Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cargo-audit-advisory-db for
openSUSE:Factory checked in at 2021-04-06 17:30:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
and /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cargo-audit-advisory-db"
Tue Apr 6 17:30:10 2021 rev:2 rq:882781 version:20210401
Changes:
--------
---
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
2021-03-30 21:45:32.642667916 +0200
+++
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2401/cargo-audit-advisory-db.changes
2021-04-06 17:31:34.755245758 +0200
@@ -1,0 +2,13 @@
+Wed Mar 31 23:17:44 UTC 2021 - wbr...@suse.de
+
+- Update to version 20210401:
+ * Assigned RUSTSEC-2021-0050 to reorder
+ * Add advisory for out-of-bounds write and uninitialized memory exposure in
reorder
+ * max7301: Mark RUSTSEC-2020-0152 as patched. (#859)
+ * Assigned RUSTSEC-2020-0152 to max7301
+ * Add advisory for data race in max7301
+ * Assigned RUSTSEC-2020-0151 to generator
+ * Add advisory for data race in generator (#855)
+ * Assigned RUSTSEC-2020-0150 to disrustor
+
+-------------------------------------------------------------------
Old:
----
advisory-db-20210317.tar.xz
New:
----
advisory-db-20210401.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.HtCbiA/_old 2021-04-06 17:31:35.315246391 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new 2021-04-06 17:31:35.315246391 +0200
@@ -17,7 +17,7 @@
Name: cargo-audit-advisory-db
-Version: 20210317
+Version: 20210401
Release: 0
Summary: A database of known security issues for Rust depedencies
License: CC0-1.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.HtCbiA/_old 2021-04-06 17:31:35.347246428 +0200
+++ /var/tmp/diff_new_pack.HtCbiA/_new 2021-04-06 17:31:35.351246432 +0200
@@ -2,7 +2,7 @@
<service mode="disabled" name="obs_scm">
<param name="url">https://github.com/RustSec/advisory-db.git</param>
<param name="scm">git</param>
- <param name="version">20210317</param>
+ <param name="version">20210401</param>
<param name="revision">master</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">wbr...@suse.de</param>
++++++ advisory-db-20210317.tar.xz -> advisory-db-20210401.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210317/.duplicate-id-guard
new/advisory-db-20210401/.duplicate-id-guard
--- old/advisory-db-20210317/.duplicate-id-guard 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/.duplicate-id-guard 2021-03-31
13:30:20.000000000 +0200
@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
-c99c5d02ebad78e89d8918670602c37b538a99d8f9efd6aba65c468ad9e64a00 -
+edf964eb367af4474a41f79406f539e8399c15cfd917cd4917cb64e0e599aac1 -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md
new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md
--- old/advisory-db-20210317/crates/adtensor/RUSTSEC-2021-0045.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/adtensor/RUSTSEC-2021-0045.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0045"
+package = "adtensor"
+date = "2021-01-11"
+url = "https://github.com/charles-r-earp/adtensor/issues/4";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# FromIterator implementation for Vector/Matrix can drop uninitialized memory
+
+The `FromIterator<T>` methods for `Vector` and `Matrix` rely on the type
+parameter `N` to allocate space in the iterable.
+
+If the passed in `N` type parameter is larger than the number of items returned
+by the iterator, it can lead to uninitialized memory being left in the
+`Vector` or `Matrix` type which gets dropped.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md
new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md
--- old/advisory-db-20210317/crates/appendix/RUSTSEC-2020-0149.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/appendix/RUSTSEC-2020-0149.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0149"
+package = "appendix"
+date = "2020-11-15"
+url = "https://github.com/krl/appendix/issues/6";
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = []
+```
+
+# Data race and memory safety issue in `Index`
+
+The `appendix` crate implements a key-value mapping data structure called
+`Index<K, V>` that is stored on disk. The crate allows for any type to inhabit
+the generic `K` and `V` type parameters and implements Send and Sync for them
+unconditionally.
