Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cargo-audit-advisory-db for
openSUSE:Factory checked in at 2021-10-05 22:33:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cargo-audit-advisory-db (Old)
and /work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cargo-audit-advisory-db"
Tue Oct 5 22:33:49 2021 rev:11 rq:923132 version:20211005
Changes:
--------
---
/work/SRC/openSUSE:Factory/cargo-audit-advisory-db/cargo-audit-advisory-db.changes
2021-08-03 22:49:00.112477976 +0200
+++
/work/SRC/openSUSE:Factory/.cargo-audit-advisory-db.new.2443/cargo-audit-advisory-db.changes
2021-10-05 22:34:14.086909250 +0200
@@ -1,0 +2,15 @@
+Mon Oct 04 21:21:06 UTC 2021 - wbr...@suse.de
+
+- Update to version 20211005:
+ * add CVE information to RUSTSEC-2021-0080 (#1068)
+ * Add CVE information (#1067)
+ * Assigned RUSTSEC-2021-0119 to nix (#1066)
+ * nix::unistd::getgrouplist buffer overflow (#1060)
+ * Assigned RUSTSEC-2021-0118 to arrow (#1064)
+ * Yet another arrow advisory (#1059)
+ * Assigned RUSTSEC-2021-0117 to arrow (#1063)
+ * arrow DecimalArray advisory (#1058)
+ * Assigned RUSTSEC-2021-0116 to arrow (#1062)
+ * arrow BinaryArray advisory (#1057)
+
+-------------------------------------------------------------------
Old:
----
advisory-db-20210802.tar.xz
New:
----
advisory-db-20211005.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cargo-audit-advisory-db.spec ++++++
--- /var/tmp/diff_new_pack.ziD1Ji/_old 2021-10-05 22:34:14.466909912 +0200
+++ /var/tmp/diff_new_pack.ziD1Ji/_new 2021-10-05 22:34:14.466909912 +0200
@@ -17,7 +17,7 @@
Name: cargo-audit-advisory-db
-Version: 20210802
+Version: 20211005
Release: 0
Summary: A database of known security issues for Rust depedencies
License: CC0-1.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.ziD1Ji/_old 2021-10-05 22:34:14.494909960 +0200
+++ /var/tmp/diff_new_pack.ziD1Ji/_new 2021-10-05 22:34:14.498909967 +0200
@@ -2,7 +2,7 @@
<service mode="disabled" name="obs_scm">
<param name="url">https://github.com/RustSec/advisory-db.git</param>
<param name="scm">git</param>
- <param name="version">20210802</param>
+ <param name="version">20211005</param>
<param name="revision">master</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">wbr...@suse.de</param>
++++++ advisory-db-20210802.tar.xz -> advisory-db-20211005.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/.duplicate-id-guard
new/advisory-db-20211005/.duplicate-id-guard
--- old/advisory-db-20210802/.duplicate-id-guard 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/.duplicate-id-guard 2021-10-01
23:25:09.000000000 +0200
@@ -1,3 +1,3 @@
This file causes merge conflicts if two ID assignment jobs run concurrently.
This prevents duplicate ID assignment due to a race between those jobs.
-bd246e1f4b34100531c2fa8edeff29e12391cca115de6b424aed2a2127e93b03 -
+42ca4d90b4a557daf80f0be606f514ad413a5d90341135f70714161f49348a74 -
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/.github/workflows/export-osv.yml
new/advisory-db-20211005/.github/workflows/export-osv.yml
--- old/advisory-db-20210802/.github/workflows/export-osv.yml 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/.github/workflows/export-osv.yml 2021-10-01
23:25:09.000000000 +0200
@@ -1,4 +1,4 @@
-name: Export OSV
+name: Export to OSV format
on:
push:
@@ -10,14 +10,14 @@
steps:
- uses: actions/checkout@v2
with:
- ref: osv-experimental-v0.7
+ ref: osv
- uses: actions/cache@v1
with:
path: ~/.cargo/bin
- key: rustsec-admin-v0.5.1
+ key: rustsec-admin-v0.5.2
- run: |
if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
- cargo install rustsec-admin --vers 0.5.1
+ cargo install rustsec-admin --vers 0.5.2
fi
mkdir -p crates
rustsec-admin osv crates
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/README.md
new/advisory-db-20211005/README.md
--- old/advisory-db-20210802/README.md 2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/README.md 2021-10-01 23:25:09.000000000 +0200
@@ -8,6 +8,9 @@
against Rust crates published via https://crates.io. A human-readable version
of the advisory database can be found at https://rustsec.org/advisories/.
