commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Wed, 20 Apr 2022 08:04:51 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-04-20 16:57:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1941 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Wed Apr 20 16:57:02 2022 rev:23 rq:970927 version:20220420

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-03-30 20:35:55.233315784 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1941/cargo-audit-advisory-db.changes
        2022-04-20 16:57:32.826635215 +0200
@@ -1,0 +2,15 @@
+Wed Apr 20 00:36:52 UTC 2022 - [email protected]
+
+- Update to version 20220420:
+  * Add patch version for fruity (#1223)
+  * Update RUSTSEC-2020-0071.md (#1222)
+  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
+  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
+  * Add CVE-2022-24791 for Wasmtime (#1217)
+  * Assigned RUSTSEC-2022-0015 to pty (#1215)
+  * Add unmaintained advisory for pty (#1213)
+  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
+  * Add CVE-2022-0778 for openssl-src (#1210)
+  * Assigned RUSTSEC-2022-0013 to regex (#1208)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20220323.tar.xz

New:
----
  advisory-db-20220420.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.TfUalS/_old  2022-04-20 16:57:33.282635640 +0200
+++ /var/tmp/diff_new_pack.TfUalS/_new  2022-04-20 16:57:33.286635644 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20220323
+Version:        20220420
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.TfUalS/_old  2022-04-20 16:57:33.318635674 +0200
+++ /var/tmp/diff_new_pack.TfUalS/_new  2022-04-20 16:57:33.322635678 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20220323</param>
+    <param name="version">20220420</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">[email protected]</param>

++++++ advisory-db-20220323.tar.xz -> advisory-db-20220420.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220323/.duplicate-id-guard 
new/advisory-db-20220420/.duplicate-id-guard
--- old/advisory-db-20220323/.duplicate-id-guard        2022-03-22 
15:52:42.000000000 +0100
+++ new/advisory-db-20220420/.duplicate-id-guard        2022-04-19 
02:03:30.000000000 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-3ebd0dec6b0d10eb52fe3853c7b58d0f9a13d1fc5a84ff64509fda7c9dd4985e  -
+be31153ca949684d3c0b38dba139be7cc19bd1235297389eb16eb7b16356b11e  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/arrow2/RUSTSEC-2022-0012.md 
new/advisory-db-20220420/crates/arrow2/RUSTSEC-2022-0012.md
--- old/advisory-db-20220323/crates/arrow2/RUSTSEC-2022-0012.md 2022-03-22 
15:52:42.000000000 +0100
+++ new/advisory-db-20220420/crates/arrow2/RUSTSEC-2022-0012.md 2022-04-19 
02:03:30.000000000 +0200
@@ -7,7 +7,7 @@
 categories = ["memory-corruption"]
 
 [versions]
-patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10"]
+patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10", ">= 
0.10.0"]
 ```
 
 # Arrow2 allows double free in `safe` code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/fruity/RUSTSEC-2021-0123.md 
new/advisory-db-20220420/crates/fruity/RUSTSEC-2021-0123.md
--- old/advisory-db-20220323/crates/fruity/RUSTSEC-2021-0123.md 2022-03-22 
15:52:42.000000000 +0100
+++ new/advisory-db-20220420/crates/fruity/RUSTSEC-2021-0123.md 2022-04-19 
02:03:30.000000000 +0200
@@ -7,13 +7,14 @@
 url = "https://github.com/nvzqz/fruity/issues/14";
 
 [affected.functions]
-"fruity::foundation::NSString::to_str" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_str_with_nul" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_string" = ["> 0.0.0"]
-"fruity::foundation::NSString::to_string_with_nul" = ["> 0.0.0"]
+"fruity::foundation::NSString::to_str" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_str_with_nul" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_string" = ["< 0.3.0, >= 0.1.0"]
+"fruity::foundation::NSString::to_string_with_nul" = ["< 0.3.0, >= 0.1.0"]
 
 [versions]
-patched = []
+patched = [">= 0.3.0"]
+unaffected = ["< 0.1.0"]
 ```
 
 # Converting `NSString` to a String Truncates at Null Bytes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/time/RUSTSEC-2020-0071.md 
new/advisory-db-20220420/crates/time/RUSTSEC-2020-0071.md
--- old/advisory-db-20220323/crates/time/RUSTSEC-2020-0071.md   2022-03-22 
15:52:42.000000000 +0100
+++ new/advisory-db-20220420/crates/time/RUSTSEC-2020-0071.md   2022-04-19 
02:03:30.000000000 +0200
@@ -13,14 +13,13 @@
 # any Unix-like OS
 os = [
     "linux",
-    "Redox",
-    "rolaris",
+    "redox",
+    "solaris",
     "android",
     "ios",
     "macos",
     "netbsd",
     "openbsd",
-    "bitrig",
     "freebsd",
 ]
 [affected.functions]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220323/crates/wasmtime/RUSTSEC-2022-0016.md 
new/advisory-db-20220420/crates/wasmtime/RUSTSEC-2022-0016.md
--- old/advisory-db-20220323/crates/wasmtime/RUSTSEC-2022-0016.md       
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20220420/crates/wasmtime/RUSTSEC-2022-0016.md       
2022-04-19 02:03:30.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0016"
+package = "wasmtime"
+date = "2022-03-31"
+url = 
"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2";
+categories = ["memory-corruption", "memory-exposure"]
+keywords = ["use-after-free", "Wasm", "garbage collection"]
+aliases = ["CVE-2022-24791"]
+
+[versions]
+patched = [">= 0.35.2", ">= 0.34.2, < 0.35.0"]
+unaffected = ["< 0.34.0"]
+
+[affected]
+functions = { "wasmtime::Config::epoch_interruption" = ["0.34.0", "0.34.1", 
"0.35.0", "0.35.1"] }
+```
+
+# Use after free with `externref`s and epoch interruption in Wasmtime
+
+[Use after free with `externref`s and epoch interruption in 
Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2)

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to