+
+Using a type that is not marked as `Send` or `Sync` with `Index` can allow it
+to be used across multiple threads leading to data races. Additionally using
+reference types for the keys or values will lead to the segmentation faults
+in the crate's code.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210317/crates/bam/RUSTSEC-2021-0027.md
new/advisory-db-20210401/crates/bam/RUSTSEC-2021-0027.md
--- old/advisory-db-20210317/crates/bam/RUSTSEC-2021-0027.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/bam/RUSTSEC-2021-0027.md 2021-03-31
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0027"
package = "bam"
+aliases = ["CVE-2021-28027"]
date = "2021-01-07"
url = "https://gitlab.com/tprodanov/bam/-/issues/4";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/byte_struct/RUSTSEC-2021-0032.md
new/advisory-db-20210401/crates/byte_struct/RUSTSEC-2021-0032.md
--- old/advisory-db-20210317/crates/byte_struct/RUSTSEC-2021-0032.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/byte_struct/RUSTSEC-2021-0032.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0032"
package = "byte_struct"
+aliases = ["CVE-2021-28033"]
date = "2021-03-01"
url = "https://github.com/wwylele/byte-struct-rs/issues/1";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210317/crates/cgc/RUSTSEC-2020-0148.md
new/advisory-db-20210401/crates/cgc/RUSTSEC-2020-0148.md
--- old/advisory-db-20210317/crates/cgc/RUSTSEC-2020-0148.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/cgc/RUSTSEC-2020-0148.md 2021-03-31
13:30:20.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0148"
+package = "cgc"
+date = "2020-12-10"
+url = "https://github.com/playXE/cgc/issues/5";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "aliasing", "concurrency"]
+
+[versions]
+patched = []
+```
+
+# Multiple soundness issues in `Ptr`
+
+Affected versions of this crate have the following issues:
+
+1. `Ptr` implements `Send` and `Sync` for all types, this can lead to data
+ races by sending non-thread safe types across threads.
+
+2. `Ptr::get` violates mutable alias rules by returning multiple mutable
+ references to the same object.
+
+3. `Ptr::write` uses non-atomic writes to the underlying pointer. This means
+ that when used across threads it can lead to data races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/diesel/RUSTSEC-2021-0037.md
new/advisory-db-20210401/crates/diesel/RUSTSEC-2021-0037.md
--- old/advisory-db-20210317/crates/diesel/RUSTSEC-2021-0037.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/diesel/RUSTSEC-2021-0037.md 2021-03-31
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0037"
package = "diesel"
+aliases = ["CVE-2021-28305"]
date = "2021-03-05"
url = "https://github.com/diesel-rs/diesel/pull/2663";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/disrustor/RUSTSEC-2020-0150.md
new/advisory-db-20210401/crates/disrustor/RUSTSEC-2020-0150.md
--- old/advisory-db-20210317/crates/disrustor/RUSTSEC-2020-0150.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/disrustor/RUSTSEC-2020-0150.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0150"
+package = "disrustor"
+date = "2020-12-17"
+url = "https://github.com/sklose/disrustor/issues/1";
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = []
+```
+
+# RingBuffer can create multiple mutable references and cause data races
+
+The `RingBuffer` type retrieves mutable references from the `DataProvider` in a
+non-atomic manner, potentially allowing the creation of multiple mutable
+references. `RingBuffer` also implements the `Send` and `Sync` traits for all
+types `T`.