+We also export advisory data to [OSV](https://github.com/ossf/osv-schema)
format,
+see the [`osv`](https://github.com/rustsec/advisory-db/tree/osv) branch.
+
The following tools consume this advisory database and can be used for auditing
and reporting (send PRs to add yours):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/acc_reader/RUSTSEC-2020-0155.md
new/advisory-db-20211005/crates/acc_reader/RUSTSEC-2020-0155.md
--- old/advisory-db-20210802/crates/acc_reader/RUSTSEC-2020-0155.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/acc_reader/RUSTSEC-2020-0155.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0155"
+package = "acc_reader"
+date = "2020-12-27"
+url = "https://github.com/netvl/acc_reader/issues/1";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/actix-http/RUSTSEC-2021-0081.md
new/advisory-db-20211005/crates/actix-http/RUSTSEC-2021-0081.md
--- old/advisory-db-20210802/crates/actix-http/RUSTSEC-2021-0081.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/actix-http/RUSTSEC-2021-0081.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0081"
+package = "actix-http"
+date = "2021-06-16"
+keywords = ["smuggling", "http", "reverse proxy", "request smuggling"]
+aliases = ["CVE-2021-38512"]
+
+[versions]
+patched = ["^ 2.2.1", ">= 3.0.0-beta.9"]
+```
+
+# Potential request smuggling capabilities due to lack of input validation
+
+Affected versions of this crate did not properly detect invalid requests that
could allow HTTP/1 request smuggling (HRS) attacks when running alongside a
vulnerable front-end proxy server. This can result in leaked internal and/or
user data, including credentials, when the front-end proxy is also vulnerable.
+
+Popular front-end proxies and load balancers already mitigate HRS attacks so
it is recommended that they are also kept up to date; check your specific set
up. You should upgrade even if the front-end proxy receives exclusively HTTP/2
traffic and connects to the back-end using HTTP/1; several downgrade attacks
are known that can also expose HRS vulnerabilities.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/actix-web/RUSTSEC-2018-0019.md
new/advisory-db-20211005/crates/actix-web/RUSTSEC-2018-0019.md
--- old/advisory-db-20210802/crates/actix-web/RUSTSEC-2018-0019.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/actix-web/RUSTSEC-2018-0019.md
2021-10-01 23:25:09.000000000 +0200
@@ -20,4 +20,4 @@
This may result in a variety of memory corruption scenarios, most likely
use-after-free.
-A signficant refactoring effort has been conducted to resolve these issues.
+A significant refactoring effort has been conducted to resolve these issues.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0116.md
new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0116.md
--- old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0116.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0116.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0116"
+package = "arrow"
+date = "2021-09-14"
+references = ["https://github.com/apache/arrow-rs/issues/772";,
"https://github.com/apache/arrow-rs/issues/773";]
+categories = ["memory-exposure"]
+keywords = ["buffer-overflow"]
+
+[versions]
+patched = []
+```
+
+# `BinaryArray` does not perform bound checks on reading values and offsets
+
+`BinaryArray` performs insufficient validation on creation, which allows
out-of-bounds reads in safe code.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0117.md
new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0117.md
--- old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0117.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0117.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0117"
+package = "arrow"
+date = "2021-09-14"
+url = "https://github.com/apache/arrow-rs/issues/775";
+categories = ["memory-exposure"]
+keywords = ["buffer-overflow"]
+
+[versions]
+patched = []
+```
+
+# `DecimalArray` does not perform bound checks on accessing values and offsets
+
+`DecimalArray` performs insufficient bounds checks,
+which allows out-of-bounds reads in safe code
+if the lenght of the backing buffer is not a multiple of 16.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0118.md
new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0118.md
--- old/advisory-db-20210802/crates/arrow/RUSTSEC-2021-0118.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/arrow/RUSTSEC-2021-0118.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0118"
+package = "arrow"
+date = "2021-09-14"
+url = "https://github.com/apache/arrow-rs/issues/774";
+categories = ["memory-exposure"]
+keywords = ["buffer-overflow"]
+
+[versions]
+patched = []
+```
+
+# `FixedSizeBinaryArray` does not perform bound checks on accessing values and
offsets
+
+`FixedSizeBinaryArray` performs insufficient bounds checks, which allows
out-of-bounds reads in safe code.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/ash/RUSTSEC-2021-0090.md
new/advisory-db-20211005/crates/ash/RUSTSEC-2021-0090.md
--- old/advisory-db-20210802/crates/ash/RUSTSEC-2021-0090.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/ash/RUSTSEC-2021-0090.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0090"
+package = "ash"
+date = "2021-01-07"
+url = "https://github.com/MaikKlein/ash/issues/354";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = [">= 0.33.1"]
+```
+
+# Reading on uninitialized memory may cause UB ( `util::read_spv()` )
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/bat/RUSTSEC-2021-0106.md
