commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Tue, 06 Apr 2021 08:31:46 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2021-04-06 17:30:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Tue Apr  6 17:30:10 2021 rev:2 rq:882781 version:20210401

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2021-03-30 21:45:32.642667916 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401/cargo-audit-advisory-db.changes
        2021-04-06 17:31:34.755245758 +0200
@@ -1,0 +2,13 @@
+Wed Mar 31 23:17:44 UTC 2021 - [email protected]
+
+- Update to version 20210401:
+  * Assigned RUSTSEC-2021-0050 to reorder
+  * Add advisory for out-of-bounds write and uninitialized memory exposure in 
reorder
+  * max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
+  * Assigned RUSTSEC-2020-0152 to max7301
+  * Add advisory for data race in max7301
+  * Assigned RUSTSEC-2020-0151 to generator
+  * Add advisory for data race in generator (#855)
+  * Assigned RUSTSEC-2020-0150 to disrustor
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20210317.tar.xz

New:
----
  advisory-db-20210401.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.HtCbiA/_old  2021-04-06 17:31:35.315246391 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new  2021-04-06 17:31:35.315246391 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20210317
+Version:        20210401
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.HtCbiA/_old  2021-04-06 17:31:35.347246428 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new  2021-04-06 17:31:35.351246432 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20210317</param>
+    <param name="version">20210401</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">[email protected]</param>

++++++ advisory-db-20210317.tar.xz -> advisory-db-20210401.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210317/.duplicate-id-guard 
new/advisory-db-20210401/.duplicate-id-guard
--- old/advisory-db-20210317/.duplicate-id-guard        2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/.duplicate-id-guard        2021-03-31 
13:30:20.000000000 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-c99c5d02ebad78e89d8918670602c37b538a99d8f9efd6aba65c468ad9e64a00  -
+edf964eb367af4474a41f79406f539e8399c15cfd917cd4917cb64e0e599aac1  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md 
new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md
--- old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md       
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md       
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0045"
+package = "adtensor"
+date = "2021-01-11"
+url = "https://github.com/charles-r-earp/adtensor/issues/4";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# FromIterator implementation for Vector/Matrix can drop uninitialized memory
+
+The `FromIterator<T>` methods for `Vector` and `Matrix` rely on the type
+parameter `N` to allocate space in the iterable.
+
+If the passed in `N` type parameter is larger than the number of items returned
+by the iterator, it can lead to uninitialized memory being left in the
+`Vector` or `Matrix` type which gets dropped.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md 
new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md
--- old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md       
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md       
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0149"
+package = "appendix"
+date = "2020-11-15"
+url = "https://github.com/krl/appendix/issues/6";
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = []
+```
+
+# Data race and memory safety issue in `Index`
+
+The `appendix` crate implements a key-value mapping data structure called
+`Index<K, V>` that is stored on disk. The crate allows for any type to inhabit
+the generic `K` and `V` type parameters and implements Send and Sync for them
+unconditionally.
+
+Using a type that is not marked as `Send` or `Sync` with `Index` can allow it
+to be used across multiple threads leading to data races. Additionally using
+reference types for the keys or values will lead to the segmentation faults
+in the crate's code.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210317/crates/bam/RUSTSEC-2021-0027.md 
new/advisory-db-20210401/crates/bam/RUSTSEC-2021-0027.md
--- old/advisory-db-20210317/crates/bam/RUSTSEC-2021-0027.md    2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/bam/RUSTSEC-2021-0027.md    2021-03-31 
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0027"
 package = "bam"
+aliases = ["CVE-2021-28027"]
 date = "2021-01-07"
 url = "https://gitlab.com/tprodanov/bam/-/issues/4";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/byte_struct/RUSTSEC-2021-0032.md 
new/advisory-db-20210401/crates/byte_struct/RUSTSEC-2021-0032.md
--- old/advisory-db-20210317/crates/byte_struct/RUSTSEC-2021-0032.md    
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/byte_struct/RUSTSEC-2021-0032.md    
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0032"
 package = "byte_struct"
+aliases = ["CVE-2021-28033"]
 date = "2021-03-01"
 url = "https://github.com/wwylele/byte-struct-rs/issues/1";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20210317/crates/cgc/RUSTSEC-2020-0148.md 
new/advisory-db-20210401/crates/cgc/RUSTSEC-2020-0148.md
--- old/advisory-db-20210317/crates/cgc/RUSTSEC-2020-0148.md    1970-01-01 
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/cgc/RUSTSEC-2020-0148.md    2021-03-31 
13:30:20.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0148"
+package = "cgc"
+date = "2020-12-10"
+url = "https://github.com/playXE/cgc/issues/5";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "aliasing", "concurrency"]
+
+[versions]
+patched = []
+```
+
+# Multiple soundness issues in `Ptr`
+
+Affected versions of this crate have the following issues:
+
+1. `Ptr` implements `Send` and `Sync` for all types, this can lead to data
+   races by sending non-thread safe types across threads.
