channel::flavors::array::Channel::", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Channel::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Inner::", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Injector::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::call", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::push", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/array_queue.rs", + "function": "crossbeam_queue::array_queue::ArrayQueue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::SegQueue::new", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0020", + "package": "crossbeam", + "title": "`SegQueue` creates zero value of any type", + "date": "2022-05-10", + "patched_versions": [ + ">= 0.7.0" + ], + "commit_sha": "8903df8970454be368b00b867c668e53773df0eb", + "vulnerable_symbols": [ + { + "file": "crossbeam-channel/src/flavors/array.rs", + "function": "crossbeam_channel::flavors::array::Channel::", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-channel/src/flavors/list.rs", + "function": "crossbeam_channel::flavors::list::Channel::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Inner::", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-deque/src/lib.rs", + "function": "crossbeam_deque::Injector::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/deferred.rs", + "function": "crossbeam_epoch::deferred::Deferred::call", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-epoch/src/sync/queue.rs", + "function": "crossbeam_epoch::sync::queue::Queue::push", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/array_queue.rs", + "function": "crossbeam_queue::array_queue::ArrayQueue::", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::Block::new", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/seg_queue.rs", + "function": "crossbeam_queue::seg_queue::SegQueue::new", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0022", + "package": "hyper", + "title": "Parser creates invalid uninitialized value", + "date": "2022-05-10", + "patched_versions": [ + ">= 0.14.12" + ], + "commit_sha": "95a978344c29351e2e381af0a91772093e01e255", + "vulnerable_symbols": [ + { + "file": "src/proto/h1/role.rs", + "function": "proto::h1::role::Server::", + "change_type": "Modified" + }, + { + "file": "src/proto/h1/role.rs", + "function": "proto::h1::role::Client::", + "change_type": "Modified" + }, + { + "file": "src/proto/h1/role.rs", + "function": "proto::h1::role::Client::record_header_indices", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0071", + "package": "rusoto_credential", + "title": "Rusoto is unmaintained", + "date": "2022-04-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0092", + "package": "rmp-serde", + "title": "`rmp-serde` `Raw` and `RawRef` unsound", + "date": "2022-04-13", + "patched_versions": [ + ">= 1.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0015", + "package": "pty", + "title": "pty is unmaintained", + "date": "2022-03-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0012", + "package": "arrow2", + "title": "Arrow2 allows double free in `safe` code", + "date": "2022-03-04", + "patched_versions": [ + ">= 0.7.1, < 0.8", + ">= 0.8.2, < 0.9", + ">= 0.9.2, < 0.10", + ">= 0.10.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0041", + "package": "crossbeam-utils", + "title": "Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64", + "date": "2022-02-05", + "patched_versions": [ + ">= 0.8.7" + ], + "commit_sha": "924436cc71b5d7245631a0cf4f02ff536630a1fd", + "vulnerable_symbols": [ + { + "file": "crossbeam-utils/src/atomic/atomic_cell.rs", + "function": "crossbeam_utils::atomic::atomic_cell::fetch_add", + "change_type": "Modified" + }, + { + "file": "crossbeam-utils/src/atomic/atomic_cell.rs", + "function": "crossbeam_utils::atomic::atomic_cell::fetch_sub", + "change_type": "Modified" + }, + { + "file": "crossbeam-utils/src/atomic/atomic_cell.rs", + "function": "crossbeam_utils::atomic::atomic_cell::fetch_and", + "change_type": "Modified" + }, + { + "file": "crossbeam-utils/src/atomic/atomic_cell.rs", + "function": "crossbeam_utils::atomic::atomic_cell::fetch_or", + "change_type": "Modified" + }, + { + "file": "crossbeam-utils/src/atomic/atomic_cell.rs", + "function": "crossbeam_utils::atomic::atomic_cell::fetch_xor", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0081", + "package": "json", + "title": "json is unmaintained", + "date": "2022-02-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0040", + "package": "owning_ref", + "title": "Multiple soundness issues in `owning_ref`", + "date": "2022-01-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0048", + "package": "xml-rs", + "title": "xml-rs is Unmaintained", + "date": "2022-01-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0007", + "package": "qcell", + "title": "A malicious coder can get unsound access to TCell or TLCell memory", + "date": "2022-01-24", + "patched_versions": [ + ">= 0.4.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0006", + "package": "thread_local", + "title": "Data race in `Iter` and `IterMut`", + "date": "2022-01-23", + "patched_versions": [ + ">= 1.1.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0005", + "package": "ftd2xx-embedded-hal", + "title": "crate has been renamed to `ftdi-embedded-hal`", + "date": "2022-01-22", + "patched_versions": [], + "commit_sha": "6a0ee4534f084fbfbb30ac06d14c21dde1f9d1f3", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0043", + "package": "tower-http", + "title": "Improper validation of Windows paths could lead to directory traversal attack", + "date": "2022-01-21", + "patched_versions": [ + ">= 0.2.1", + ">= 0.1.3, < 0.2.0" + ], + "commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef", + "vulnerable_symbols": [ + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::build_and_validate_path", + "change_type": "Modified" + }, + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::access_cjk_percent_encoded_uri_path", + "change_type": "Modified" + }, + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::access_space_percent_encoded_uri_path", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0003", + "package": "ammonia", + "title": "Space bug in `clean_text`", + "date": "2022-01-19", + "patched_versions": [ + ">= 3.1.3" + ], + "commit_sha": "b2b4346a2f16f34bc3d5c6e4f202e3471464fee2", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "clean_text", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "clean_text_spaces_test", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2022-0044", + "package": "markdown", + "title": "`markdown` (1.0.0 and higher) is maintained", + "date": "2022-01-17", + "patched_versions": [ + ">= 1.0.0-alpha.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0039", + "package": "odbc", + "title": "project abandoned", + "date": "2022-01-17", + "patched_versions": [], + "commit_sha": "f9e5f77fac0a6328f9759e6e0f9e10c16509aebb", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0036", + "package": "r2d2_odbc", + "title": "project abandoned", + "date": "2022-01-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0082", + "package": "warp", + "title": "Improper validation of Windows paths could lead to directory traversal attack", + "date": "2022-01-14", + "patched_versions": [ + ">= 0.3.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0002", + "package": "dashmap", + "title": "Unsoundness in `dashmap` references", + "date": "2022-01-10", + "patched_versions": [ + ">= 5.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2022-0008", + "package": "windows", + "title": "Delegate functions are missing `Send` bound", + "date": "2022-01-02", + "patched_versions": [ + ">= 0.32.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0134", + "package": "rental", + "title": "rental is unmaintained, author has moved on", + "date": "2021-12-27", + "patched_versions": [], + "commit_sha": "213671ab3aab3452efd7e2290c6bb714ee327014", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0141", + "package": "dotenv", + "title": "dotenv is Unmaintained", + "date": "2021-12-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0142", + "package": "dotenv_codegen", + "title": "dotenv is Unmaintained", + "date": "2021-12-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0130", + "package": "lru", + "title": "Use after free in lru crate", + "date": "2021-12-21", + "patched_versions": [ + ">= 0.7.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0131", + "package": "brotli-sys", + "title": "Integer overflow in the bundled Brotli C library", + "date": "2021-12-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0128", + "package": "rusqlite", + "title": "Incorrect Lifetime Bounds on Closures in `rusqlite`", + "date": "2021-12-07", + "patched_versions": [ + ">= 0.26.2", + "0.25.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0153", + "package": "encoding", + "title": "`encoding` is unmaintained", + "date": "2021-12-05", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0126", + "package": "rust-embed", + "title": "RustEmbed generated `get` method allows for directory traversal when reading files from disk", + "date": "2021-11-29", + "patched_versions": [ + ">= 6.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0124", + "package": "tokio", + "title": "Data race when sending and receiving after closing a `oneshot` channel", + "date": "2021-11-16", + "patched_versions": [ + ">= 1.8.4, < 1.9.0", + ">= 1.13.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0123", + "package": "fruity", + "title": "Converting `NSString` to a String Truncates at Null Bytes", + "date": "2021-11-14", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0125", + "package": "simple_asn1", + "title": "Panic on incorrect date input to `simple_asn1`", + "date": "2021-11-14", + "patched_versions": [ + ">=0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0122", + "package": "flatbuffers", + "title": "Generated code can read and write out of bounds in safe code", + "date": "2021-10-31", + "patched_versions": [ + ">= 22.9.29" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0137", + "package": "sodiumoxide", + "title": "sodiumoxide is deprecated", + "date": "2021-10-22", + "patched_versions": [], + "commit_sha": "5bb1dfd2578539b89ffb0cbea25f21f00cfb963e", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0120", + "package": "abomonation", + "title": "abomonation transmutes &T to and from &[u8] without sufficient constraints", + "date": "2021-10-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0138", + "package": "mz-avro", + "title": "Incorrect use of `set_len` allows for un-initialized memory", + "date": "2021-10-14", + "patched_versions": [ + ">= 0.7.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0121", + "package": "crypto2", + "title": "Non-aligned u32 read in Chacha20 encryption and decryption", + "date": "2021-10-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0144", + "package": "traitobject", + "title": "traitobject is Unmaintained", + "date": "2021-10-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0119", + "package": "nix", + "title": "Out-of-bounds write in nix::unistd::getgrouplist", + "date": "2021-09-27", + "patched_versions": [ + "^0.20.2", + "^0.21.2", + "^0.22.2", + ">= 0.23.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0115", + "package": "zeroize_derive", + "title": "`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s", + "date": "2021-09-24", + "patched_versions": [ + ">= 1.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0114", + "package": "nanorand", + "title": "Aliased mutable references from `tls_rand` & `TlsWyRand`", + "date": "2021-09-23", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0111", + "package": "tremor-script", + "title": "Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`", + "date": "2021-09-16", + "patched_versions": [ + ">= 0.11.6" + ], + "commit_sha": "ec22294e1fab94bf344d85b7664d224e4790ddec", + "vulnerable_symbols": [ + { + "file": "tremor-cli/src/run.rs", + "function": "tremor_cli::run::Ingress::from_args", + "change_type": "Modified" + }, + { + "file": "tremor-cli/src/run.rs", + "function": "tremor_cli::run::Ingress::run_tremor_source", + "change_type": "Modified" + }, + { + "file": "tremor-cli/src/run.rs", + "function": "tremor_cli::run::Ingress::run_trickle_source", + "change_type": "Modified" + }, + { + "file": "tremor-script/src/ast/base_expr.rs", + "function": "tremor_script::ast::base_expr::Expr::", + "change_type": "Modified" + }, + { + "file": "tremor-script/src/ast/raw.rs", + "function": "tremor_script::ast::raw::for ExprRaw::", + "change_type": "Modified" + }, + { + "file": "tremor-script/src/ast/to_static.rs", + "function": "tremor_script::ast::to_static::Expr::", + "change_type": "Modified" + }, + { + "file": "tremor-script/src/interpreter/expr.rs", + "function": "tremor_script::interpreter::expr::Expr::patch_in_place", + "change_type": "Deleted" + }, + { + "file": "tremor-script/src/interpreter/expr.rs", + "function": "tremor_script::interpreter::expr::Expr::", + "change_type": "Modified" + }, + { + "file": "tremor-script/src/interpreter/expr.rs", + "function": "tremor_script::interpreter::expr::Expr::merge_in_place", + "change_type": "Deleted" + }, + { + "file": "tremor-script/src/interpreter/expr.rs", + "function": "tremor_script::interpreter::expr::Expr::comprehension", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0116", + "package": "arrow", + "title": "`BinaryArray` does not perform bound checks on reading values and offsets", + "date": "2021-09-14", + "patched_versions": [ + ">= 6.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0117", + "package": "arrow", + "title": "`DecimalArray` does not perform bound checks on accessing values and offsets", + "date": "2021-09-14", + "patched_versions": [ + ">= 6.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0118", + "package": "arrow", + "title": "`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets", + "date": "2021-09-14", + "patched_versions": [ + ">= 6.