commit cargo-audit-advisory-db for openSUSE:Factory

Source-Sync Sun, 01 May 2022 09:54:08 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cargo-audit-advisory-db for 
openSUSE:Factory checked in at 2022-05-01 18:53:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
 and      /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cargo-audit-advisory-db"

Sun May  1 18:53:47 2022 rev:24 rq:974165 version:20220428

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
  2022-04-20 16:57:32.826635215 +0200
+++ 
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.1538/cargo-audit-advisory-db.changes
        2022-05-01 18:53:56.423182545 +0200
@@ -1,0 +2,15 @@
+Thu Apr 28 02:57:45 UTC 2022 - [email protected]
+
+- Update to version 20220428:
+  * Assigned RUSTSEC-2022-0017 to array-macro (#1225)
+  * Add advisory for using impure constants in array-macro (#1224)
+  * Add patch version for fruity (#1223)
+  * Update RUSTSEC-2020-0071.md (#1222)
+  * RUSTSEC-2022-0012: note that v0.10.0+ is patched (#1220)
+  * Assigned RUSTSEC-2022-0016 to wasmtime (#1218)
+  * Add CVE-2022-24791 for Wasmtime (#1217)
+  * Assigned RUSTSEC-2022-0015 to pty (#1215)
+  * Add unmaintained advisory for pty (#1213)
+  * Assigned RUSTSEC-2022-0014 to openssl-src (#1211)
+
+-------------------------------------------------------------------

Old:
----
  advisory-db-20220420.tar.xz

New:
----
  advisory-db-20220428.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.KJt3QG/_old  2022-05-01 18:53:56.855182946 +0200
+++ /var/tmp/diff_new_pack.KJt3QG/_new  2022-05-01 18:53:56.863182953 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           cargo-audit-advisory-db
-Version:        20220420
+Version:        20220428
 Release:        0
 Summary:        A database of known security issues for Rust depedencies
 License:        CC0-1.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.KJt3QG/_old  2022-05-01 18:53:56.895182983 +0200
+++ /var/tmp/diff_new_pack.KJt3QG/_new  2022-05-01 18:53:56.899182986 +0200
@@ -2,7 +2,7 @@
   <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/RustSec/advisory-db.git</param>
     <param name="scm">git</param>
-    <param name="version">20220420</param>
+    <param name="version">20220428</param>
     <param name="revision">master</param>
     <param name="changesgenerate">enable</param>
     <param name="changesauthor">[email protected]</param>

++++++ advisory-db-20220420.tar.xz -> advisory-db-20220428.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/advisory-db-20220420/.duplicate-id-guard 
new/advisory-db-20220428/.duplicate-id-guard
--- old/advisory-db-20220420/.duplicate-id-guard        2022-04-19 
02:03:30.000000000 +0200
+++ new/advisory-db-20220428/.duplicate-id-guard        2022-04-27 
21:05:18.000000000 +0200
@@ -1,3 +1,3 @@
 This file causes merge conflicts if two ID assignment jobs run concurrently.
 This prevents duplicate ID assignment due to a race between those jobs.
-be31153ca949684d3c0b38dba139be7cc19bd1235297389eb16eb7b16356b11e  -
+05211b923d19475817ba8c9cdcc1c8079a94da53ed993f4f5af9e032b8766a4d  -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/advisory-db-20220420/crates/array-macro/RUSTSEC-2022-0017.md 
new/advisory-db-20220428/crates/array-macro/RUSTSEC-2022-0017.md
--- old/advisory-db-20220420/crates/array-macro/RUSTSEC-2022-0017.md    
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20220428/crates/array-macro/RUSTSEC-2022-0017.md    
2022-04-27 21:05:18.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2022-0017"
+package = "array-macro"
+date = "2022-04-27"
+url = "https://gitlab.com/KonradBorowski/array-macro/-/issues/5";
+categories = ["code-execution", "memory-corruption", "memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = [">= 2.1.2"]
+unaffected = ["< 2.1.0"]
+```
+
+# `array!` macro is unsound when its length is impure constant
+
+Affected versions of this crate did substitute the array length provided by an 
user at compile-time multiple times.
+
+When an impure constant expression is passed as an array length (such as a 
result of an impure procedural macro), this can result in the initialization of 
an array with uninitialized types, which in turn can allow an attacker to 
execute arbitrary code.
+
+The flaw was corrected in commit 
[d5b63f72](https://gitlab.com/KonradBorowski/array-macro/-/commit/d5b63f72090f3809c21ac28f9cfd84f12559bf7d)
 by making sure that array length is substituted just once.

commit cargo-audit-advisory-db for openSUSE:Factory

Reply via email to