new/advisory-db-20211005/crates/bat/RUSTSEC-2021-0106.md
--- old/advisory-db-20210802/crates/bat/RUSTSEC-2021-0106.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/bat/RUSTSEC-2021-0106.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0106"
+package = "bat"
+date = "2021-07-15"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2021-36753";
+categories = ["code-execution"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+aliases = ["CVE-2021-36753", "GHSA-p24j-h477-76q3"]
+[affected]
+os = ["windows"]
+[versions]
+patched = [">= 0.18.2"]
+```
+
+# Uncontrolled Search Path Element in sharkdp/bat
+
+bat on windows before 0.18.2 executes programs named less.exe from the current
working directory. This can lead to unintended code execution.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md
new/advisory-db-20211005/crates/better-macro/RUSTSEC-2021-0077.md
--- old/advisory-db-20210802/crates/better-macro/RUSTSEC-2021-0077.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/better-macro/RUSTSEC-2021-0077.md
2021-10-01 23:25:09.000000000 +0200
@@ -17,7 +17,7 @@
# `better-macro` has deliberate RCE to prove a point
[better-macro](https://crates.io/crates/better-macro) is a fake crate which is
-"Proving A Point" that proc-macros can run arbitrary code. This a particularly
+"Proving A Point" that proc-macros can run arbitrary code. This is not a
particularly
novel or interesting observation.
It currently opens
`https://github.com/raycar5/better-macro/blob/master/doc/hi.md`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/binjs_io/RUSTSEC-2021-0085.md
new/advisory-db-20211005/crates/binjs_io/RUSTSEC-2021-0085.md
--- old/advisory-db-20210802/crates/binjs_io/RUSTSEC-2021-0085.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/binjs_io/RUSTSEC-2021-0085.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0085"
+package = "binjs_io"
+date = "2021-01-03"
+url = "https://github.com/binast/binjs-ref/issues/460";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# 'Read' on uninitialized memory may cause UB
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation. The crate currently contains 4 occurrences
of such cases.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/bite/RUSTSEC-2020-0153.md
new/advisory-db-20211005/crates/bite/RUSTSEC-2020-0153.md
--- old/advisory-db-20210802/crates/bite/RUSTSEC-2020-0153.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/bite/RUSTSEC-2020-0153.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0153"
+package = "bite"
+date = "2020-12-31"
+url = "https://github.com/hinaria/bite/issues/1";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `read` on uninitialized buffer may cause UB
(bite::read::BiteReadExpandedExt::read_framed_max)
+
+Affected versions of this crate calls a user provided `Read` implementation on
an uninitialized buffer.
+
+`Read` on uninitialized buffer is defined as undefined behavior in Rust.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/bronzedb-protocol/RUSTSEC-2021-0084.md
new/advisory-db-20211005/crates/bronzedb-protocol/RUSTSEC-2021-0084.md
--- old/advisory-db-20210802/crates/bronzedb-protocol/RUSTSEC-2021-0084.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/bronzedb-protocol/RUSTSEC-2021-0084.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0084"
+package = "bronzedb-protocol"
+date = "2021-01-03"
+url = "https://github.com/Hexilee/BronzeDB/issues/1";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/buffoon/RUSTSEC-2020-0154.md
new/advisory-db-20211005/crates/buffoon/RUSTSEC-2020-0154.md
--- old/advisory-db-20210802/crates/buffoon/RUSTSEC-2020-0154.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/buffoon/RUSTSEC-2020-0154.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0154"
+package = "buffoon"
+date = "2020-12-31"
+url = "https://github.com/carllerche/buffoon/issues/2";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# InputStream::read_exact : `Read` on uninitialized buffer causes UB
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/bumpalo/RUSTSEC-2020-0006.md
new/advisory-db-20211005/crates/bumpalo/RUSTSEC-2020-0006.md
--- old/advisory-db-20210802/crates/bumpalo/RUSTSEC-2020-0006.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/bumpalo/RUSTSEC-2020-0006.md
2021-10-01 23:25:09.000000000 +0200
@@ -39,7 +39,7 @@
2. I've written a quickcheck test to exercise `realloc`. Without the bug fix
in this patch, this quickcheck immediately triggers invalid reads when run
under `valgrind`. We didn't previously have quickchecks that exercised
- `realloc` beacuse `realloc` isn't publicly exposed directly, and instead
+ `realloc` because `realloc` isn't publicly exposed directly, and instead
can only be indirectly called. This new quickcheck test exercises `realloc`
via `bumpalo::collections::Vec::resize` and
`bumpalo::collections::Vec::shrink_to_fit` calls.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0107.md
new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0107.md
--- old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0107.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0107.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,34 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0107"
+package = "ckb"
+date = "2021-07-25"
+url =
"https://github.com/nervosnetwork/ckb/security/advisories/GHSA-v666-6w97-pcwm";
+aliases = ["GHSA-v666-6w97-pcwm"]
+[versions]
+patched = [">= 0.40.0"]
+```
+
+# Miner fails to get block template when a cell used as a cell dep has been
destroyed.