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0154", + "package": "fuser", + "title": "Uninitalized memory read & leak caused by fuser crate", + "date": "2021-09-10", + "patched_versions": [ + ">= 0.16.0" + ], + "commit_sha": "47113e10ea4ab4be5b562cdc0d8cc8d41ce50311", + "vulnerable_symbols": [ + { + "file": "src/mnt/fuse3.rs", + "function": "mnt::fuse3::Mount::new", + "change_type": "Modified" + }, + { + "file": "src/mnt/fuse3_sys.rs", + "function": "mnt::fuse3_sys::fuse_session_new", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0100", + "package": "sha2", + "title": "Miscomputed results when using AVX2 backend", + "date": "2021-09-08", + "patched_versions": [ + ">= 0.9.8" + ], + "commit_sha": "93d895de72c2cb3ac7bc106f03e33715f8f304c2", + "vulnerable_symbols": [ + { + "file": "sha2/src/sha512/x86.rs", + "function": "sha2::sha512::x86::load_data_avx2", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0147", + "package": "daemonize", + "title": "`daemonize` is Unmaintained", + "date": "2021-09-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0099", + "package": "cosmos_sdk", + "title": "Crate has been renamed to `cosmrs`", + "date": "2021-08-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0139", + "package": "ansi_term", + "title": "ansi_term is Unmaintained", + "date": "2021-08-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0096", + "package": "spirv_headers", + "title": "spirv_headers is unmaintained, use spirv instead", + "date": "2021-08-16", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0082", + "package": "vec-const", + "title": "vec-const attempts to construct a Vec from a pointer to a const slice", + "date": "2021-08-14", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0080", + "package": "tar", + "title": "Links in archive can create arbitrary directories", + "date": "2021-07-19", + "patched_versions": [ + ">= 0.4.36" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0076", + "package": "libsecp256k1", + "title": "libsecp256k1 allows overflowing signatures", + "date": "2021-07-13", + "patched_versions": [ + ">= 0.5.0" + ], + "commit_sha": "b525d5d318d9672a40250c1725fa1bb3156688b7", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Signature::parse", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Signature::parse_overflowing", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Signature::parse_slice", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "Signature::parse_standard", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Signature::parse_overflowing_slice", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Signature::parse_standard_slice", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0073", + "package": "prost-types", + "title": "Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic", + "date": "2021-07-08", + "patched_versions": [ + ">= 0.8.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0075", + "package": "ark-r1cs-std", + "title": "Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems", + "date": "2021-07-08", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": "47ddbaa411afe7c499311a248a38135e5a192b67", + "vulnerable_symbols": [ + { + "file": "src/fields/mod.rs", + "function": "fields::mul_by_inverse", + "change_type": "Modified" + }, + { + "file": "src/groups/curves/short_weierstrass/non_zero_affine.rs", + "function": "groups::curves::short_weierstrass::non_zero_affine::test_non_zero_affine_cost", + "change_type": "Deleted" + }, + { + "file": "src/groups/curves/short_weierstrass/non_zero_affine.rs", + "function": "groups::curves::short_weierstrass::non_zero_affine::correctness_test_1", + "change_type": "Added" + }, + { + "file": "src/groups/curves/short_weierstrass/non_zero_affine.rs", + "function": "groups::curves::short_weierstrass::non_zero_affine::correctness_test_2", + "change_type": "Added" + }, + { + "file": "src/groups/curves/short_weierstrass/non_zero_affine.rs", + "function": "groups::curves::short_weierstrass::non_zero_affine::soundness_test", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0074", + "package": "ammonia", + "title": "Incorrect handling of embedded SVG and MathML leads to mutation XSS", + "date": "2021-07-08", + "patched_versions": [ + ">= 3.1.0", + ">= 2.1.3, < 3.0.0" + ], + "commit_sha": "bcdf2d862675a37f4cace6c5258bb09aac0b9f85", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Builder::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Builder::check_expected_namespace", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Builder::is_svg_tag", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Builder::is_mathml_tag", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Builder::is_url_relative", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Builder::ns_svg", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "Builder::ns_mathml", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0072", + "package": "tokio", + "title": "Task dropped in wrong thread when aborting `LocalSet` task", + "date": "2021-07-07", + "patched_versions": [ + ">= 1.5.1, < 1.6.0", + ">= 1.6.3, < 1.7.0", + ">= 1.7.2, < 1.8.0", + ">= 1.8.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0145", + "package": "atty", + "title": "Potential unaligned read", + "date": "2021-07-04", + "patched_versions": [], + "commit_sha": "4a91c27fe236ee06b4c6106f7d3ef03fe58832dc", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "is", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "msys_tty_on", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "console_on_any", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "msys_tty_on", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0071", + "package": "grep-cli", + "title": "`grep-cli` may run arbitrary executables on Windows", + "date": "2021-06-12", + "patched_versions": [ + ">= 0.1.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0070", + "package": "nalgebra", + "title": "VecStorage Deserialize Allows Violation of Length Invariant", + "date": "2021-06-06", + "patched_versions": [ + ">= 0.27.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0095", + "package": "mopa", + "title": "`mopa` is technically unsound", + "date": "2021-06-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0069", + "package": "lettre", + "title": "SMTP command injection in body", + "date": "2021-05-22", + "patched_versions": [ + ">= 0.10.0-rc.3", + "< 0.10.0-alpha.1, >= 0.9.6" + ], + "commit_sha": "b0e2fc9bcac466d49fca8d25a6c6252811a29c6c", + "vulnerable_symbols": [ + { + "file": "src/transport/smtp/client/mod.rs", + "function": "transport::smtp::client::ClientCodec::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0146", + "package": "twoway", + "title": "Crate `twoway` deprecated by the author", + "date": "2021-05-20", + "patched_versions": [], + "commit_sha": "e99b3c718df1117ad7f54c33f6540c8f46cc17dd", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0068", + "package": "iced-x86", + "title": "Soundness issue in `iced-x86` versions <= 1.10.3", + "date": "2021-05-19", + "patched_versions": [ + "> 1.10.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0065", + "package": "anymap", + "title": "anymap is unmaintained.", + "date": "2021-05-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0064", + "package": "cpuid-bool", + "title": "`cpuid-bool` has been renamed to `cpufeatures`", + "date": "2021-05-06", + "patched_versions": [], + "commit_sha": "b2d97b23e721f509fa6004175f3ffdf40d9e7402", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0060", + "package": "aes-soft", + "title": "`aes-soft` has been merged into the `aes` crate", + "date": "2021-04-29", + "patched_versions": [], + "commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0059", + "package": "aesni", + "title": "`aesni` has been merged into the `aes` crate", + "date": "2021-04-29", + "patched_versions": [], + "commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0061", + "package": "aes-ctr", + "title": "`aes-ctr` has been merged into the `aes` crate", + "date": "2021-04-29", + "patched_versions": [], + "commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0054", + "package": "rkyv", + "title": "Archives may contain uninitialized memory", + "date": "2021-04-28", + "patched_versions": [ + ">= 0.6.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0113", + "package": "metrics-util", + "title": "AtomicBucket unconditionally implements Send/Sync", + "date": "2021-04-07", + "patched_versions": [ + ">= 0.7.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0136", + "package": "sass-rs", + "title": "`sass-rs` has been deprecated", + "date": "2021-04-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0041", + "package": "parse_duration", + "title": "Denial of service through parsing payloads with too big exponent", + "date": "2021-03-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0053", + "package": "algorithmica", + "title": "'merge_sort::merge()' crashes with double-free for `T: Drop`", + "date": "2021-03-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0038", + "package": "fltk", + "title": "Multiple memory safety issues", + "date": "2021-03-06", + "patched_versions": [ + ">= 0.15.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0037", + "package": "diesel", + "title": "Fix a use-after-free bug in diesels Sqlite backend", + "date": "2021-03-05", + "patched_versions": [ + ">= 1.4.6" + ], + "commit_sha": "ae72835078156a3ff3b5b17e2a235189ef892af7", + "vulnerable_symbols": [ + { + "file": "diesel/src/sqlite/connection/statement_iterator.rs", + "function": "diesel::sqlite::connection::statement_iterator::NamedStatementIterator::new", + "change_type": "Modified" + }, + { + "file": "diesel/src/sqlite/connection/statement_iterator.rs", + "function": "diesel::sqlite::connection::statement_iterator::NamedStatementIterator::populate_column_indices", + "change_type": "Added" + }, + { + "file": "diesel/src/sqlite/connection/stmt.rs", + "function": "diesel::sqlite::connection::stmt::Statement::field_name", + "change_type": "Deleted" + }, + { + "file": "diesel/src/sqlite/connection/stmt.rs", + "function": "diesel::sqlite::connection::stmt::Statement::field_name", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0035", + "package": "quinn", + "title": "`quinn` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2021-03-04", + "patched_versions": [ + "^0.5.4", + "^0.6.2", + ">= 0.7.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0036", + "package": "internment", + "title": "Intern: Data race allowed on T", + "date": "2021-03-03", + "patched_versions": [ + ">= 0.4.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0032", + "package": "byte_struct", + "title": "Deserializing an array can drop uninitialized memory on panic", + "date": "2021-03-01", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0062", + "package": "miscreant", + "title": "project abandoned; migrate to the `aes-siv` crate", + "date": "2021-02-28", + "patched_versions": [], + "commit_sha": "5d921f579e0c2b9960d472cf377b8487d97fbcec", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0052", + "package": "id-map", + "title": "Multiple functions can cause double-frees", + "date": "2021-02-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0050", + "package": "reorder", + "title": "swap_index can write out of bounds and return uninitialized memory", + "date": "2021-02-24", + "patched_versions": [ + ">= 1.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0033", + "package": "stack_dst", + "title": "push_cloned can drop uninitialized memory or double free on panic", + "date": "2021-02-22", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0047", + "package": "slice-deque", + "title": "SliceDeque::drain_filter can double drop an element if the predicate panics", + "date": "2021-02-19", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0028", + "package": "toodee", + "title": "Multiple memory safety issues in insert_row", + "date": "2021-02-19", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0048", + "package": "stackvector", + "title": "StackVec::extend can write out of bounds when size_hint is incorrect", + "date": "2021-02-19", + "patched_versions": [ + ">= 1.0.9" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0030", + "package": "scratchpad", + "title": "move_elements can double-free objects on panic", + "date": "2021-02-18", + "patched_versions": [ + ">= 1.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0049", + "package": "through", + "title": "`through` and `through_and` causes a double free if the map function panics", + "date": "2021-02-18", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0029", + "package": "truetype", + "title": "Tape::take_bytes exposes uninitialized memory to a user-provided Read", + "date": "2021-02-17", + "patched_versions": [ + ">= 0.30.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0112", + "package": "tectonic_xdv", + "title": "`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)", + "date": "2021-02-17", + "patched_versions": [ + ">= 0.1.12" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0043", + "package": "uu_od", + "title": "PartialReader passes uninitialized memory to user-provided Read", + "date": "2021-02-17", + "patched_versions": [ + ">= 0.0.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0046", + "package": "telemetry", + "title": "misc::vec_with_size() can drop uninitialized memory if clone panics", + "date": "2021-02-17", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0024", + "package": "safe-api", + "title": "crate has been renamed to `sn_api`", + "date": "2021-02-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0025", + "package": "jsonrpc-quic", + "title": "crate has been renamed to `qjsonrpc`", + "date": "2021-02-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0021", + "package": "nb-connect", + "title": "`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2021-02-14", + "patched_versions": [ + ">= 1.0.