+
+2. `Ptr::get` violates mutable alias rules by returning multiple mutable
+   references to the same object.
+
+3. `Ptr::write` uses non-atomic writes to the underlying pointer. This means
+   that when used across threads it can lead to data races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/diesel/RUSTSEC-2021-0037.md 
new/advisory-db-20210401/crates/diesel/RUSTSEC-2021-0037.md
--- old/advisory-db-20210317/crates/diesel/RUSTSEC-2021-0037.md 2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/diesel/RUSTSEC-2021-0037.md 2021-03-31 
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0037"
 package = "diesel"
+aliases = ["CVE-2021-28305"]
 date = "2021-03-05"
 url = "https://github.com/diesel-rs/diesel/pull/2663";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/disrustor/RUSTSEC-2020-0150.md 
new/advisory-db-20210401/crates/disrustor/RUSTSEC-2020-0150.md
--- old/advisory-db-20210317/crates/disrustor/RUSTSEC-2020-0150.md      
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/disrustor/RUSTSEC-2020-0150.md      
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0150"
+package = "disrustor"
+date = "2020-12-17"
+url = "https://github.com/sklose/disrustor/issues/1";
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = []
+```
+
+# RingBuffer can create multiple mutable references and cause data races
+
+The `RingBuffer` type retrieves mutable references from the `DataProvider` in a
+non-atomic manner, potentially allowing the creation of multiple mutable
+references. `RingBuffer` also implements the `Send` and `Sync` traits for all
+types `T`.
+
+This allows undefined behavior from the aliased mutable references as well
+as data races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/fltk/RUSTSEC-2021-0038.md 
new/advisory-db-20210401/crates/fltk/RUSTSEC-2021-0038.md
--- old/advisory-db-20210317/crates/fltk/RUSTSEC-2021-0038.md   2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/fltk/RUSTSEC-2021-0038.md   2021-03-31 
13:30:20.000000000 +0200
@@ -2,6 +2,11 @@
 [advisory]
 id = "RUSTSEC-2021-0038"
 package = "fltk"
+aliases = [
+    "CVE-2021-28306",
+    "CVE-2021-28307",
+    "CVE-2021-28308",
+]
 date = "2021-03-06"
 keywords = ["undefined_behavior"]
 url = "https://github.com/MoAlyousef/fltk-rs/issues/519";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/generator/RUSTSEC-2020-0151.md 
new/advisory-db-20210401/crates/generator/RUSTSEC-2020-0151.md
--- old/advisory-db-20210317/crates/generator/RUSTSEC-2020-0151.md      
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/generator/RUSTSEC-2020-0151.md      
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0151"
+package = "generator"
+date = "2020-11-16"
+url = "https://github.com/Xudong-Huang/generator-rs/issues/27";
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.7.0"]
+```
+
+# Generators can cause data races if non-Send types are used in their 
generator functions
+
+The `Generator` type is an iterable which uses a generator function that yields
+values. In affected versions of the crate, the provided function yielding 
values
+had no `Send` bounds despite the `Generator` itself implementing `Send`.
+
+The generator function lacking a `Send` bound means that types that are
+dangerous to send across threads such as `Rc` could be sent as part of a
+generator, potentially leading to data races.
+
+This flaw was fixed in commit 
[`f7d120a3b`](https://github.com/Xudong-Huang/generator-rs/commit/f7d120a3b724d06a7b623d0a4306acf8f78cb4f0)
+by enforcing that the generator function be bound by `Send`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/hyper/RUSTSEC-2021-0020.md 
new/advisory-db-20210401/crates/hyper/RUSTSEC-2021-0020.md
--- old/advisory-db-20210317/crates/hyper/RUSTSEC-2021-0020.md  2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/hyper/RUSTSEC-2021-0020.md  2021-03-31 
13:30:20.000000000 +0200
@@ -9,7 +9,7 @@
 aliases = ["CVE-2021-21299"]
 
 [versions]
-patched = [">= 0.14.3", "0.13.10"]
+patched = [">= 0.14.3", "0.13.10", "0.12.36"]
 unaffected = ["< 0.12.0"]
 ```
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/insert_many/RUSTSEC-2021-0042.md 
new/advisory-db-20210401/crates/insert_many/RUSTSEC-2021-0042.md
--- old/advisory-db-20210317/crates/insert_many/RUSTSEC-2021-0042.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/insert_many/RUSTSEC-2021-0042.md    
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0042"
+package = "insert_many"
+date = "2021-01-26"
+url = "https://github.com/rphmeier/insert_many/issues/1";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# insert_many can drop elements twice on panic
+
+Affected versions of `insert_many` used `ptr::copy` to move over items in a
+vector to make space before inserting, duplicating their ownership. It then
+iterated over a provided `Iterator` to insert the new items.