+
+## Impact
+
+The RPC get_block_template fails when a cell has been used as a cell dep and
an input in the different transactions.
+
+Say cell C is used as a dep group in the transaction A, and is destroyed in
the transaction B.
+
+The node adds transaction A first, then B into the transaction pool. They are
both valid. But when generating the block template, if the fee rate of B is
higher, it comes before A, which will invalidate A. Currently the RPC
get_block_template will fail instead of dropping A.
+
+## Patch
+
+First, the get_block_template should not fail but dropping the conflict
transactions.
+
+Then we can propose solution to this issue. Here is an example. When a
transaction is added to the pool, the pool must consider it depending on all
the transactions which dep cell (direct or indirect via dep group) has been
destroyed in this transaction. Because future transactions using the destroyed
cells as dep will be rejected, the spending transaction only need to wait for
all the existing dep transactions on chain.
+
+## Workaround
+
+ Submit transaction B when A is already on chain.
+ Let B depend on A explicitly, there are several solutions:
+ a. Add any output cell on A as a dep cell or input in B.
+ b. Merge A and B. CKB allows using the same cell as both dep and input
in the same transaction.
+ Ensure the fee rate of B is less than A so A always has higher priority.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0108.md
new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0108.md
--- old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0108.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0108.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0108"
+package = "ckb"
+date = "2021-07-25"
+url =
"https://github.com/nervosnetwork/ckb/security/advisories/GHSA-48vq-8jqv-gm6f";
+aliases = ["GHSA-48vq-8jqv-gm6f"]
+[versions]
+patched = [">= 0.40.0"]
+```
+
+# Remote memory exhaustion in ckb
+
+In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior'
that keeps a score of a peer's violations of the protocol. This HashMap is
keyed to PeerIndex (an alias for SessionId), and entries are never removed from
it. SessionId is an integer that increases monotonically with every new
connection.
+
+A remote attacker can manipulate this HashMap to grow forever, resulting in
degraded performance and ultimately a panic on allocation failure or being
killed by the OS, depending on the platform.
+
+This is a critical severity security bug. It could be exploited to create a
targeted or network-wide denial of service, to reduce the hash power of the
network as part of a 51% attack, and perhaps in other creative ways.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0109.md
new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0109.md
--- old/advisory-db-20210802/crates/ckb/RUSTSEC-2021-0109.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/ckb/RUSTSEC-2021-0109.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,14 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0109"
+package = "ckb"
+date = "2021-07-25"
+url =
"https://github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm";
+aliases = ["GHSA-45p7-c959-rgcm"]
+[versions]
+patched = [">= 0.40.0"]
+```
+
+# Process crashes when the cell used as DepGroup is not alive
+
+It's easy to create a malign transaction which uses the dead cell as the
DepGroup in the DepCells. The transaction can crash all the receiving nodes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/claxon/RUSTSEC-2018-0004.md
new/advisory-db-20211005/crates/claxon/RUSTSEC-2018-0004.md
--- old/advisory-db-20210802/crates/claxon/RUSTSEC-2018-0004.md 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/claxon/RUSTSEC-2018-0004.md 2021-10-01
23:25:09.000000000 +0200
@@ -21,7 +21,7 @@
This allows an attacker to observe parts of the uninitialized memory in the
decoded audio stream.
-The flaw was corrected by checking that the value read from the bistream
divides
+The flaw was corrected by checking that the value read from the bitstream
divides
the decode buffer size, and returning a format error if it does not. If an
error
is returned, the decode buffer is not exposed. Regression tests and an
additional fuzzer have been added to prevent similar flaws in the future.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/columnar/RUSTSEC-2021-0087.md
new/advisory-db-20211005/crates/columnar/RUSTSEC-2021-0087.md
--- old/advisory-db-20210802/crates/columnar/RUSTSEC-2021-0087.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/columnar/RUSTSEC-2021-0087.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0087"
+package = "columnar"
+date = "2021-01-07"
+url = "https://github.com/frankmcsherry/columnar/issues/6";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# columnar: `Read` on uninitialized buffer may cause UB
(ColumnarReadExt::read_typed_vec())
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation (`ColumnarReadExt::read_typed_vec()`).