+
+This allows undefined behavior from the aliased mutable references as well
+as data races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/fltk/RUSTSEC-2021-0038.md
new/advisory-db-20210401/crates/fltk/RUSTSEC-2021-0038.md
--- old/advisory-db-20210317/crates/fltk/RUSTSEC-2021-0038.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/fltk/RUSTSEC-2021-0038.md 2021-03-31
13:30:20.000000000 +0200
@@ -2,6 +2,11 @@
[advisory]
id = "RUSTSEC-2021-0038"
package = "fltk"
+aliases = [
+ "CVE-2021-28306",
+ "CVE-2021-28307",
+ "CVE-2021-28308",
+]
date = "2021-03-06"
keywords = ["undefined_behavior"]
url = "https://github.com/MoAlyousef/fltk-rs/issues/519";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/generator/RUSTSEC-2020-0151.md
new/advisory-db-20210401/crates/generator/RUSTSEC-2020-0151.md
--- old/advisory-db-20210317/crates/generator/RUSTSEC-2020-0151.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/generator/RUSTSEC-2020-0151.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0151"
+package = "generator"
+date = "2020-11-16"
+url = "https://github.com/Xudong-Huang/generator-rs/issues/27";
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.7.0"]
+```
+
+# Generators can cause data races if non-Send types are used in their
generator functions
+
+The `Generator` type is an iterable which uses a generator function that yields
+values. In affected versions of the crate, the provided function yielding
values
+had no `Send` bounds despite the `Generator` itself implementing `Send`.
+
+The generator function lacking a `Send` bound means that types that are
+dangerous to send across threads such as `Rc` could be sent as part of a
+generator, potentially leading to data races.
+
+This flaw was fixed in commit
[`f7d120a3b`](https://github.com/Xudong-Huang/generator-rs/commit/f7d120a3b724d06a7b623d0a4306acf8f78cb4f0)
+by enforcing that the generator function be bound by `Send`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/hyper/RUSTSEC-2021-0020.md
new/advisory-db-20210401/crates/hyper/RUSTSEC-2021-0020.md
--- old/advisory-db-20210317/crates/hyper/RUSTSEC-2021-0020.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/hyper/RUSTSEC-2021-0020.md 2021-03-31
13:30:20.000000000 +0200
@@ -9,7 +9,7 @@
aliases = ["CVE-2021-21299"]
[versions]
-patched = [">= 0.14.3", "0.13.10"]
+patched = [">= 0.14.3", "0.13.10", "0.12.36"]
unaffected = ["< 0.12.0"]
```
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/insert_many/RUSTSEC-2021-0042.md
new/advisory-db-20210401/crates/insert_many/RUSTSEC-2021-0042.md
--- old/advisory-db-20210317/crates/insert_many/RUSTSEC-2021-0042.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/insert_many/RUSTSEC-2021-0042.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0042"
+package = "insert_many"
+date = "2021-01-26"
+url = "https://github.com/rphmeier/insert_many/issues/1";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# insert_many can drop elements twice on panic
+
+Affected versions of `insert_many` used `ptr::copy` to move over items in a
+vector to make space before inserting, duplicating their ownership. It then
+iterated over a provided `Iterator` to insert the new items.
+
+If the iterator's `.next()` method panics then the vector would drop the same
+elements twice.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/internment/RUSTSEC-2021-0036.md
new/advisory-db-20210401/crates/internment/RUSTSEC-2021-0036.md
--- old/advisory-db-20210317/crates/internment/RUSTSEC-2021-0036.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/internment/RUSTSEC-2021-0036.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0036"
package = "internment"
+aliases = ["CVE-2021-28037"]
date = "2021-03-03"
url = "https://github.com/droundy/internment/issues/20";
categories = ["thread-safety"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/max7301/RUSTSEC-2020-0152.md
new/advisory-db-20210401/crates/max7301/RUSTSEC-2020-0152.md
--- old/advisory-db-20210317/crates/max7301/RUSTSEC-2020-0152.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/max7301/RUSTSEC-2020-0152.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0152"
+package = "max7301"
+date = "2020-12-18"
+url = "https://github.com/edarc/max7301/issues/1";
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.2.0"]
+```
+
+# ImmediateIO and TransactionalIO can cause data races
+
+The `ImmediateIO` and `TransactionalIO` types implement `Sync` for all
contained
+`Expander<EI>` types regardless of if the `Expander` itself is safe to use
+across threads.