+
+If the iterator's `.next()` method panics then the vector would drop the same
+elements twice.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/internment/RUSTSEC-2021-0036.md 
new/advisory-db-20210401/crates/internment/RUSTSEC-2021-0036.md
--- old/advisory-db-20210317/crates/internment/RUSTSEC-2021-0036.md     
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/internment/RUSTSEC-2021-0036.md     
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0036"
 package = "internment"
+aliases = ["CVE-2021-28037"]
 date = "2021-03-03"
 url = "https://github.com/droundy/internment/issues/20";
 categories = ["thread-safety"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/max7301/RUSTSEC-2020-0152.md 
new/advisory-db-20210401/crates/max7301/RUSTSEC-2020-0152.md
--- old/advisory-db-20210317/crates/max7301/RUSTSEC-2020-0152.md        
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/max7301/RUSTSEC-2020-0152.md        
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0152"
+package = "max7301"
+date = "2020-12-18"
+url = "https://github.com/edarc/max7301/issues/1";
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.2.0"]
+```
+
+# ImmediateIO and TransactionalIO can cause data races
+
+The `ImmediateIO` and `TransactionalIO` types implement `Sync` for all 
contained
+`Expander<EI>` types regardless of if the `Expander` itself is safe to use
+across threads.
+
+As the `IO` types allow retrieving the `Expander`, this can lead to non-thread
+safe types being sent across threads as part of the `Expander` leading to data
+races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/nano_arena/RUSTSEC-2021-0031.md 
new/advisory-db-20210401/crates/nano_arena/RUSTSEC-2021-0031.md
--- old/advisory-db-20210317/crates/nano_arena/RUSTSEC-2021-0031.md     
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/nano_arena/RUSTSEC-2021-0031.md     
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0031"
 package = "nano_arena"
+aliases = ["CVE-2021-28032"]
 date = "2021-01-31"
 url = "https://github.com/bennetthardwick/nano-arena/issues/1";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/parse_duration/RUSTSEC-2021-0041.md 
new/advisory-db-20210401/crates/parse_duration/RUSTSEC-2021-0041.md
--- old/advisory-db-20210317/crates/parse_duration/RUSTSEC-2021-0041.md 
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/parse_duration/RUSTSEC-2021-0041.md 
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0041"
+aliases = ["CAN-2021-1000007"]
+package = "parse_duration"
+date = "2021-03-18"
+url = "https://github.com/zeta12ti/parse_duration/issues/21";
+categories = ["denial-of-service"]
+keywords = ["parsing", "untrusted data"]
+
+[versions]
+patched = []
+unaffected = []
+
+[affected.functions]
+"parse_duration::parse" = ["*"]
+```
+
+# Denial of service through parsing payloads with too big exponent
+
+The `parse_duration::parse` function allows for parsing duration strings with 
exponents like `5e5s` where under the hood, the [`BigInt` type along with the 
`pow` function are used for such 
payloads](https://github.com/zeta12ti/parse_duration/blob/26940ab5cd4e3a9d6bd97aa101f8d4bbfd18ee8c/src/parse.rs#L335).
 Passing an arbitrarily big exponent makes the `parse_duration::parse` function 
to process the payload for a very long time taking up CPU and memory.
+
+This allows an attacker to cause a DoS if the `parse_duration::parse` function 
is used to process untrusted input.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/quinn/RUSTSEC-2021-0035.md 
new/advisory-db-20210401/crates/quinn/RUSTSEC-2021-0035.md
--- old/advisory-db-20210317/crates/quinn/RUSTSEC-2021-0035.md  2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/quinn/RUSTSEC-2021-0035.md  2021-03-31 
13:30:20.000000000 +0200
@@ -2,7 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0035"
 package = "quinn"
-aliases = []
+aliases = ["CVE-2021-28036"]
 date = "2021-03-04"
 url = "https://github.com/quinn-rs/quinn/issues/968";
 keywords = ["memory", "layout", "cast"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/reorder/RUSTSEC-2021-0050.md 
new/advisory-db-20210401/crates/reorder/RUSTSEC-2021-0050.md
--- old/advisory-db-20210317/crates/reorder/RUSTSEC-2021-0050.md        
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/reorder/RUSTSEC-2021-0050.md        
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0050"
+package = "reorder"
+date = "2021-02-24"
+url = "https://github.com/tiby312/reorder/issues/1";
+keywords = ["memory-corruption", "out-of-bounds"]
+
+[versions]
+patched = []
+```
+
+# swap_index can write out of bounds and return uninitialized memory
+
+`swap_index` takes an iterator and swaps the items with their corresponding
+indexes. It reserves capacity and sets the length of the vector based on the
+`.len()` method of the iterator.