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/cosmos_sdk/RUSTSEC-2021-0099.md
new/advisory-db-20211005/crates/cosmos_sdk/RUSTSEC-2021-0099.md
--- old/advisory-db-20210802/crates/cosmos_sdk/RUSTSEC-2021-0099.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/cosmos_sdk/RUSTSEC-2021-0099.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0099"
+package = "cosmos_sdk"
+date = "2021-08-25"
+informational = "unmaintained"
+url = "https://github.com/cosmos/cosmos-rust/issues/113";
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# Crate has been renamed to `cosmrs`
+
+The `cosmos_sdk` crate, which provides a basic Rust SDK for the Cosmos
ecosystem,
+has rebranded to ???CosmRS??? in the spirit of other projects like CosmJS and
CosmWasm.
+
+You can find the new home here:
+
+https://github.com/cosmos/cosmos-rust/tree/main/cosmrs
+
+The new crate name is `cosmrs`:
+
+https://crates.io/crates/cosmrs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/crossbeam-deque/RUSTSEC-2021-0093.md
new/advisory-db-20211005/crates/crossbeam-deque/RUSTSEC-2021-0093.md
--- old/advisory-db-20210802/crates/crossbeam-deque/RUSTSEC-2021-0093.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/crossbeam-deque/RUSTSEC-2021-0093.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0093"
+package = "crossbeam-deque"
+aliases = ["GHSA-pqqp-xmhj-wgcw", "CVE-2021-32810"]
+categories = ["memory-corruption"]
+date = "2021-07-30"
+url =
"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw";
+
+[versions]
+patched = [">= 0.7.4, < 0.8.0", ">= 0.8.1"]
+```
+
+# Data race in crossbeam-deque
+
+In the affected version of this crate, the result of the race condition is
that one or more tasks in the worker queue can be popped twice instead of other
tasks that are forgotten and never popped. If tasks are allocated on the heap,
this can cause double free and a memory leak. If not, this still can cause a
logical bug.
+
+Crates using `Stealer::steal`, `Stealer::steal_batch`, or
`Stealer::steal_batch_and_pop` are affected by this issue.
+
+Credits to @kmaork for discovering, reporting and fixing the bug.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/csv-sniffer/RUSTSEC-2021-0088.md
new/advisory-db-20211005/crates/csv-sniffer/RUSTSEC-2021-0088.md
--- old/advisory-db-20210802/crates/csv-sniffer/RUSTSEC-2021-0088.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/csv-sniffer/RUSTSEC-2021-0088.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0088"
+package = "csv-sniffer"
+date = "2021-01-05"
+url = "https://github.com/jblondin/csv-sniffer/issues/1";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `Read` on uninitialized memory may cause UB (fn preamble_skipcount())
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation (within `fn preamble_skipcount()`).
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/derive-com-impl/RUSTSEC-2021-0083.md
new/advisory-db-20211005/crates/derive-com-impl/RUSTSEC-2021-0083.md
--- old/advisory-db-20210802/crates/derive-com-impl/RUSTSEC-2021-0083.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/derive-com-impl/RUSTSEC-2021-0083.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,35 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0083"
+package = "derive-com-impl"
+date = "2021-01-20"
+url = "https://github.com/Connicpu/com-impl/issues/1";
+categories = ["memory-corruption"]
+keywords = ["com", "queryinterface", "addref"]
+
+[affected]
+functions = { "derive_com_impl::derive_com_impl" = ["<= 0.1.1"] }
+
+[versions]
+patched = [">= 0.1.2"]
+```
+
+# QueryInterface should call AddRef before returning pointer
+
+Affected version of this crate, which is a required dependency in com-impl,
+provides a faulty implementation of the `IUnknown::QueryInterface` method.
+
+`QueryInterface` implementation must call `IUnknown::AddRef` before returning
the pointer,
+as describe in this documentation:
+<https://docs.microsoft.com/en-us/windows/win32/api/unknwn/nf-unknwn-iunknown-queryinterface(refiid_void)>
+
+As it is not incrementing the refcount as expected, the following calls to
`IUnknown::Release` method
+will cause WMI to drop reference to the interface, and can lead to invalid
reference.
+
+This is documented in
<https://docs.microsoft.com/en-us/windows/win32/learnwin32/managing-the-lifetime-of-an-object#reference-counting>
+
+There is no simple workaround, as you can't know how many time QueryInterface
will be called.
+The only way to quick fix this is to use the macro expanded version of the
code and modify
+the QueryInterface method to add the AddRef call yourself.