+
+As the `IO` types allow retrieving the `Expander`, this can lead to non-thread
+safe types being sent across threads as part of the `Expander` leading to data
+races.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/nano_arena/RUSTSEC-2021-0031.md
new/advisory-db-20210401/crates/nano_arena/RUSTSEC-2021-0031.md
--- old/advisory-db-20210317/crates/nano_arena/RUSTSEC-2021-0031.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/nano_arena/RUSTSEC-2021-0031.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0031"
package = "nano_arena"
+aliases = ["CVE-2021-28032"]
date = "2021-01-31"
url = "https://github.com/bennetthardwick/nano-arena/issues/1";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/parse_duration/RUSTSEC-2021-0041.md
new/advisory-db-20210401/crates/parse_duration/RUSTSEC-2021-0041.md
--- old/advisory-db-20210317/crates/parse_duration/RUSTSEC-2021-0041.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/parse_duration/RUSTSEC-2021-0041.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0041"
+aliases = ["CAN-2021-1000007"]
+package = "parse_duration"
+date = "2021-03-18"
+url = "https://github.com/zeta12ti/parse_duration/issues/21";
+categories = ["denial-of-service"]
+keywords = ["parsing", "untrusted data"]
+
+[versions]
+patched = []
+unaffected = []
+
+[affected.functions]
+"parse_duration::parse" = ["*"]
+```
+
+# Denial of service through parsing payloads with too big exponent
+
+The `parse_duration::parse` function allows for parsing duration strings with
exponents like `5e5s` where under the hood, the [`BigInt` type along with the
`pow` function are used for such
payloads](https://github.com/zeta12ti/parse_duration/blob/26940ab5cd4e3a9d6bd97aa101f8d4bbfd18ee8c/src/parse.rs#L335).
Passing an arbitrarily big exponent makes the `parse_duration::parse` function
to process the payload for a very long time taking up CPU and memory.
+
+This allows an attacker to cause a DoS if the `parse_duration::parse` function
is used to process untrusted input.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/quinn/RUSTSEC-2021-0035.md
new/advisory-db-20210401/crates/quinn/RUSTSEC-2021-0035.md
--- old/advisory-db-20210317/crates/quinn/RUSTSEC-2021-0035.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/quinn/RUSTSEC-2021-0035.md 2021-03-31
13:30:20.000000000 +0200
@@ -2,7 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0035"
package = "quinn"
-aliases = []
+aliases = ["CVE-2021-28036"]
date = "2021-03-04"
url = "https://github.com/quinn-rs/quinn/issues/968";
keywords = ["memory", "layout", "cast"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/reorder/RUSTSEC-2021-0050.md
new/advisory-db-20210401/crates/reorder/RUSTSEC-2021-0050.md
--- old/advisory-db-20210317/crates/reorder/RUSTSEC-2021-0050.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/reorder/RUSTSEC-2021-0050.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0050"
+package = "reorder"
+date = "2021-02-24"
+url = "https://github.com/tiby312/reorder/issues/1";
+keywords = ["memory-corruption", "out-of-bounds"]
+
+[versions]
+patched = []
+```
+
+# swap_index can write out of bounds and return uninitialized memory
+
+`swap_index` takes an iterator and swaps the items with their corresponding
+indexes. It reserves capacity and sets the length of the vector based on the
+`.len()` method of the iterator.
+
+If the `len()` returned by the iterator is larger than the actual number of
+elements yielded, then `swap_index` creates a vector containing uninitialized
+members. If the `len()` returned by the iterator is smaller than the actual
+number of members yielded, then `swap_index` can write out of bounds past
+its allocated vector.
+
+As noted by the Rust documentation,
[`len()`](https://doc.rust-lang.org/std/iter/trait.ExactSizeIterator.html#method.len)
+and `size_hint()` are primarily meant for optimization and incorrect values
+from their implementations should not lead to memory safety violations.