+
+If the `len()` returned by the iterator is larger than the actual number of
+elements yielded, then `swap_index` creates a vector containing uninitialized
+members. If the `len()` returned by the iterator is smaller than the actual
+number of members yielded, then `swap_index` can write out of bounds past
+its allocated vector.
+
+As noted by the Rust documentation, 
[`len()`](https://doc.rust-lang.org/std/iter/trait.ExactSizeIterator.html#method.len)
+and `size_hint()` are primarily meant for optimization and incorrect values
+from their implementations should not lead to memory safety violations.
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/rocket/RUSTSEC-2021-0044.md 
new/advisory-db-20210401/crates/rocket/RUSTSEC-2021-0044.md
--- old/advisory-db-20210317/crates/rocket/RUSTSEC-2021-0044.md 1970-01-01 
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/rocket/RUSTSEC-2021-0044.md 2021-03-31 
13:30:20.000000000 +0200
@@ -0,0 +1,33 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0044"
+package = "rocket"
+date = "2021-02-09"
+url = "https://github.com/SergioBenitez/Rocket/issues/1534";
+informational = "unsound"
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "use-after-free"]
+
+[versions]
+patched = [">= 0.4.7"]
+```
+
+# Use after free possible in `uri::Formatter` on panic
+
+Affected versions of this crate transmuted a `&str` to a `&'static str` before
+pushing it into a `StackVec`, this value was then popped later in the same
+function.
+
+This was assumed to be safe because the reference would be valid while the
+method's stack was active. In between the push and the pop, however, a function
+`f` was called that could invoke a user provided function.
+
+If the user provided panicked, then the assumption used by the function was no
+longer true and the transmute to `&'static` would create an illegal static
+reference to the string. This could result in a freed string being used during
+(such as in a `Drop` implementation) or after (e.g through `catch_unwind`) the
+panic unwinding.
+
+This flaw was corrected in commit 
[e325e2f](https://github.com/SergioBenitez/Rocket/commit/e325e2fce4d9f9f392761e9fb58b418a48cef8bb)
+by using a guard object to ensure that the `&'static str` was dropped inside
+the function.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/scratchpad/RUSTSEC-2021-0030.md 
new/advisory-db-20210401/crates/scratchpad/RUSTSEC-2021-0030.md
--- old/advisory-db-20210317/crates/scratchpad/RUSTSEC-2021-0030.md     
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/scratchpad/RUSTSEC-2021-0030.md     
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0030"
 package = "scratchpad"
+aliases = ["CVE-2021-28031"]
 date = "2021-02-18"
 url = "https://github.com/okready/scratchpad/issues/1";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/slice-deque/RUSTSEC-2021-0047.md 
new/advisory-db-20210401/crates/slice-deque/RUSTSEC-2021-0047.md
--- old/advisory-db-20210317/crates/slice-deque/RUSTSEC-2021-0047.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/slice-deque/RUSTSEC-2021-0047.md    
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0047"
+package = "slice-deque"
+date = "2021-02-19"
+url = "https://github.com/gnzlbg/slice_deque/issues/90";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# SliceDeque::drain_filter can double drop an element if the predicate panics
+
+Affected versions of the crate incremented the current index of the drain 
filter
+iterator *before* calling the predicate function `self.pred`.
+
+If the predicate function panics, it is possible for the last element in the
+iterator to be dropped twice.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/stack_dst/RUSTSEC-2021-0033.md 
new/advisory-db-20210401/crates/stack_dst/RUSTSEC-2021-0033.md
--- old/advisory-db-20210317/crates/stack_dst/RUSTSEC-2021-0033.md      
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/stack_dst/RUSTSEC-2021-0033.md      
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0033"
 package = "stack_dst"
+aliases = ["CVE-2021-28034", "CVE-2021-28035"]
 date = "2021-02-22"
 url = "https://github.com/thepowersgang/stack_dst-rs/issues/5";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/stackvector/RUSTSEC-2021-0048.md 
new/advisory-db-20210401/crates/stackvector/RUSTSEC-2021-0048.md
--- old/advisory-db-20210317/crates/stackvector/RUSTSEC-2021-0048.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/stackvector/RUSTSEC-2021-0048.md    
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0048"
+package = "stackvector"
+date = "2021-02-19"
+url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2";
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# StackVec::extend can write out of bounds when size_hint is incorrect
+
+`StackVec::extend` used the lower and upper bounds from an Iterator's
+`size_hint` to determine how many items to push into the stack based vector.