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0023", + "package": "rand_core", + "title": "Incorrect check on buffer length when seeding RNGs", + "date": "2021-02-12", + "patched_versions": [ + ">= 0.6.2" + ], + "commit_sha": "3a03c9eb5350e03a3f540dba2ee34e0984f2c2c2", + "vulnerable_symbols": [ + { + "file": "rand_core/src/le.rs", + "function": "rand_core::le::read_u32_into", + "change_type": "Modified" + }, + { + "file": "rand_core/src/le.rs", + "function": "rand_core::le::read_u64_into", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0044", + "package": "rocket", + "title": "Use after free possible in `uri::Formatter` on panic", + "date": "2021-02-09", + "patched_versions": [ + ">= 0.4.7" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0019", + "package": "xcb", + "title": "Multiple soundness issues", + "date": "2021-02-04", + "patched_versions": [ + ">= 1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0034", + "package": "office", + "title": "office is unmaintained, use calamine instead", + "date": "2021-02-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0018", + "package": "qwutils", + "title": "insert_slice_clone can double drop if Clone panics.", + "date": "2021-02-03", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0094", + "package": "rdiff", + "title": "Window can read out of bounds if Read instance returns more bytes than buffer size", + "date": "2021-02-03", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0051", + "package": "outer_cgi", + "title": "KeyValueReader passes uninitialized memory to Read instance", + "date": "2021-01-31", + "patched_versions": [ + ">= 0.2.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0031", + "package": "nano_arena", + "title": "split_at allows obtaining multiple mutable references to the same data", + "date": "2021-01-31", + "patched_versions": [ + ">= 0.5.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0017", + "package": "postscript", + "title": "`Read` on uninitialized buffer may cause UB (`impl Walue for Vec`)", + "date": "2021-01-30", + "patched_versions": [ + ">= 0.14.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0092", + "package": "messagepack-rs", + "title": "Deserialization functions pass uninitialized memory to user-provided Read", + "date": "2021-01-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0016", + "package": "ms3d", + "title": "`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB", + "date": "2021-01-26", + "patched_versions": [ + ">= 0.1.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0042", + "package": "insert_many", + "title": "insert_many can drop elements twice on panic", + "date": "2021-01-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0014", + "package": "marc", + "title": "Record::read : Custom `Read` on uninitialized buffer may cause UB", + "date": "2021-01-26", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0135", + "package": "tower-http", + "title": "Improper validation of Windows paths could lead to directory traversal attack", + "date": "2021-01-21", + "patched_versions": [ + ">= 0.2.1", + ">= 0.1.3, < 0.2.0" + ], + "commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef", + "vulnerable_symbols": [ + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::build_and_validate_path", + "change_type": "Modified" + }, + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::access_cjk_percent_encoded_uri_path", + "change_type": "Modified" + }, + { + "file": "tower-http/src/services/fs/serve_dir.rs", + "function": "tower_http::services::fs::serve_dir::ServeVariant::access_space_percent_encoded_uri_path", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0083", + "package": "derive-com-impl", + "title": "QueryInterface should call AddRef before returning pointer", + "date": "2021-01-20", + "patched_versions": [ + ">= 0.1.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0089", + "package": "raw-cpuid", + "title": "Optional `Deserialize` implementations lacking validation", + "date": "2021-01-20", + "patched_versions": [ + ">= 9.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0013", + "package": "raw-cpuid", + "title": "Soundness issues in `raw-cpuid`", + "date": "2021-01-20", + "patched_versions": [ + ">= 9.0.0" + ], + "commit_sha": "b33006702bd96c68a6828f21862f7923eee94f5d", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0152", + "package": "out-reference", + "title": "`out_reference::Out::from_raw` should be `unsafe`", + "date": "2021-01-20", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0004", + "package": "lazy-init", + "title": "Missing Send bound for Lazy", + "date": "2021-01-17", + "patched_versions": [ + "> 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0010", + "package": "containers", + "title": "panic safety: double drop may happen within `util::{mutate, mutate2}`", + "date": "2021-01-12", + "patched_versions": [ + ">= 0.9.11" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0040", + "package": "arenavec", + "title": "panic safety: double drop or uninitialized drop of T upon panic", + "date": "2021-01-12", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0045", + "package": "adtensor", + "title": "FromIterator implementation for Vector/Matrix can drop uninitialized memory", + "date": "2021-01-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0005", + "package": "glsl-layout", + "title": "Double drop upon panic in 'fn map_array()'", + "date": "2021-01-10", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": "4298b9de04c7b721d242f2169dbb6f155788c859", + "vulnerable_symbols": [ + { + "file": "src/array.rs", + "function": "array::map_array", + "change_type": "Deleted" + }, + { + "file": "src/array.rs", + "function": "array::map_array", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0009", + "package": "basic_dsp_matrix", + "title": "panic safety issue in `impl TransformContent for [S; (2|3|4)]`", + "date": "2021-01-10", + "patched_versions": [ + ">= 0.9.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0003", + "package": "smallvec", + "title": "Buffer overflow in SmallVec::insert_many", + "date": "2021-01-08", + "patched_versions": [ + ">= 0.6.14, < 1.0.0", + ">= 1.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0086", + "package": "flumedb", + "title": "`Read` on uninitialized buffer may cause UB ( `read_entry()` )", + "date": "2021-01-07", + "patched_versions": [ + ">=0.1.6" + ], + "commit_sha": "14b7440271c9d2316fab52c745e21087559364f6", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0007", + "package": "av-data", + "title": "`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`", + "date": "2021-01-07", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0090", + "package": "ash", + "title": "Reading on uninitialized memory may cause UB ( `util::read_spv()` )", + "date": "2021-01-07", + "patched_versions": [ + ">= 0.33.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0087", + "package": "columnar", + "title": "columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())", + "date": "2021-01-07", + "patched_versions": [ + ">= 0.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0091", + "package": "gfx-auxil", + "title": "Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )", + "date": "2021-01-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0015", + "package": "calamine", + "title": "`Sectors::get` accesses unclaimed/uninitialized memory", + "date": "2021-01-06", + "patched_versions": [ + ">= 0.17.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0088", + "package": "csv-sniffer", + "title": "`Read` on uninitialized memory may cause UB (fn preamble_skipcount())", + "date": "2021-01-05", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": "c7710414aa256c7cd33fb4530656f5ab38e306f7", + "vulnerable_symbols": [ + { + "file": "src/chain.rs", + "function": "chain::Chain::", + "change_type": "Modified" + }, + { + "file": "src/chain.rs", + "function": "chain::Chain::default", + "change_type": "Deleted" + }, + { + "file": "src/chain.rs", + "function": "chain::Chain::viterbi", + "change_type": "Modified" + }, + { + "file": "src/error.rs", + "function": "error::SnifferError::description", + "change_type": "Deleted" + }, + { + "file": "src/error.rs", + "function": "error::SnifferError::", + "change_type": "Modified" + }, + { + "file": "src/error.rs", + "function": "error::SnifferError::cause", + "change_type": "Deleted" + }, + { + "file": "src/error.rs", + "function": "error::SnifferError::cause", + "change_type": "Added" + }, + { + "file": "src/field_type.rs", + "function": "field_type::TypeGuesses::infer_types", + "change_type": "Modified" + }, + { + "file": "src/field_type.rs", + "function": "field_type::TypeGuesses::infer_record_types", + "change_type": "Modified" + }, + { + "file": "src/sample.rs", + "function": "sample::take_sample_from_start", + "change_type": "Deleted" + }, + { + "file": "src/sample.rs", + "function": "sample::take_sample_from_start", + "change_type": "Added" + }, + { + "file": "src/sample.rs", + "function": "sample::take_sample", + "change_type": "Deleted" + }, + { + "file": "src/sample.rs", + "function": "sample::SampleIter::take_sample_from_start", + "change_type": "Modified" + }, + { + "file": "src/sniffer.rs", + "function": "sniffer::Sniffer::get_sample_size", + "change_type": "Modified" + }, + { + "file": "src/sniffer.rs", + "function": "sniffer::Sniffer::quote_count", + "change_type": "Modified" + }, + { + "file": "src/snip.rs", + "function": "snip::preamble_skipcount", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0011", + "package": "fil-ocl", + "title": "EventList's From conversions can double drop on panic.", + "date": "2021-01-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0143", + "package": "kamadak-exif", + "title": "kamadak-exif DoS with untrusted PNG data", + "date": "2021-01-04", + "patched_versions": [ + ">= 0.5.3" + ], + "commit_sha": "1b05eab57e484cd7d576d4357b9cda7fdc57df8c", + "vulnerable_symbols": [ + { + "file": "src/util.rs", + "function": "util::T where T: io::BufRead::discard_exact", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::T where T: io::BufRead::discard_exact", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2021-0085", + "package": "binjs_io", + "title": "'Read' on uninitialized memory may cause UB", + "date": "2021-01-03", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0084", + "package": "bronzedb-protocol", + "title": "`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)", + "date": "2021-01-03", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0012", + "package": "cdr", + "title": "Reading uninitialized memory can cause UB (`Deserializer::read_vec`)", + "date": "2021-01-02", + "patched_versions": [ + ">= 0.2.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0008", + "package": "bra", + "title": "reading on uninitialized buffer can cause UB (`impl BufRead for GreedyAccessReader`)", + "date": "2021-01-02", + "patched_versions": [ + ">= 0.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2021-0006", + "package": "cache", + "title": "Exposes internally used raw pointer", + "date": "2021-01-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0132", + "package": "array-tools", + "title": "`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory", + "date": "2020-12-31", + "patched_versions": [ + ">= 0.3.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0103", + "package": "autorand", + "title": "`impl Random` on arrays can lead to dropping uninitialized memory", + "date": "2020-12-31", + "patched_versions": [ + ">= 0.2.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0153", + "package": "bite", + "title": "`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)", + "date": "2020-12-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0154", + "package": "buffoon", + "title": "InputStream::read_exact : `Read` on uninitialized buffer causes UB", + "date": "2020-12-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0155", + "package": "acc_reader", + "title": "`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`", + "date": "2020-12-27", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0143", + "package": "multiqueue", + "title": "Queues allow non-Send types to be sent to other threads, allowing data races", + "date": "2020-12-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0109", + "package": "stderr", + "title": "stderr is unmaintained; use eprintln instead", + "date": "2020-12-22", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0114", + "package": "va-ts", + "title": "`Demuxer` can carry non-Send types across thread boundaries", + "date": "2020-12-22", + "patched_versions": [ + ">= 0.0.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0101", + "package": "conquer-once", + "title": "conquer-once's OnceCell lacks Send bound for its Sync trait.", + "date": "2020-12-22", + "patched_versions": [ + ">= 0.3.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0105", + "package": "abi_stable", + "title": "Update unsound DrainFilter and RString::retain", + "date": "2020-12-21", + "patched_versions": [ + ">= 0.9.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0108", + "package": "eventio", + "title": "Soundness issue: Input can be misused to create data race to an object", + "date": "2020-12-20", + "patched_versions": [ + ">= 0.5.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0095", + "package": "difference", + "title": "difference is unmaintained", + "date": "2020-12-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0106", + "package": "multiqueue2", + "title": "Queues allow non-Send types to be sent to other threads, allowing data races", + "date": "2020-12-19", + "patched_versions": [ + ">= 0.1.7" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0127", + "package": "v9", + "title": "SyncRef's clone() and debug() allow data races", + "date": "2020-12-18", + "patched_versions": [ + ">= 0.1.43" + ], + "commit_sha": "18847c50e5d36561cc91c996c3539ddb1eacf6c7", + "vulnerable_symbols": [ + { + "file": "src/id.rs", + "function": "id::offset", + "change_type": "Modified" + }, + { + "file": "src/id.rs", + "function": "id::Sealed for::", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::new", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::new", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::get_mut", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::get_mut", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::as_cell", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::as_cell", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::as_cell_unsafe", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::SyncRef::as_cell_unsafe", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0112", + "package": "buttplug", + "title": "ButtplugFutureStateShared allows data race to (!Send|!Sync) objects", + "date": "2020-12-18", + "patched_versions": [ + ">= 1.0.