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/rocket/RUSTSEC-2021-0044.md
new/advisory-db-20210401/crates/rocket/RUSTSEC-2021-0044.md
--- old/advisory-db-20210317/crates/rocket/RUSTSEC-2021-0044.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/rocket/RUSTSEC-2021-0044.md 2021-03-31
13:30:20.000000000 +0200
@@ -0,0 +1,33 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0044"
+package = "rocket"
+date = "2021-02-09"
+url = "https://github.com/SergioBenitez/Rocket/issues/1534";
+informational = "unsound"
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "use-after-free"]
+
+[versions]
+patched = [">= 0.4.7"]
+```
+
+# Use after free possible in `uri::Formatter` on panic
+
+Affected versions of this crate transmuted a `&str` to a `&'static str` before
+pushing it into a `StackVec`, this value was then popped later in the same
+function.
+
+This was assumed to be safe because the reference would be valid while the
+method's stack was active. In between the push and the pop, however, a function
+`f` was called that could invoke a user provided function.
+
+If the user provided panicked, then the assumption used by the function was no
+longer true and the transmute to `&'static` would create an illegal static
+reference to the string. This could result in a freed string being used during
+(such as in a `Drop` implementation) or after (e.g through `catch_unwind`) the
+panic unwinding.
+
+This flaw was corrected in commit
[e325e2f](https://github.com/SergioBenitez/Rocket/commit/e325e2fce4d9f9f392761e9fb58b418a48cef8bb)
+by using a guard object to ensure that the `&'static str` was dropped inside
+the function.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/scratchpad/RUSTSEC-2021-0030.md
new/advisory-db-20210401/crates/scratchpad/RUSTSEC-2021-0030.md
--- old/advisory-db-20210317/crates/scratchpad/RUSTSEC-2021-0030.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/scratchpad/RUSTSEC-2021-0030.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0030"
package = "scratchpad"
+aliases = ["CVE-2021-28031"]
date = "2021-02-18"
url = "https://github.com/okready/scratchpad/issues/1";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/slice-deque/RUSTSEC-2021-0047.md
new/advisory-db-20210401/crates/slice-deque/RUSTSEC-2021-0047.md
--- old/advisory-db-20210317/crates/slice-deque/RUSTSEC-2021-0047.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/slice-deque/RUSTSEC-2021-0047.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0047"
+package = "slice-deque"
+date = "2021-02-19"
+url = "https://github.com/gnzlbg/slice_deque/issues/90";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# SliceDeque::drain_filter can double drop an element if the predicate panics
+
+Affected versions of the crate incremented the current index of the drain
filter
+iterator *before* calling the predicate function `self.pred`.
+
+If the predicate function panics, it is possible for the last element in the
+iterator to be dropped twice.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/stack_dst/RUSTSEC-2021-0033.md
new/advisory-db-20210401/crates/stack_dst/RUSTSEC-2021-0033.md
--- old/advisory-db-20210317/crates/stack_dst/RUSTSEC-2021-0033.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/stack_dst/RUSTSEC-2021-0033.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0033"
package = "stack_dst"
+aliases = ["CVE-2021-28034", "CVE-2021-28035"]
date = "2021-02-22"
url = "https://github.com/thepowersgang/stack_dst-rs/issues/5";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/stackvector/RUSTSEC-2021-0048.md
new/advisory-db-20210401/crates/stackvector/RUSTSEC-2021-0048.md
--- old/advisory-db-20210317/crates/stackvector/RUSTSEC-2021-0048.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/stackvector/RUSTSEC-2021-0048.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0048"
+package = "stackvector"
+date = "2021-02-19"
+url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2";
+categories = ["memory-corruption"]
+
+[versions]
+patched = []
+```
+
+# StackVec::extend can write out of bounds when size_hint is incorrect
+
+`StackVec::extend` used the lower and upper bounds from an Iterator's
+`size_hint` to determine how many items to push into the stack based vector.