+
+The issue was corrected in commit `9803f31fbd1717d482d848f041044d061fca6da7`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/failure/RUSTSEC-2019-0036.md
new/advisory-db-20211005/crates/failure/RUSTSEC-2019-0036.md
--- old/advisory-db-20210802/crates/failure/RUSTSEC-2019-0036.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/failure/RUSTSEC-2019-0036.md
2021-10-01 23:25:09.000000000 +0200
@@ -15,7 +15,7 @@
patched = []
```
-# Type confusion if __private_get_type_id__ is overriden
+# Type confusion if __private_get_type_id__ is overridden
Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause
type confusion when downcasting, which is an undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/flumedb/RUSTSEC-2021-0086.md
new/advisory-db-20211005/crates/flumedb/RUSTSEC-2021-0086.md
--- old/advisory-db-20210802/crates/flumedb/RUSTSEC-2021-0086.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/flumedb/RUSTSEC-2021-0086.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0086"
+package = "flumedb"
+date = "2021-01-07"
+url = "https://github.com/sunrise-choir/flumedb-rs/issues/10";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `Read` on uninitialized buffer may cause UB ( `read_entry()` )
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+There are two of such cases (`go_offset_log::read_entry()` &
`offset_log::read_entry()`).
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/futures-task/RUSTSEC-2020-0061.md
new/advisory-db-20211005/crates/futures-task/RUSTSEC-2020-0061.md
--- old/advisory-db-20210802/crates/futures-task/RUSTSEC-2020-0061.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/futures-task/RUSTSEC-2020-0061.md
2021-10-01 23:25:09.000000000 +0200
@@ -19,7 +19,7 @@
assuming that the reference would never be returned from another thread.
This resulted in a segmentation fault crash if `Waker::wake_by_ref()` was
called on a waker returned from another thread due to
-it attempting to dereference a pointer that wasn't accesible from the main
thread.
+it attempting to dereference a pointer that wasn't accessible from the main
thread.
Reproduction Example (from issue):
```rust
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/generator/RUSTSEC-2020-0151.md
new/advisory-db-20211005/crates/generator/RUSTSEC-2020-0151.md
--- old/advisory-db-20210802/crates/generator/RUSTSEC-2020-0151.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/generator/RUSTSEC-2020-0151.md
2021-10-01 23:25:09.000000000 +0200
@@ -2,6 +2,7 @@
[advisory]
id = "RUSTSEC-2020-0151"
package = "generator"
+aliases = ["CVE-2020-36471"]
date = "2020-11-16"
url = "https://github.com/Xudong-Huang/generator-rs/issues/27";
categories = ["memory-corruption"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/gfx-auxil/RUSTSEC-2021-0091.md
new/advisory-db-20211005/crates/gfx-auxil/RUSTSEC-2021-0091.md
--- old/advisory-db-20210802/crates/gfx-auxil/RUSTSEC-2021-0091.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/gfx-auxil/RUSTSEC-2021-0091.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0091"
+package = "gfx-auxil"
+date = "2021-01-07"
+url = "https://github.com/gfx-rs/gfx/issues/3567";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer.
+Reading from uninitialized memory produces undefined values that can quickly
invoke undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/git-delta/RUSTSEC-2021-0105.md
new/advisory-db-20211005/crates/git-delta/RUSTSEC-2021-0105.md
--- old/advisory-db-20210802/crates/git-delta/RUSTSEC-2021-0105.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/git-delta/RUSTSEC-2021-0105.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0105"
+package = "git-delta"
+date = "2021-07-12"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2021-36376";
+categories = ["file-disclosure"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+aliases = ["CVE-2021-36376", "GHSA-5xg3-j2j6-rcx4"]
+[affected]
+os = ["windows"]
+[versions]
+patched = [">= 0.8.3"]
+```
+
+# Relative Path Traversal in git-delta
+
+git-delta before 0.8.3 on Windows resolves an executable's pathname as a
relative path from the current directory.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/http/RUSTSEC-2019-0033.md
new/advisory-db-20211005/crates/http/RUSTSEC-2019-0033.md
--- old/advisory-db-20210802/crates/http/RUSTSEC-2019-0033.md 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/http/RUSTSEC-2019-0033.md 2021-10-01
23:25:09.000000000 +0200
@@ -18,7 +18,7 @@
# Integer Overflow in HeaderMap::reserve() can cause Denial of Service
`HeaderMap::reserve()` used `usize::next_power_of_two()` to calculate the
increased capacity.
-However, `next_power_of_two()` silently overflows to 0 if given a sufficently
large number
+However, `next_power_of_two()` silently overflows to 0 if given a sufficiently
large number
in release mode.