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0152", + "package": "max7301", + "title": "ImmediateIO and TransactionalIO can cause data races", + "date": "2020-12-18", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0129", + "package": "kekbit", + "title": "ShmWriter allows sending non-Send type across threads", + "date": "2020-12-18", + "patched_versions": [ + ">= 0.3.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0098", + "package": "rusb", + "title": "UsbContext trait did not require implementers to be Send and Sync.", + "date": "2020-12-18", + "patched_versions": [ + ">= 0.7.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0150", + "package": "disrustor", + "title": "RingBuffer can create multiple mutable references and cause data races", + "date": "2020-12-17", + "patched_versions": [ + ">= 0.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0097", + "package": "xcb", + "title": "Soundness issue with base::Error", + "date": "2020-12-10", + "patched_versions": [ + ">= 1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0141", + "package": "noise_search", + "title": "MvccRwLock allows data races & aliasing violations", + "date": "2020-12-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0148", + "package": "cgc", + "title": "Multiple soundness issues in `Ptr`", + "date": "2020-12-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0091", + "package": "arc-swap", + "title": "Dangling reference in `access::Map` with Constant", + "date": "2020-12-10", + "patched_versions": [ + ">= 0.4.8, < 1.0.0-0", + ">= 1.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0118", + "package": "tiny_future", + "title": "Future lacks bounds on Send and Sync.", + "date": "2020-12-08", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0124", + "package": "async-coap", + "title": "ArcGuard's Send and Sync should have bounds on RC", + "date": "2020-12-08", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0104", + "package": "gfwx", + "title": "ImageChunkMut needs bounds on its Send and Sync traits", + "date": "2020-12-08", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0084", + "package": "safe_authenticator", + "title": "crate has been superseded by `sn_client`", + "date": "2020-12-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0085", + "package": "safe_vault", + "title": "crate has been renamed to `sn_node`", + "date": "2020-12-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0086", + "package": "safe_core", + "title": "crate has been renamed to `sn_client`", + "date": "2020-12-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0083", + "package": "safe_app", + "title": "crate has been superseded by `sn_client`", + "date": "2020-12-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0082", + "package": "ordered-float", + "title": "ordered_float:NotNan may contain NaN after panic in assignment operators", + "date": "2020-12-06", + "patched_versions": [ + "^1.1.1", + ">= 2.0.1" + ], + "commit_sha": "c55cda301c943270b7eb2b4765bedbcce56edb90", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "for NotNan::add_assign", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "for NotNan::sub_assign", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "for NotNan::mul_assign", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "for NotNan::div_assign", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "for NotNan::rem_assign", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0077", + "package": "memmap", + "title": "memmap is unmaintained", + "date": "2020-12-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0094", + "package": "reffers", + "title": "Unsound: can make `ARefss` contain a !Send, !Sync object.", + "date": "2020-12-01", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0088", + "package": "magnetic", + "title": "MPMCConsumer/Producer allows sending non-Send type across threads", + "date": "2020-11-29", + "patched_versions": [ + ">= 2.0.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0142", + "package": "syncpool", + "title": "Send bound needed on T (for Send impl of `Bucket2`)", + "date": "2020-11-29", + "patched_versions": [ + ">= 0.1.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0075", + "package": "branca", + "title": "Unexpected panic when decoding tokens", + "date": "2020-11-29", + "patched_versions": [ + ">= 0.10.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0074", + "package": "pyo3", + "title": "Reference counting error in `From>`", + "date": "2020-11-28", + "patched_versions": [ + ">= 0.12.4" + ], + "commit_sha": "1ee3961a0de6a74a4c5160c97a88696a2164025b", + "vulnerable_symbols": [ + { + "file": "src/instance.rs", + "function": "instance::for PyObject::", + "change_type": "Modified" + }, + { + "file": "src/instance.rs", + "function": "instance::for PyObject::from", + "change_type": "Modified" + }, + { + "file": "src/instance.rs", + "function": "instance::for PyObject::pyobject_from_py", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0117", + "package": "conqueue", + "title": "QueueSender/QueueReceiver: Send/Sync impls need `T: Send`", + "date": "2020-11-24", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0128", + "package": "cache", + "title": "Cache: Send/Sync impls needs trait bounds on `K`", + "date": "2020-11-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0125", + "package": "convec", + "title": "convec::ConVec unconditionally implements Send/Sync", + "date": "2020-11-24", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0071", + "package": "time", + "title": "Potential segfault in the time crate", + "date": "2020-11-18", + "patched_versions": [ + ">= 0.2.23" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0135", + "package": "slock", + "title": "Slock allows sending non-Send types across thread boundaries", + "date": "2020-11-17", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0119", + "package": "ticketed_lock", + "title": "ReadTicket and WriteTicket should only be sendable when T is Send", + "date": "2020-11-17", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0087", + "package": "try-mutex", + "title": "TryMutex allows sending non-Send type across threads", + "date": "2020-11-17", + "patched_versions": [ + ">= 0.3.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0151", + "package": "generator", + "title": "Generators can cause data races if non-Send types are used in their generator functions", + "date": "2020-11-16", + "patched_versions": [ + ">= 0.7.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0115", + "package": "ruspiro-singleton", + "title": "Singleton lacks bounds on Send and Sync.", + "date": "2020-11-16", + "patched_versions": [ + ">= 0.4.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0149", + "package": "appendix", + "title": "Data race and memory safety issue in `Index`", + "date": "2020-11-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0126", + "package": "signal-simple", + "title": "SyncChannel can move 'T: !Send' to other threads", + "date": "2020-11-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0136", + "package": "toolshed", + "title": "CopyCell lacks bounds on its Send trait allowing for data races", + "date": "2020-11-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0133", + "package": "scottqueue", + "title": "Queue should have a Send bound on its Send/Sync traits", + "date": "2020-11-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0116", + "package": "unicycle", + "title": "PinSlab and Unordered need bounds on their Send/Sync traits", + "date": "2020-11-15", + "patched_versions": [ + ">= 0.7.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0134", + "package": "parc", + "title": "`LockWeak` allows to create data race to `T`.", + "date": "2020-11-14", + "patched_versions": [], + "commit_sha": "5e43ee86e6a67153ff65da2051f6eb0a77f2c6b8", + "vulnerable_symbols": [ + { + "file": "parc/src/lib.rs", + "function": "parc::LockWeak::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0131", + "package": "rcu_cell", + "title": "Send/Sync bound needed on T for Send/Sync impl of RcuCell", + "date": "2020-11-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0092", + "package": "concread", + "title": "Send/Sync bound needed on V in `impl Send/Sync for ARCache`", + "date": "2020-11-13", + "patched_versions": [ + ">= 0.2.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0080", + "package": "miow", + "title": "`miow` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2020-11-13", + "patched_versions": [ + "^ 0.2.2", + ">= 0.3.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0073", + "package": "image", + "title": "Mutable reference with immutable provenance", + "date": "2020-11-12", + "patched_versions": [ + ">= 0.23.12" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0130", + "package": "bunch", + "title": "Bunch unconditionally implements Send/Sync", + "date": "2020-11-12", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0069", + "package": "lettre", + "title": "Argument injection in sendmail transport", + "date": "2020-11-11", + "patched_versions": [ + ">= 0.10.0-alpha.4", + "< 0.10.0-alpha.1, >= 0.9.5", + "< 0.9.0, >= 0.8.4", + "< 0.8.0, >= 0.7.1" + ], + "commit_sha": "4a9d4fbf7e0ab66041a53f19f8c64fb4d5baf4a1", + "vulnerable_symbols": [ + { + "file": "src/transport/sendmail/mod.rs", + "function": "transport::sendmail::SendmailTransport::command", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0140", + "package": "model", + "title": "`Shared` can cause a data race", + "date": "2020-11-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0107", + "package": "hashconsing", + "title": "hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.", + "date": "2020-11-10", + "patched_versions": [ + ">= 1.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0137", + "package": "lever", + "title": "AtomicBox lacks bound on its Send and Sync traits allowing data races", + "date": "2020-11-10", + "patched_versions": [ + ">= 0.1.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0102", + "package": "late-static", + "title": "LateStatic has incorrect Sync bound", + "date": "2020-11-10", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0121", + "package": "abox", + "title": "AtomicBox implements Send/Sync for any `T: Sized`", + "date": "2020-11-10", + "patched_versions": [ + ">= 0.4.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0120", + "package": "libsbc", + "title": "`Decoder` can carry `R: !Send` to other threads", + "date": "2020-11-10", + "patched_versions": [ + ">= 0.1.5" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0111", + "package": "may_queue", + "title": "may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.", + "date": "2020-11-10", + "patched_versions": [ + ">= 0.1.8" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0159", + "package": "chrono", + "title": "Potential segfault in `localtime_r` invocations", + "date": "2020-11-10", + "patched_versions": [ + ">=0.4.20" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0096", + "package": "im", + "title": "TreeFocus lacks bounds on its Send and Sync traits", + "date": "2020-11-09", + "patched_versions": [ + ">= 15.1.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0070", + "package": "lock_api", + "title": "Some lock_api lock guard objects can cause data races", + "date": "2020-11-08", + "patched_versions": [ + ">= 0.4.2" + ], + "commit_sha": "7de94f95f519d8281cb48457964065b463d26736", + "vulnerable_symbols": [ + { + "file": "lock_api/src/lib.rs", + "function": "lock_api::GuardNoSend::", + "change_type": "Modified" + }, + { + "file": "lock_api/src/mutex.rs", + "function": "lock_api::mutex::where::", + "change_type": "Modified" + }, + { + "file": "lock_api/src/rwlock.rs", + "function": "lock_api::rwlock::RwLockReadGuard::", + "change_type": "Modified" + }, + { + "file": "lock_api/src/rwlock.rs", + "function": "lock_api::rwlock::RwLockWriteGuard::", + "change_type": "Modified" + }, + { + "file": "lock_api/src/rwlock.rs", + "function": "lock_api::rwlock::where::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0068", + "package": "multihash", + "title": "Unexpected panic in multihash `from_slice` parsing code", + "date": "2020-11-08", + "patched_versions": [ + ">= 0.11.3" + ], + "commit_sha": "be17038714fc702ee96b7abbadb594095f9b0c88", + "vulnerable_symbols": [ + { + "file": "src/digests.rs", + "function": "digests::MultihashRefGeneric::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0078", + "package": "net2", + "title": "`net2` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2020-11-07", + "patched_versions": [ + ">= 0.2.36" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0079", + "package": "socket2", + "title": "`socket2` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2020-11-06", + "patched_versions": [ + ">= 0.3.16" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0163", + "package": "term_size", + "title": "`term_size` is unmaintained; use `terminal_size` instead", + "date": "2020-11-03", + "patched_versions": [], + "commit_sha": "5889fdc589d267182cc946faa24e0e3166a70000", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0064", + "package": "ffi_utils", + "title": "crate has been renamed to `sn_ffi_utils`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0145", + "package": "heapless", + "title": "Use-after-free when cloning a partially consumed `Vec` iterator", + "date": "2020-11-02", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0065", + "package": "fake_clock", + "title": "crate has been renamed to `sn_fake_clock`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0067", + "package": "quic-p2p", + "title": "crate has been renamed to `qp2p`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0076", + "package": "routing", + "title": "crate has been renamed to `sn_routing`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0063", + "package": "safe-nd", + "title": "crate has been renamed to `safe-nd`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": "ab73c1a9e325b5bb3230aaea294fc7f9a75f37d3", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0081", + "package": "mio", + "title": "`mio` invalidly assumes the memory layout of std::net::SocketAddr", + "date": "2020-11-02", + "patched_versions": [ + ">= 0.7.