+
+If the `size_hint` implementation returned a lower bound that was larger than
+the upper bound, `StackVec` would write out of bounds and overwrite memory
+on the stack. As mentioned by the
[size_hint](https://doc.rust-lang.org/std/iter/trait.Iterator.html#provided-methods)
+documentation, `size_hint` is mainly for optimization and incorrect
+implementations should not lead to memory safety issues.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/telemetry/RUSTSEC-2021-0046.md
new/advisory-db-20210401/crates/telemetry/RUSTSEC-2021-0046.md
--- old/advisory-db-20210317/crates/telemetry/RUSTSEC-2021-0046.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/telemetry/RUSTSEC-2021-0046.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0046"
+package = "telemetry"
+date = "2021-02-17"
+url = "https://github.com/Yoric/telemetry.rs/issues/45";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+
+[versions]
+patched = []
+```
+
+# misc::vec_with_size() can drop uninitialized memory if clone panics
+
+`misc::vec_with_size` creates a vector of the provided `size` and immediately
+calls `vec.set_len(size)` on it, initially filling it with uninitialized
memory.
+It then inserts elements using `vec[i] = value.clone()`.
+
+If the `value.clone()` call panics, uninitialized items in the vector will be
+dropped leading to undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/through/RUSTSEC-2021-0049.md
new/advisory-db-20210401/crates/through/RUSTSEC-2021-0049.md
--- old/advisory-db-20210317/crates/through/RUSTSEC-2021-0049.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/through/RUSTSEC-2021-0049.md
2021-03-31 13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0049"
+package = "through"
+date = "2021-02-18"
+url = "https://github.com/gretchenfrage/through/issues/1";
+categories = ["memory-corruption"]
+keywords = ["memory-safety", "double-free"]
+
+[versions]
+patched = []
+```
+
+# `through` and `through_and` causes a double free if the map function panics
+
+`through` and `through_and` take a mutable reference as well as a mapping
+function to change the provided reference. They do this by calling `ptr::read`
+on the reference which duplicates ownership and then calling the mapping
+function.
+
+If the mapping function panics, both the original object and the one
+duplicated by `ptr::read` get dropped, causing a double free.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/toodee/RUSTSEC-2021-0028.md
new/advisory-db-20210401/crates/toodee/RUSTSEC-2021-0028.md
--- old/advisory-db-20210317/crates/toodee/RUSTSEC-2021-0028.md 2021-03-07
19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/toodee/RUSTSEC-2021-0028.md 2021-03-31
13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0028"
package = "toodee"
+aliases = ["CVE-2021-28028", "CVE-2021-28029"]
date = "2021-02-19"
url = "https://github.com/antonmarsden/toodee/issues/13";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/truetype/RUSTSEC-2021-0029.md
new/advisory-db-20210401/crates/truetype/RUSTSEC-2021-0029.md
--- old/advisory-db-20210317/crates/truetype/RUSTSEC-2021-0029.md
2021-03-07 19:44:24.000000000 +0100
+++ new/advisory-db-20210401/crates/truetype/RUSTSEC-2021-0029.md
2021-03-31 13:30:20.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2021-0029"
package = "truetype"
+aliases = ["CVE-2021-28030"]
date = "2021-02-17"
url = "https://github.com/bodoni/truetype/issues/11";
categories = ["memory-exposure"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210317/crates/uu_od/RUSTSEC-2021-0043.md
new/advisory-db-20210401/crates/uu_od/RUSTSEC-2021-0043.md
--- old/advisory-db-20210317/crates/uu_od/RUSTSEC-2021-0043.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20210401/crates/uu_od/RUSTSEC-2021-0043.md 2021-03-31
13:30:20.000000000 +0200
@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0043"
+package = "uu_od"
+date = "2021-02-17"
+url = "https://github.com/uutils/coreutils/issues/1729";
+categories = ["memory-exposure"]
+
+[versions]
+patched = [">= 0.0.4"]
+```
+
+# PartialReader passes uninitialized memory to user-provided Read
+
+Affected versions of this crate passed an uniniitalized buffer to a
+user-provided `Read` instance in `PartialReader::read`.
+
+This can result in safe `Read` implementations reading from the uninitialized
+buffer leading to undefined behavior.
+
+The flaw was fixed in commit
[`39d62c6`](https://github.com/uutils/coreutils/commit/39d62c6c1f809022c903180471c10fde6ecd12d1)
+by zero-initializing the passed buffer.