If the map was not empty when the overflow happens,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/hyper/RUSTSEC-2021-0078.md
new/advisory-db-20211005/crates/hyper/RUSTSEC-2021-0078.md
--- old/advisory-db-20210802/crates/hyper/RUSTSEC-2021-0078.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/hyper/RUSTSEC-2021-0078.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0078"
+package = "hyper"
+date = "2021-07-07"
+url =
"https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c";
+keywords = ["parsing", "http"]
+aliases = ["CVE-2021-32715", "GHSA-f3pg-qwvg-p99c"]
+
+[versions]
+patched = [">= 0.14.10"]
+```
+
+# Lenient `hyper` header parsing of `Content-Length` could allow request
smuggling
+
+`hyper`'s HTTP header parser accepted, according to RFC 7230, illegal contents
inside `Content-Length` headers.
+Due to this, upstream HTTP proxies that ignore the header may still forward
them along if it chooses to ignore the error.
+
+To be vulnerable, `hyper` must be used as an HTTP/1 server and using an HTTP
proxy upstream that ignores the header's contents
+but still forwards it. Due to all the factors that must line up, an attack
exploiting this vulnerability is unlikely.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/hyper/RUSTSEC-2021-0079.md
new/advisory-db-20211005/crates/hyper/RUSTSEC-2021-0079.md
--- old/advisory-db-20210802/crates/hyper/RUSTSEC-2021-0079.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/hyper/RUSTSEC-2021-0079.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0079"
+package = "hyper"
+date = "2021-07-07"
+url =
"https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9";
+keywords = ["http", "parsing", "data loss"]
+aliases = ["CVE-2021-32714", "GHSA-5h46-h7hh-c6x9"]
+
+[versions]
+patched = [">= 0.14.10"]
+```
+
+# Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header
leads to data loss
+
+When decoding chunk sizes that are too large, `hyper`'s code would encounter
an integer overflow. Depending on the situation,
+this could lead to data loss from an incorrect total size, or in rarer cases,
a request smuggling attack.
+
+To be vulnerable, you must be using `hyper` for any HTTP/1 purpose, including
as a client or server, and consumers must send
+requests or responses that specify a chunk size greater than 18 exabytes. For
a possible request smuggling attack to be possible,
+any upstream proxies must accept a chunk size greater than 64 bits.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/lettre/RUSTSEC-2020-0069.md
new/advisory-db-20211005/crates/lettre/RUSTSEC-2020-0069.md
--- old/advisory-db-20210802/crates/lettre/RUSTSEC-2020-0069.md 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/lettre/RUSTSEC-2020-0069.md 2021-10-01
23:25:09.000000000 +0200
@@ -26,7 +26,7 @@
to pass arbitrary arguments to the sendmail executable.
Depending on the implementation (original sendmail, postfix, exim, etc.)
-it could be possible in some cases to write email data into abritrary files
(using sendmail's
+it could be possible in some cases to write email data into arbitrary files
(using sendmail's
logging features).
The flaw is corrected by modifying the executed command to stop parsing
arguments
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/libpulse-binding/RUSTSEC-2018-0020.md
new/advisory-db-20211005/crates/libpulse-binding/RUSTSEC-2018-0020.md
--- old/advisory-db-20210802/crates/libpulse-binding/RUSTSEC-2018-0020.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/libpulse-binding/RUSTSEC-2018-0020.md
2021-10-01 23:25:09.000000000 +0200
@@ -3,9 +3,9 @@
id = "RUSTSEC-2018-0020"
package = "libpulse-binding"
date = "2018-12-22"
-url =
"https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-f56g-chqp-22m9";
+url = "https://github.com/advisories/GHSA-6gvc-4jvj-pwq4";
categories = ["memory-corruption"]
-aliases = ["GHSA-f56g-chqp-22m9"]
+aliases = ["GHSA-6gvc-4jvj-pwq4"]
[versions]
patched = [">= 2.5.0"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/libsecp256k1-rs/RUSTSEC-2020-0156.md
new/advisory-db-20211005/crates/libsecp256k1-rs/RUSTSEC-2020-0156.md
--- old/advisory-db-20210802/crates/libsecp256k1-rs/RUSTSEC-2020-0156.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/libsecp256k1-rs/RUSTSEC-2020-0156.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0156"
+package = "libsecp256k1-rs"
+date = "2020-01-22"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2019-20399";
+categories = ["crypto-failure"]
+cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
+aliases = ["CVE-2019-20399", "GHSA-7cqg-8449-rmfv"]
+[versions]
+patched = [">= 0.3.1"]
+```
+
+# Observable Discrepancy in libsecp256k1-rs
+
+A timing vulnerability in the Scalar::check_overflow function in Parity
libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information
via a side-channel attack.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/messagepack-rs/RUSTSEC-2021-0092.md
new/advisory-db-20211005/crates/messagepack-rs/RUSTSEC-2021-0092.md
--- old/advisory-db-20210802/crates/messagepack-rs/RUSTSEC-2021-0092.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/messagepack-rs/RUSTSEC-2021-0092.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0092"
+package = "messagepack-rs"
+date = "2021-01-26"
+url = "https://github.com/otake84/messagepack-rs/issues/2";
+categories = ["memory-exposure"]
+
+[versions]
+patched = []
+```
+
+# Deserialization functions pass uninitialized memory to user-provided Read
+
+Affected versions of this crate passed an uninitialized buffer to a
+user-provided `Read` instance in:
+
+* `deserialize_binary`
+* `deserialize_string`
+* `deserialize_extension_others`
+* `deserialize_string_primitive`
+
+This can result in safe `Read` implementations reading from the uninitialized
+buffer leading to undefined behavior.