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0066", + "package": "safe_bindgen", + "title": "crate has been renamed to `sn_bindgen`", + "date": "2020-11-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0072", + "package": "futures-intrusive", + "title": "GenericMutexGuard allows data races of non-Sync types across threads", + "date": "2020-10-31", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0113", + "package": "atomic-option", + "title": "AtomicOption should have Send + Sync bound on its type argument.", + "date": "2020-10-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0122", + "package": "beef", + "title": "beef::Cow lacks a Sync bound on its Send trait allowing for data races", + "date": "2020-10-28", + "patched_versions": [ + ">= 0.5.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0059", + "package": "futures-util", + "title": "MutexGuard::map can cause a data race in safe code", + "date": "2020-10-22", + "patched_versions": [ + ">= 0.3.7" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0058", + "package": "stream-cipher", + "title": "crate has been renamed to `cipher`", + "date": "2020-10-15", + "patched_versions": [], + "commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4", + "vulnerable_symbols": [ + { + "file": "cipher/src/stream.rs", + "function": "cipher::stream::SyncStreamCipher for::", + "change_type": "Modified" + }, + { + "file": "cipher/src/stream.rs", + "function": "cipher::stream::C::", + "change_type": "Modified" + }, + { + "file": "crypto-mac/src/lib.rs", + "function": "crypto_mac::Output::", + "change_type": "Modified" + }, + { + "file": "crypto-mac/src/lib.rs", + "function": "crypto_mac::Output::from_cipher", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0057", + "package": "block-cipher", + "title": "crate has been renamed to `cipher`", + "date": "2020-10-15", + "patched_versions": [], + "commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4", + "vulnerable_symbols": [ + { + "file": "cipher/src/stream.rs", + "function": "cipher::stream::SyncStreamCipher for::", + "change_type": "Modified" + }, + { + "file": "cipher/src/stream.rs", + "function": "cipher::stream::C::", + "change_type": "Modified" + }, + { + "file": "crypto-mac/src/lib.rs", + "function": "crypto_mac::Output::", + "change_type": "Modified" + }, + { + "file": "crypto-mac/src/lib.rs", + "function": "crypto_mac::Output::from_cipher", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0051", + "package": "rustsec", + "title": "Obsolete versions of the `rustsec` crate do not support the new V3 advisory format", + "date": "2020-10-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0050", + "package": "dync", + "title": "VecCopy allows misaligned access to elements", + "date": "2020-09-27", + "patched_versions": [ + ">= 0.5.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0047", + "package": "array-queue", + "title": "array_queue pop_back() may cause a use-after-free", + "date": "2020-09-26", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0043", + "package": "ws", + "title": "Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory", + "date": "2020-09-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0042", + "package": "stack", + "title": "Missing check in ArrayVec leads to out-of-bounds write.", + "date": "2020-09-24", + "patched_versions": [ + ">= 0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0044", + "package": "atom", + "title": "Unsafe Send implementation in Atom allows data races", + "date": "2020-09-21", + "patched_versions": [ + ">= 0.3.6" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0041", + "package": "sized-chunks", + "title": "Multiple soundness issues in Chunk and InlineArray", + "date": "2020-09-06", + "patched_versions": [ + ">= 0.6.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0166", + "package": "personnummer", + "title": "personnummer Input validation error", + "date": "2020-09-04", + "patched_versions": [ + ">= 3.0.1" + ], + "commit_sha": "11c3b0491b70449fb790056585ad3251b0e23acb", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Personnummer::", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Personnummer::test_valid_date_invalid_digits", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0060", + "package": "futures-task", + "title": "futures_task::waker may cause a use-after-free if used on a type that isn't 'static", + "date": "2020-09-04", + "patched_versions": [ + ">= 0.3.6" + ], + "commit_sha": "4d54611f93cecab7fb6072db436064e92fefb5e2", + "vulnerable_symbols": [ + { + "file": "futures-task/src/waker.rs", + "function": "futures_task::waker::waker", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0039", + "package": "simple-slab", + "title": "`index()` allows out-of-bound read and `remove()` has off-by-one error", + "date": "2020-09-03", + "patched_versions": [ + ">= 0.3.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0038", + "package": "ordnung", + "title": "Memory safety issues in `compact::Vec`", + "date": "2020-09-03", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0040", + "package": "obstack", + "title": "Obstack generates unaligned references", + "date": "2020-09-03", + "patched_versions": [ + ">= 0.1.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0037", + "package": "crayon", + "title": "Misbehaving `HandleLike` implementation can lead to memory safety violation", + "date": "2020-08-31", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0164", + "package": "cell-project", + "title": "`cell-project` used incorrect variance when projecting through `&Cell`", + "date": "2020-08-27", + "patched_versions": [ + ">= 0.1.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0034", + "package": "arr", + "title": "Multiple security issues including data race, buffer overflow, and uninitialized memory drop", + "date": "2020-08-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0035", + "package": "chunky", + "title": "Chunk API does not respect align requirement", + "date": "2020-08-25", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0032", + "package": "alpm-rs", + "title": "StrcCtx deallocates a memory region that it doesn't own", + "date": "2020-08-20", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0030", + "package": "mozwire", + "title": "Missing sanitization in mozwire allows local file overwrite of files ending in .conf", + "date": "2020-08-18", + "patched_versions": [ + "> 0.4.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0168", + "package": "mach", + "title": "mach is unmaintained", + "date": "2020-07-14", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0165", + "package": "mozjpeg", + "title": "mozjpeg DecompressScanlines::read_scanlines is Unsound", + "date": "2020-07-04", + "patched_versions": [ + ">= 0.8.19" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0052", + "package": "crossbeam-channel", + "title": "Undefined Behavior in bounded channel", + "date": "2020-06-26", + "patched_versions": [ + ">= 0.4.4" + ], + "commit_sha": "772b4f34eb574ab6ae058bd068545dc739196f6b", + "vulnerable_symbols": [ + { + "file": "crossbeam-channel/src/flavors/array.rs", + "function": "crossbeam_channel::flavors::array::Channel::", + "change_type": "Modified" + }, + { + "file": "crossbeam-queue/src/array_queue.rs", + "function": "crossbeam_queue::array_queue::ArrayQueue::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0026", + "package": "linked-hash-map", + "title": "linked-hash-map creates uninitialized NonNull pointer", + "date": "2020-06-23", + "patched_versions": [ + ">= 0.5.3" + ], + "commit_sha": "4f681be6f3b1b2c7d67647ce3abbe48470e20855", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "LinkedHashMap::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0167", + "package": "pnet_packet", + "title": "`pnet_packet` buffer overrun in `set_payload` setters", + "date": "2020-06-19", + "patched_versions": [ + ">= 0.27.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0031", + "package": "tiny_http", + "title": "HTTP Request smuggling through malformed Transfer Encoding headers", + "date": "2020-06-16", + "patched_versions": [ + ">= 0.8.0", + "^0.6.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0029", + "package": "rgb", + "title": "Allows viewing and modifying arbitrary structs as bytes", + "date": "2020-06-14", + "patched_versions": [ + ">= 0.8.20" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0027", + "package": "traitobject", + "title": "traitobject assumes the layout of fat pointers", + "date": "2020-06-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0100", + "package": "sys-info", + "title": "Double free when calling `sys_info::disk_info` from multiple threads", + "date": "2020-05-31", + "patched_versions": [ + ">= 0.8.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0017", + "package": "internment", + "title": "Use after free in ArcIntern::drop", + "date": "2020-05-28", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0028", + "package": "rocket", + "title": "`LocalRequest::clone` creates multiple mutable references to the same object", + "date": "2020-05-27", + "patched_versions": [ + ">= 0.4.5" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0018", + "package": "block-cipher-trait", + "title": "crate has been renamed to `block-cipher`", + "date": "2020-05-26", + "patched_versions": [], + "commit_sha": "0af45181b907d66c93a1b1eaf43f36ceef040f8b", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0019", + "package": "tokio-rustls", + "title": "tokio-rustls reads may cause excessive memory usage", + "date": "2020-05-19", + "patched_versions": [ + ">= 0.12.3, < 0.13.0", + ">= 0.13.1" + ], + "commit_sha": "3be701cefb573341db74254f137a4d54aefa44ce", + "vulnerable_symbols": [ + { + "file": "tokio-rustls/src/common/mod.rs", + "function": "tokio_rustls::common::Stream::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0021", + "package": "rio", + "title": "rio allows a use-after-free buffer access when a future is leaked", + "date": "2020-05-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0025", + "package": "bigint", + "title": "bigint is unmaintained, use uint instead", + "date": "2020-05-07", + "patched_versions": [], + "commit_sha": "7e71521a61b009afc94c91135353102658550d42", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0056", + "package": "stdweb", + "title": "stdweb is unmaintained", + "date": "2020-05-04", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0061", + "package": "futures-task", + "title": "futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer", + "date": "2020-05-03", + "patched_versions": [ + ">= 0.3.5" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0036", + "package": "failure", + "title": "failure is officially deprecated/unmaintained", + "date": "2020-05-02", + "patched_versions": [], + "commit_sha": "135e2a3b9af422d9a9dc37ce7c69354c9b36e94b", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0016", + "package": "net2", + "title": "`net2` crate has been deprecated; use `socket2` instead", + "date": "2020-05-01", + "patched_versions": [], + "commit_sha": "3350e3819adf151709047e93f25583a5df681091", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0012", + "package": "os_str_bytes", + "title": "Relies on undefined behavior of `char::from_u32_unchecked`", + "date": "2020-04-24", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": "2a5a2053bfabdb3ac1aa78e6d2cefc5c2c941984", + "vulnerable_symbols": [ + { + "file": "src/windows/mod.rs", + "function": "windows::decode_utf16", + "change_type": "Deleted" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::len_wtf8", + "change_type": "Added" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::encode_wtf8", + "change_type": "Added" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::encode_wide", + "change_type": "Added" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::wide_to_wtf8", + "change_type": "Added" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::encode_utf16", + "change_type": "Deleted" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::wtf8_to_wide", + "change_type": "Added" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::OsStr::to_bytes", + "change_type": "Modified" + }, + { + "file": "src/windows/mod.rs", + "function": "windows::OsString::to_bytes", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0009", + "package": "flatbuffers", + "title": "`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks", + "date": "2020-04-11", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0146", + "package": "generic-array", + "title": "arr! macro erases lifetimes", + "date": "2020-04-09", + "patched_versions": [ + ">= 0.8.4, < 0.9.0", + ">= 0.9.1, < 0.10.0", + ">= 0.10.1, < 0.11.0", + ">= 0.11.2, < 0.12.0", + ">= 0.12.4, < 0.13.0", + ">= 0.13.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0007", + "package": "bitvec", + "title": "use-after or double free of allocated memory", + "date": "2020-03-27", + "patched_versions": [ + ">= 0.17.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0006", + "package": "bumpalo", + "title": "Flaw in `realloc` allows reading unknown memory", + "date": "2020-03-24", + "patched_versions": [ + ">= 3.2.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0008", + "package": "hyper", + "title": "Flaw in hyper allows request smuggling by sending a body in GET requests", + "date": "2020-03-19", + "patched_versions": [ + ">= 0.12.34" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0005", + "package": "cbox", + "title": "CBox API allows to de-reference raw pointers without `unsafe` code", + "date": "2020-03-19", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0010", + "package": "tiberius", + "title": "tiberius is unmaintained", + "date": "2020-02-28", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0147", + "package": "rulinalg", + "title": "rulinalg is unmaintained, use nalgebra instead", + "date": "2020-02-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0023", + "package": "rulinalg", + "title": "Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect", + "date": "2020-02-11", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0144", + "package": "lzw", + "title": "lzw is unmaintained", + "date": "2020-02-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0158", + "package": "slice-deque", + "title": "slice-deque is unmaintained", + "date": "2020-02-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0169", + "package": "multi_mut", + "title": "multi_mut is Unmaintained", + "date": "2020-02-07", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0162", + "package": "tokio-proto", + "title": "`tokio-proto` is deprecated/unmaintained", + "date": "2020-02-06", + "patched_versions": [], + "commit_sha": "56c720ea3c74efa8f39e36c24e609628222b16a1", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0049", + "package": "actix-codec", + "title": "Use-after-free in Framed due to lack of pinning", + "date": "2020-01-30", + "patched_versions": [ + ">= 0.3.0-beta.