+
+If the `size_hint` implementation returned a lower bound that was larger than
+the upper bound, `StackVec` would write out of bounds and overwrite memory
+on the stack. As mentioned by the 
[size_hint](https://doc.rust-lang.org/std/iter/trait.Iterator.html#provided-methods)
+documentation, `size_hint` is mainly for optimization and incorrect
+implementations should not lead to memory safety issues.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/telemetry/RUSTSEC-2021-0046.md 
new/advisory-db-20210401/crates/telemetry/RUSTSEC-2021-0046.md
--- old/advisory-db-20210317/crates/telemetry/RUSTSEC-2021-0046.md      
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/telemetry/RUSTSEC-2021-0046.md      
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0046"
+package = "telemetry"
+date = "2021-02-17"
+url = "https://github.com/Yoric/telemetry.rs/issues/45";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# misc::vec_with_size() can drop uninitialized memory if clone panics
+
+`misc::vec_with_size` creates a vector of the provided `size` and immediately
+calls `vec.set_len(size)` on it, initially filling it with uninitialized 
memory.
+It then inserts elements using `vec[i] = value.clone()`.
+
+If the `value.clone()` call panics, uninitialized items in the vector will be
+dropped leading to undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/through/RUSTSEC-2021-0049.md 
new/advisory-db-20210401/crates/through/RUSTSEC-2021-0049.md
--- old/advisory-db-20210317/crates/through/RUSTSEC-2021-0049.md        
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/through/RUSTSEC-2021-0049.md        
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0049"
+package = "through"
+date = "2021-02-18"
+url = "https://github.com/gretchenfrage/through/issues/1";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# `through` and `through_and` causes a double free if the map function panics
+
+`through` and `through_and` take a mutable reference as well as a mapping
+function to change the provided reference. They do this by calling `ptr::read`
+on the reference which duplicates ownership and then calling the mapping
+function.
+
+If the mapping function panics, both the original object and the one
+duplicated by `ptr::read` get dropped, causing a double free.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/toodee/RUSTSEC-2021-0028.md 
new/advisory-db-20210401/crates/toodee/RUSTSEC-2021-0028.md
--- old/advisory-db-20210317/crates/toodee/RUSTSEC-2021-0028.md 2021-03-07 
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/toodee/RUSTSEC-2021-0028.md 2021-03-31 
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0028"
 package = "toodee"
+aliases = ["CVE-2021-28028", "CVE-2021-28029"]
 date = "2021-02-19"
 url = "https://github.com/antonmarsden/toodee/issues/13";
 categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/truetype/RUSTSEC-2021-0029.md 
new/advisory-db-20210401/crates/truetype/RUSTSEC-2021-0029.md
--- old/advisory-db-20210317/crates/truetype/RUSTSEC-2021-0029.md       
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/truetype/RUSTSEC-2021-0029.md       
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
 [advisory]
 id = "RUSTSEC-2021-0029"
 package = "truetype"
+aliases = ["CVE-2021-28030"]
 date = "2021-02-17"
 url = "https://github.com/bodoni/truetype/issues/11";
 categories = ["memory-exposure"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20210317/crates/uu_od/RUSTSEC-2021-0043.md 
new/advisory-db-20210401/crates/uu_od/RUSTSEC-2021-0043.md
--- old/advisory-db-20210317/crates/uu_od/RUSTSEC-2021-0043.md  1970-01-01 
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/uu_od/RUSTSEC-2021-0043.md  2021-03-31 
13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0043"
+package = "uu_od"
+date = "2021-02-17"
+url = "https://github.com/uutils/coreutils/issues/1729";
+categories = ["memory-exposure"]
+
+[versions]
+patched = [">= 0.0.4"]
+```
+
+# PartialReader passes uninitialized memory to user-provided Read
+
+Affected versions of this crate passed an uniniitalized buffer to a
+user-provided `Read` instance in `PartialReader::read`.
+
+This can result in safe `Read` implementations reading from the uninitialized
+buffer leading to undefined behavior.
+
+The flaw was fixed in commit 
[`39d62c6`](https://github.com/uutils/coreutils/commit/39d62c6c1f809022c903180471c10fde6ecd12d1)
+by zero-initializing the passed buffer.

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to