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0004", + "package": "lucet-runtime-internals", + "title": "sigstack allocation bug can cause memory corruption or leak", + "date": "2020-01-24", + "patched_versions": [ + "< 0.5.0, >= 0.4.3", + ">= 0.5.1" + ], + "commit_sha": "a88bb29c27c9ab834726eaf0d35e3a6cf4bc1d68", + "vulnerable_symbols": [ + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Alloc::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::AddrLocation::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::AddrLocation::is_fault_fatal", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Alloc::addr_in_guard_page", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Alloc::addr_location", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Alloc::sigstack_mut", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Alloc::mem_in_heap", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Limits::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Limits::default", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs", + "function": "lucet_runtime_internals::alloc::Limits::default", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/c_api.rs", + "function": "lucet_runtime_internals::c_api::From::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/instance/signals.rs", + "function": "lucet_runtime_internals::instance::signals::Instance::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/instance/signals.rs", + "function": "lucet_runtime_internals::instance::signals::Instance::handle_signal", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs", + "function": "lucet_runtime_internals::region::mmap::MmapRegion::", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs", + "function": "lucet_runtime_internals::region::mmap::MmapRegion::create", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::hit_sigstack_guard_page", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::lucet_vmctx_get_globals", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::mock_traps_module", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::fatal_abort", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::handler", + "change_type": "Modified" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::hit_sigstack_guard_page", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/guest_fault.rs", + "function": "lucet_runtime_tests::guest_fault::handler", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::mock_timeout_module", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::onetwothree", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::infinite_loop", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::do_nothing", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::run_slow_hostcall", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::slow_hostcall", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::run_yielding_hostcall", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::yielding_hostcall", + "change_type": "Deleted" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::mock_timeout_module", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::onetwothree", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::infinite_loop", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::do_nothing", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::run_slow_hostcall", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::slow_hostcall", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::run_yielding_hostcall", + "change_type": "Added" + }, + { + "file": "lucet-runtime/lucet-runtime-tests/src/timeout.rs", + "function": "lucet_runtime_tests::timeout::yielding_hostcall", + "change_type": "Added" + }, + { + "file": "lucet-wasi/src/main.rs", + "function": "lucet_wasi::main::main", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0062", + "package": "futures-util", + "title": "Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption", + "date": "2020-01-24", + "patched_versions": [ + ">= 0.3.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0048", + "package": "actix-http", + "title": "Use-after-free in BodyStream due to lack of pinning", + "date": "2020-01-24", + "patched_versions": [ + ">= 2.0.0-alpha.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0123", + "package": "libp2p-deflate", + "title": "Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation", + "date": "2020-01-24", + "patched_versions": [ + ">= 0.27.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0160", + "package": "shamir", + "title": "Threshold value is ignored (all shares are n=3)", + "date": "2020-01-21", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0003", + "package": "rust_sodium", + "title": "rust_sodium is unmaintained; switch to a modern alternative", + "date": "2020-01-20", + "patched_versions": [], + "commit_sha": "62ee6de8dfdd8890283f4170056b0eb3fcf184fc", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0002", + "package": "prost", + "title": "Parsing a specially crafted message can result in a stack overflow", + "date": "2020-01-16", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0046", + "package": "actix-service", + "title": "bespoke Cell implementation allows obtaining several mutable references to the same data", + "date": "2020-01-08", + "patched_versions": [ + ">= 1.0.6" + ], + "commit_sha": "a67e38b4a07c92a3c81fa833f9eb1e91e74e39b7", + "vulnerable_symbols": [ + { + "file": "actix-service/src/and_then.rs", + "function": "actix_service::and_then::AndThenService::", + "change_type": "Modified" + }, + { + "file": "actix-service/src/and_then.rs", + "function": "actix_service::and_then::AndThenService::poll_ready", + "change_type": "Modified" + }, + { + "file": "actix-service/src/and_then.rs", + "function": "actix_service::and_then::AndThenService::call", + "change_type": "Modified" + }, + { + "file": "actix-service/src/and_then_apply_fn.rs", + "function": "actix_service::and_then_apply_fn::new", + "change_type": "Modified" + }, + { + "file": "actix-service/src/and_then_apply_fn.rs", + "function": "actix_service::and_then_apply_fn::poll_ready", + "change_type": "Modified" + }, + { + "file": "actix-service/src/and_then_apply_fn.rs", + "function": "actix_service::and_then_apply_fn::call", + "change_type": "Modified" + }, + { + "file": "actix-service/src/apply_cfg.rs", + "function": "actix_service::apply_cfg::new_service", + "change_type": "Modified" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::", + "change_type": "Modified" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::clone", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::fmt", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::new", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::get_ref", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::get_mut", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::get_mut_unsafe", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::poll_ready", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/cell.rs", + "function": "actix_service::cell::Cell::call", + "change_type": "Deleted" + }, + { + "file": "actix-service/src/then.rs", + "function": "actix_service::then::ThenService::", + "change_type": "Modified" + }, + { + "file": "actix-service/src/then.rs", + "function": "actix_service::then::ThenService::poll_ready", + "change_type": "Modified" + }, + { + "file": "actix-service/src/then.rs", + "function": "actix_service::then::ThenService::call", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2020-0045", + "package": "actix-utils", + "title": "bespoke Cell implementation allows obtaining several mutable references to the same data", + "date": "2020-01-08", + "patched_versions": [ + ">= 2.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2020-0001", + "package": "trust-dns-server", + "title": "Stack overflow when resolving additional records from MX or SRV null targets", + "date": "2020-01-06", + "patched_versions": [ + ">= 0.18.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0031", + "package": "spin", + "title": "spin is no longer actively maintained", + "date": "2019-11-21", + "patched_versions": [], + "commit_sha": "7516c8037d3d15712ba4d8499ab075e97a19d778", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0033", + "package": "http", + "title": "Integer Overflow in HeaderMap::reserve() can cause Denial of Service", + "date": "2019-11-16", + "patched_versions": [ + ">= 0.1.20" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0036", + "package": "failure", + "title": "Type confusion if __private_get_type_id__ is overridden", + "date": "2019-11-13", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0029", + "package": "chacha20", + "title": "ChaCha20 counter overflow can expose repetitions in the keystream", + "date": "2019-10-22", + "patched_versions": [ + ">= 0.2.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0028", + "package": "flatbuffers", + "title": "Unsound `impl Follow for bool`", + "date": "2019-10-20", + "patched_versions": [ + ">= 0.6.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0026", + "package": "sodiumoxide", + "title": "generichash::Digest::eq always return true", + "date": "2019-10-11", + "patched_versions": [ + ">= 0.2.5" + ], + "commit_sha": "fae052b834b097ced9a89a8fff8466e18f383070", + "vulnerable_symbols": [ + { + "file": "src/crypto/generichash/digest.rs", + "function": "crypto::generichash::digest::Digest::", + "change_type": "Modified" + }, + { + "file": "src/crypto/generichash/mod.rs", + "function": "crypto::generichash::test_digest_equality", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2019-0024", + "package": "rustsec-example-crate", + "title": "Test advisory with associated example crate", + "date": "2019-10-08", + "patched_versions": [ + ">= 1.0.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0030", + "package": "streebog", + "title": "Incorrect implementation of the Streebog hash functions", + "date": "2019-10-06", + "patched_versions": [ + ">= 0.8.0" + ], + "commit_sha": "9695573914ad96f234ecabf9ecee2dbb3a6a36ed", + "vulnerable_symbols": [ + { + "file": "streebog/src/streebog.rs", + "function": "streebog::streebog::StreebogState::update_sigma", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2019-0022", + "package": "portaudio-rs", + "title": "Stream callback function is not unwind safe", + "date": "2019-09-14", + "patched_versions": [ + "> 0.3.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0021", + "package": "linea", + "title": "`Matrix::zip_elements` causes double free", + "date": "2019-09-14", + "patched_versions": [ + "> 0.9.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0020", + "package": "generator", + "title": "fix unsound APIs that could lead to UB", + "date": "2019-09-06", + "patched_versions": [ + ">= 0.6.18" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0018", + "package": "renderdoc", + "title": "Internally mutating methods take immutable ref self", + "date": "2019-09-02", + "patched_versions": [ + ">= 0.5.0" + ], + "commit_sha": "22351fe532cf480e26a7ad8717d86a023da8f1d6", + "vulnerable_symbols": [ + { + "file": "src/api.rs", + "function": "api::trigger_multi_frame_capture", + "change_type": "Deleted" + }, + { + "file": "src/api.rs", + "function": "api::trigger_multi_frame_capture", + "change_type": "Added" + }, + { + "file": "src/api.rs", + "function": "api::set_capture_file_comments", + "change_type": "Deleted" + }, + { + "file": "src/api.rs", + "function": "api::set_capture_file_comments", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2019-0016", + "package": "chttp", + "title": "Use-after-free in buffer conversion implementation", + "date": "2019-09-01", + "patched_versions": [ + ">= 0.1.3" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0017", + "package": "once_cell", + "title": "Panic during initialization of Lazy might trigger undefined behavior", + "date": "2019-09-01", + "patched_versions": [ + ">= 1.0.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0013", + "package": "spin", + "title": "Wrong memory orderings in RwLock potentially violates mutual exclusion", + "date": "2019-08-27", + "patched_versions": [ + ">= 0.5.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0019", + "package": "blake2", + "title": "HMAC-BLAKE2 algorithms compute incorrect results", + "date": "2019-08-25", + "patched_versions": [ + ">= 0.8.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0023", + "package": "string-interner", + "title": "Cloned interners may read already dropped strings", + "date": "2019-08-24", + "patched_versions": [ + "^0.6.4", + ">= 0.7.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0014", + "package": "image", + "title": "Flaw in interface may drop uninitialized instance of arbitrary types", + "date": "2019-08-21", + "patched_versions": [ + ">= 0.21.3" + ], + "commit_sha": "214e6467a1e32e690f08f0b34dea540625b6724c", + "vulnerable_symbols": [ + { + "file": "src/hdr/decoder.rs", + "function": "hdr::decoder::HDRDecoder::read_image_transform", + "change_type": "Modified" + }, + { + "file": "src/hdr/decoder.rs", + "function": "hdr::decoder::HDRDecoder::read_image_ldr", + "change_type": "Modified" + }, + { + "file": "src/hdr/decoder.rs", + "function": "hdr::decoder::HDRDecoder::read_image_hdr", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2019-0012", + "package": "smallvec", + "title": "Memory corruption in SmallVec::grow()", + "date": "2019-07-19", + "patched_versions": [ + ">= 0.6.10" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0011", + "package": "memoffset", + "title": "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code", + "date": "2019-07-16", + "patched_versions": [ + ">= 0.5.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0010", + "package": "libflate", + "title": "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code", + "date": "2019-07-04", + "patched_versions": [ + ">= 0.1.25" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0008", + "package": "simd-json", + "title": "Flaw in string parsing can lead to crashes due to invalid memory access.", + "date": "2019-06-24", + "patched_versions": [ + ">= 0.1.15" + ], + "commit_sha": "32fcd779cf20f14902b3dd11ced83d9611fb821f", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "Deserializer::parse_short_str_", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "Deserializer::parse_str_", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2019-0040", + "package": "boxfnonce", + "title": "`boxfnonce` obsolete with release of Rust 1.35.0", + "date": "2019-06-20", + "patched_versions": [], + "commit_sha": "058ac7e1a7d732076da9d8a37baa66bcb67758d8", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0005", + "package": "pancurses", + "title": "Format string vulnerabilities in `pancurses`", + "date": "2019-06-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0006", + "package": "ncurses", + "title": "Buffer overflow and format vulnerabilities in functions exposed without unsafe", + "date": "2019-06-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0007", + "package": "asn1_der", + "title": "Processing of maliciously crafted length fields causes memory allocation SIGABRTs", + "date": "2019-06-13", + "patched_versions": [ + ">= 0.6.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0037", + "package": "pnet", + "title": "Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT", + "date": "2019-06-11", + "patched_versions": [ + ">= 0.27.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0003", + "package": "protobuf", + "title": "Out of Memory in stream::read_raw_bytes_into()", + "date": "2019-06-08", + "patched_versions": [ + "^1.7.5", + ">= 2.6.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0009", + "package": "smallvec", + "title": "Double-free and use-after-free in SmallVec::grow()", + "date": "2019-06-06", + "patched_versions": [ + ">= 0.6.10" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0015", + "package": "compact_arena", + "title": "Flaw in generativity allows out-of-bounds access", + "date": "2019-05-21", + "patched_versions": [ + ">= 0.4.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0002", + "package": "slice-deque", + "title": "Bug in SliceDeque::move_head_unchecked corrupts its memory", + "date": "2019-05-07", + "patched_versions": [ + ">= 0.2.0" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0039", + "package": "typemap", + "title": "typemap is Unmaintained", + "date": "2019-04-06", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2019-0038", + "package": "libpulse-binding", + "title": "Fix for UB in failure to catch panics crossing FFI boundaries", + "date": "2019-03-10", + "patched_versions": [ + ">= 2.6.0" + ], + "commit_sha": "7fd282aef7787577c385aed88cb25d004b85f494", + "vulnerable_symbols": [ + { + "file": "pulse-binding/src/context/ext_device_manager.rs", + "function": "pulse_binding::context::ext_device_manager::read_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/ext_device_restore.rs", + "function": "pulse_binding::context::ext_device_restore::ext_subscribe_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/ext_device_restore.rs", + "function": "pulse_binding::context::ext_device_restore::read_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/ext_stream_restore.rs", + "function": "pulse_binding::context::ext_stream_restore::read_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_sink_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_source_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_server_info_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::mod_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::context_index_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_client_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_card_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_sink_input_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::get_source_output_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::Introspector::get_stat_info_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/introspect.rs", + "function": "pulse_binding::context::introspect::Introspector::get_sample_info_list_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::success_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::notify_cb_proxy_single", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::notify_cb_proxy_multi", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::event_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::ext_test_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/mod.rs", + "function": "pulse_binding::context::Context::ext_subscribe_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/scache.rs", + "function": "pulse_binding::context::scache::Context::play_sample_success_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/context/subscribe.rs", + "function": "pulse_binding::context::subscribe::Context::cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/mainloop/api.rs", + "function": "pulse_binding::mainloop::api::for::once_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/mainloop/events/deferred.rs", + "function": "pulse_binding::mainloop::events::deferred::DeferEvent::event_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/mainloop/events/io.rs", + "function": "pulse_binding::mainloop::events::io::event_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/mainloop/events/timer.rs", + "function": "pulse_binding::mainloop::events::timer::event_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/mainloop/signal.rs", + "function": "pulse_binding::mainloop::signal::signal_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/operation.rs", + "function": "pulse_binding::operation::Operation::notify_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/stream.rs", + "function": "pulse_binding::stream::Stream::success_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/stream.rs", + "function": "pulse_binding::stream::Stream::request_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/stream.rs", + "function": "pulse_binding::stream::Stream::notify_cb_proxy", + "change_type": "Modified" + }, + { + "file": "pulse-binding/src/stream.rs", + "function": "pulse_binding::stream::Stream::event_cb_proxy", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0012", + "package": "orion", + "title": "Flaw in streaming state reset() functions can create incorrect results.", + "date": "2018-12-20", + "patched_versions": [ + ">= 0.11.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0011", + "package": "arrayfire", + "title": "Enum repr causing potential memory corruption", + "date": "2018-12-18", + "patched_versions": [ + ">= 3.6.0" + ], + "commit_sha": "a5256f3e5e23b83eaad69699e0b04653aba04fb8", + "vulnerable_symbols": [ + { + "file": "src/algorithm/mod.rs", + "function": "algorithm::af_scan", + "change_type": "Deleted" + }, + { + "file": "src/algorithm/mod.rs", + "function": "algorithm::af_scan", + "change_type": "Added" + }, + { + "file": "src/algorithm/mod.rs", + "function": "algorithm::af_scan_by_key", + "change_type": "Modified" + }, + { + "file": "src/algorithm/mod.rs", + "function": "algorithm::scan", + "change_type": "Modified" + }, + { + "file": "src/algorithm/mod.rs", + "function": "algorithm::scan_by_key", + "change_type": "Modified" + }, + { + "file": "src/array.rs", + "function": "array::af_create_array", + "change_type": "Modified" + }, + { + "file": "src/array.rs", + "function": "array::af_create_handle", + "change_type": "Deleted" + }, + { + "file": "src/array.rs", + "function": "array::af_create_handle", + "change_type": "Added" + }, + { + "file": "src/array.rs", + "function": "array::af_get_type", + "change_type": "Deleted" + }, + { + "file": "src/array.rs", + "function": "array::af_get_type", + "change_type": "Added" + }, + { + "file": "src/array.rs", + "function": "array::af_cast", + "change_type": "Deleted" + }, + { + "file": "src/array.rs", + "function": "array::af_cast", + "change_type": "Added" + }, + { + "file": "src/array.rs", + "function": "array::af_get_backend_id", + "change_type": "Deleted" + }, + { + "file": "src/array.rs", + "function": "array::af_get_backend_id", + "change_type": "Added" + }, + { + "file": "src/array.rs", + "function": "array::af_create_strided_array", + "change_type": "Modified" + }, + { + "file": "src/array.rs", + "function": "array::where T: HasAfEnum::af_get_strides", + "change_type": "Modified" + }, + { + "file": "src/array.rs", + "function": "array::where T: HasAfEnum::get_backend", + "change_type": "Modified" + }, + { + "file": "src/array.rs", + "function": "array::where T: HasAfEnum::get_type", + "change_type": "Modified" + }, + { + "file": "src/data/mod.rs", + "function": "data::af_range", + "change_type": "Modified" + }, + { + "file": "src/data/mod.rs", + "function": "data::af_iota", + "change_type": "Modified" + }, + { + "file": "src/data/mod.rs", + "function": "data::af_identity", + "change_type": "Deleted" + }, + { + "file": "src/data/mod.rs", + "function": "data::af_identity", + "change_type": "Added" + }, + { + "file": "src/data/mod.rs", + "function": "data::range", + "change_type": "Modified" + }, + { + "file": "src/data/mod.rs", + "function": "data::iota", + "change_type": "Modified" + }, + { + "file": "src/data/mod.rs", + "function": "data::identity", + "change_type": "Modified" + }, + { + "file": "src/defines.rs", + "function": "defines::AfError::", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_cast", + "change_type": "Deleted" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_cast", + "change_type": "Added" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_resize", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_transform", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_rotate", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_translate", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_scale", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_skew", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_regions", + "change_type": "Deleted" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_regions", + "change_type": "Added" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_medfilt", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_medfilt1", + "change_type": "Deleted" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_medfilt1", + "change_type": "Added" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_minfilt", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_maxfilt", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::af_color_space", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::load_image", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::load_image_native", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::resize", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::transform", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::rotate", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::translate", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::scale", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::skew", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::color_space", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::regions", + "change_type": "Modified" + }, + { + "file": "src/image/mod.rs", + "function": "image::medfilt1", + "change_type": "Modified" + }, + { + "file": "src/lapack/mod.rs", + "function": "lapack::af_norm", + "change_type": "Deleted" + }, + { + "file": "src/lapack/mod.rs", + "function": "lapack::af_norm", + "change_type": "Added" + }, + { + "file": "src/lapack/mod.rs", + "function": "lapack::norm", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_randu", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_randn", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_randu", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_randn", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_create_random_engine", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_create_random_engine", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_engine_set_type", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_engine_get_type", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_engine_set_type", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_engine_get_type", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_set_default_random_engine_type", + "change_type": "Deleted" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_set_default_random_engine_type", + "change_type": "Added" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_uniform", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::af_random_normal", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::RandomEngine::new", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::RandomEngine::get_type", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::RandomEngine::set_type", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::RandomEngine::set_default_random_engine_type", + "change_type": "Modified" + }, + { + "file": "src/random/mod.rs", + "function": "random::RandomEngine::random_normal", + "change_type": "Modified" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve1", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve2", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve3", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve2_sep", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve1", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve2", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve3", + "change_type": "Deleted" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve1", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve2", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve3", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_convolve2_sep", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve1", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve2", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_fft_convolve3", + "change_type": "Added" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::af_iir", + "change_type": "Modified" + }, + { + "file": "src/signal/mod.rs", + "function": "signal::convolve2_sep", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_create_sparse_array", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_create_sparse_array_from_ptr", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_create_sparse_array_from_dense", + "change_type": "Deleted" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_create_sparse_array_from_dense", + "change_type": "Added" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_convert_to", + "change_type": "Deleted" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_convert_to", + "change_type": "Added" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_get_info", + "change_type": "Deleted" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_get_info", + "change_type": "Added" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_get_storage", + "change_type": "Deleted" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::af_sparse_get_storage", + "change_type": "Added" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse_from_host", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse_from_dense", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse_convert_to", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse_get_info", + "change_type": "Modified" + }, + { + "file": "src/sparse/mod.rs", + "function": "sparse::sparse_get_format", + "change_type": "Modified" + }, + { + "file": "src/statistics/mod.rs", + "function": "statistics::af_topk", + "change_type": "Modified" + }, + { + "file": "src/statistics/mod.rs", + "function": "statistics::topk", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::af_get_size_of", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::af_get_size_of", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::get_size", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::From::", + "change_type": "Modified" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::Complex::get_af_dtype", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::Complex::get_af_dtype", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Deleted" + }, + { + "file": "src/util.rs", + "function": "util::From::from", + "change_type": "Added" + }, + { + "file": "src/vision/mod.rs", + "function": "vision::af_match_template", + "change_type": "Modified" + }, + { + "file": "src/vision/mod.rs", + "function": "vision::match_template", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0009", + "package": "crossbeam", + "title": "MsQueue and SegQueue suffer from double-free", + "date": "2018-12-09", + "patched_versions": [ + ">= 0.4.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0008", + "package": "slice-deque", + "title": "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory", + "date": "2018-12-05", + "patched_versions": [ + ">= 0.1.16" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0013", + "package": "safe-transmute", + "title": "Vec-to-vec transmutations could lead to heap overflow/corruption", + "date": "2018-11-27", + "patched_versions": [ + ">= 0.10.1" + ], + "commit_sha": "a134e06d740f9d7c287f74c0af2cd06206774364", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "guarded_transmute_vec_permissive", + "change_type": "Modified" + }, + { + "file": "src/to_bytes.rs", + "function": "to_bytes::guarded_transmute_to_bytes_vec", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0015", + "package": "term", + "title": "term is looking for a new maintainer", + "date": "2018-11-19", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0018", + "package": "smallvec", + "title": "smallvec creates uninitialized value of any type", + "date": "2018-09-25", + "patched_versions": [ + ">= 0.6.13" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0006", + "package": "yaml-rust", + "title": "Uncontrolled recursion leads to abort in deserialization", + "date": "2018-09-17", + "patched_versions": [ + ">= 0.4.1" + ], + "commit_sha": "7eb6b6afa9b1e3122f4a1ca06ec8390496eb3d57", + "vulnerable_symbols": [ + { + "file": "src/scanner.rs", + "function": "scanner::Scanner::", + "change_type": "Modified" + }, + { + "file": "src/scanner.rs", + "function": "scanner::Scanner::increase_flow_level", + "change_type": "Deleted" + }, + { + "file": "src/scanner.rs", + "function": "scanner::Scanner::increase_flow_level", + "change_type": "Added" + }, + { + "file": "src/yaml.rs", + "function": "yaml::test_recursion_depth_check_objects", + "change_type": "Added" + }, + { + "file": "src/yaml.rs", + "function": "yaml::test_recursion_depth_check_arrays", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0005", + "package": "serde_yaml", + "title": "Uncontrolled recursion leads to abort in deserialization", + "date": "2018-09-17", + "patched_versions": [ + ">= 0.8.4" + ], + "commit_sha": "41d58237a733051603069d1249c549cc8b6dada0", + "vulnerable_symbols": [ + { + "file": "src/de.rs", + "function": "de::Deserializer::", + "change_type": "Modified" + }, + { + "file": "src/de.rs", + "function": "de::Deserializer::recursion_check", + "change_type": "Added" + }, + { + "file": "src/de.rs", + "function": "de::for SeqAccess::visit_scalar", + "change_type": "Modified" + }, + { + "file": "src/de.rs", + "function": "de::for MapAccess::visit_scalar", + "change_type": "Modified" + }, + { + "file": "src/de.rs", + "function": "de::for EnumAccess::visit_scalar", + "change_type": "Modified" + }, + { + "file": "src/error.rs", + "function": "error::Error::", + "change_type": "Modified" + }, + { + "file": "src/error.rs", + "function": "error::Error::recursion_limit_exceeded", + "change_type": "Added" + }, + { + "file": "src/error.rs", + "function": "error::Error::fix_marker", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0004", + "package": "claxon", + "title": "Malicious input could cause uninitialized memory to be exposed", + "date": "2018-08-25", + "patched_versions": [ + "^0.3.2", + ">= 0.4.1" + ], + "commit_sha": "8f28ec275e412dd3af4f3cda460605512faf332c", + "vulnerable_symbols": [ + { + "file": "src/subframe.rs", + "function": "subframe::decode_residual", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0022", + "package": "temporary", + "title": "Use of uninitialized memory in temporary", + "date": "2018-08-22", + "patched_versions": [ + ">= 0.6.4" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0014", + "package": "chan", + "title": "chan is end-of-life; use crossbeam-channel instead", + "date": "2018-07-31", + "patched_versions": [], + "commit_sha": "0a5c0d4ad4adc90a54ee04a427389acf2e157275", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0003", + "package": "smallvec", + "title": "Possible double free during unwinding in SmallVec::insert_many", + "date": "2018-07-19", + "patched_versions": [ + ">= 0.6.3", + "^0.3.4", + "^0.4.5", + "^0.5.1" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0016", + "package": "quickersort", + "title": "quickersort is deprecated and unmaintained", + "date": "2018-06-30", + "patched_versions": [], + "commit_sha": "0bc164366315801f0c6b31f4081b7df9fc894076", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0002", + "package": "tar", + "title": "Links in archives can overwrite any existing file", + "date": "2018-06-29", + "patched_versions": [ + ">= 0.4.16" + ], + "commit_sha": "54651a87ae6ba7d81fcc72ffdee2ea7eca2c7e85", + "vulnerable_symbols": [ + { + "file": "src/entry.rs", + "function": "entry::EntryFields::", + "change_type": "Modified" + }, + { + "file": "src/entry.rs", + "function": "entry::EntryFields::validate_inside_dst", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0001", + "package": "untrusted", + "title": "An integer underflow could lead to panic", + "date": "2018-06-21", + "patched_versions": [ + ">= 0.6.2" + ], + "commit_sha": "1cf31901e7220af96c05fcb505978757fdae4a77", + "vulnerable_symbols": [ + { + "file": "src/untrusted.rs", + "function": "untrusted::Reader::skip_and_get_input", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0019", + "package": "actix-web", + "title": "Multiple memory safety issues", + "date": "2018-06-08", + "patched_versions": [ + ">= 0.7.15" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2018-0010", + "package": "openssl", + "title": "Use after free in CMS Signing", + "date": "2018-06-01", + "patched_versions": [ + ">= 0.10.9" + ], + "commit_sha": "63afe3016c5c3e615dca2fd27a5ed09a4a025359", + "vulnerable_symbols": [ + { + "file": "openssl/src/cms.rs", + "function": "openssl::cms::CmsContentInfo::", + "change_type": "Modified" + } + ] + }, + { + "advisory_id": "RUSTSEC-2018-0017", + "package": "tempdir", + "title": "`tempdir` crate has been deprecated; use `tempfile` instead", + "date": "2018-02-13", + "patched_versions": [], + "commit_sha": "bad6689835d1e4a836cc7e936a270459f84520a2", + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2017-0006", + "package": "rmpv", + "title": "Unchecked vector pre-allocation", + "date": "2017-11-21", + "patched_versions": [ + ">= 0.4.2" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2017-0008", + "package": "serial", + "title": "`serial` crate is unmaintained", + "date": "2017-07-02", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2017-0005", + "package": "cookie", + "title": "Large cookie Max-Age values can cause a denial of service", + "date": "2017-05-06", + "patched_versions": [ + "< 0.6.0", + "^0.6.2", + ">= 0.7.6" + ], + "commit_sha": "958785422bbc7d683bce4b3f9a91318b0386310d", + "vulnerable_symbols": [ + { + "file": "src/parse.rs", + "function": "parse::parse_inner", + "change_type": "Modified" + }, + { + "file": "src/parse.rs", + "function": "parse::do_not_panic_on_large_max_ages", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2017-0004", + "package": "base64", + "title": "Integer overflow leads to heap-based buffer overflow in encode_config_buf", + "date": "2017-05-03", + "patched_versions": [ + ">= 0.5.2" + ], + "commit_sha": "24ead980daf11ba563e4fb2516187a56a71ad319", + "vulnerable_symbols": [ + { + "file": "src/lib.rs", + "function": "encode_config", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "encoded_size", + "change_type": "Deleted" + }, + { + "file": "src/lib.rs", + "function": "encoded_size", + "change_type": "Added" + }, + { + "file": "src/lib.rs", + "function": "encode_config_buf", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "encoded_size_correct", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "encoded_size_correct_mime", + "change_type": "Modified" + }, + { + "file": "src/lib.rs", + "function": "encoded_size_overflow", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2017-0003", + "package": "security-framework", + "title": "Hostname verification skipped when custom root certs used", + "date": "2017-03-15", + "patched_versions": [ + ">= 0.1.12" + ], + "commit_sha": "fec804cdb8d5e3cc5c78e0c7cb0317121d2b5dcf", + "vulnerable_symbols": [ + { + "file": "security-framework-sys/src/trust.rs", + "function": "security_framework_sys::trust::SecTrustSetPolicies", + "change_type": "Added" + }, + { + "file": "security-framework/src/policy.rs", + "function": "security_framework::policy::SecPolicy::", + "change_type": "Modified" + }, + { + "file": "security-framework/src/policy.rs", + "function": "security_framework::policy::SecPolicy::create_ssl", + "change_type": "Added" + }, + { + "file": "security-framework/src/policy.rs", + "function": "security_framework::policy::SecPolicy::for_ssl", + "change_type": "Deleted" + }, + { + "file": "security-framework/src/policy.rs", + "function": "security_framework::policy::SecPolicy::create_ssl", + "change_type": "Added" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::MidHandshakeSslStream::", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::MidHandshakeClientBuilder::handshake", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::SslContext::handshake", + "change_type": "Deleted" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::SslContext::into_stream", + "change_type": "Added" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::SslContext::handshake", + "change_type": "Added" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::SslStream::handshake", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::new", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::anchor_certificates", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::handshake", + "change_type": "Modified" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::handshake_inner", + "change_type": "Deleted" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::handshake_inner", + "change_type": "Added" + }, + { + "file": "security-framework/src/secure_transport.rs", + "function": "security_framework::secure_transport::ClientBuilder::configure", + "change_type": "Deleted" + }, + { + "file": "security-framework/src/trust.rs", + "function": "security_framework::trust::SecTrust::set_policy", + "change_type": "Added" + }, + { + "file": "security-framework/src/trust.rs", + "function": "security_framework::trust::SecTrust::create_with_certificates", + "change_type": "Modified" + }, + { + "file": "security-framework/src/trust.rs", + "function": "security_framework::trust::SecTrust::set_policy", + "change_type": "Added" + } + ] + }, + { + "advisory_id": "RUSTSEC-2017-0001", + "package": "sodiumoxide", + "title": "scalarmult() vulnerable to degenerate public keys", + "date": "2017-01-26", + "patched_versions": [ + ">= 0.0.14" + ], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2016-0006", + "package": "cassandra", + "title": "`cassandra` crate is unmaintained; use `cassandra-cpp` instead", + "date": "2016-12-15", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2016-0004", + "package": "libusb", + "title": "libusb is unmaintained; use rusb instead", + "date": "2016-09-10", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2016-0005", + "package": "rust-crypto", + "title": "rust-crypto is unmaintained; switch to a modern alternative", + "date": "2016-09-06", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + }, + { + "advisory_id": "RUSTSEC-2016-0003", + "package": "portaudio", + "title": "HTTP download and execution allows MitM RCE", + "date": "2016-08-01", + "patched_versions": [], + "commit_sha": null, + "vulnerable_symbols": [] + } + ] +} \ No newline at end of file