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/metrics-util/RUSTSEC-2021-0113.md
new/advisory-db-20211005/crates/metrics-util/RUSTSEC-2021-0113.md
--- old/advisory-db-20210802/crates/metrics-util/RUSTSEC-2021-0113.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/metrics-util/RUSTSEC-2021-0113.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0113"
+package = "metrics-util"
+date = "2021-04-07"
+url = "https://github.com/metrics-rs/metrics/issues/190";
+categories = ["memory-corruption", "thread-safety"]
+[versions]
+patched = [">= 0.7.0"]
+```
+
+# AtomicBucket<T> unconditionally implements Send/Sync
+
+In the affected versions of the crate, `AtomicBucket<T>` unconditionally
implements `Send`/`Sync` traits. Therefore, users can create a data race to the
inner
+`T: !Sync` by using the `AtomicBucket::data_with()` API.
+Such data races can potentially cause memory corruption or other undefined
behavior.
+
+The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to
the Send/Sync impl of struct `Block<T>` (which is a data type contained inside
`AtomicBucket<T>`).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/molecule/RUSTSEC-2021-0103.md
new/advisory-db-20211005/crates/molecule/RUSTSEC-2021-0103.md
--- old/advisory-db-20210802/crates/molecule/RUSTSEC-2021-0103.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/molecule/RUSTSEC-2021-0103.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,14 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0103"
+package = "molecule"
+date = "2021-07-30"
+url =
"https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9";
+aliases = ["GHSA-82hm-vh7g-hrh9"]
+[versions]
+patched = [">= 0.7.2"]
+```
+
+# Partial read is incorrect in molecule
+
+Anyone who uses total_size(..) function to partial read the length of any
FixVec will get an incorrect result, due to an incorrect implementation. This
has been resolved in the 0.7.2 release.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/mopa/RUSTSEC-2021-0095.md
new/advisory-db-20211005/crates/mopa/RUSTSEC-2021-0095.md
--- old/advisory-db-20210802/crates/mopa/RUSTSEC-2021-0095.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/mopa/RUSTSEC-2021-0095.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,32 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0095"
+package = "mopa"
+date = "2021-06-01"
+url = "https://github.com/chris-morgan/mopa/issues/13";
+categories = ["memory-corruption", "memory-exposure", "code-execution"]
+keywords = ["transmute", "dyn"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# `mopa` is technically unsound
+The `mopa` crate redefines the deprecated `TraitObject` struct from
`core::raw` like so:
+```rust
+#[repr(C)]
+#[derive(Copy, Clone)]
+#[doc(hidden)]
+pub struct TraitObject {
+ pub data: *mut (),
+ pub vtable: *mut (),
+}
+```
+This is done to then transmute a reference to a trait object (`&dyn Trait` for
any trait `Trait`) into this struct and retrieve the `data` field for the
purpose of downcasting. This is used to implement `downcast_ref_unchecked()`,
in terms of which `downcast_ref()` is also implemented. Same goes for mutable
reference downcasting and `Box` downcasting.
+
+The Rust compiler explicitly reserves the right to change the memory layout of
`&dyn Trait` for any trait `Trait`. The worst case scenario is that it swaps
`data` and `vtable`, making an executable location breach and compromisation of
ASLR possible, since reads from `data` would read `vtable` instead. Likewise,
arbitrary code execution is also theoretically possible if reads of `vtable`
generated by the compiler read `data` instead.
+
+While, as of Rust 1.52, this unsound assumption still holds true, updating the
compiler may silently create UB in a crate which previously compiled and run
without issues, compromising the security of builds which are believed to be
reproducible.
+
+A potential strategy to resolve this has already been suggested in an issue on
the GitHub repository of the crate.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/mozwire/RUSTSEC-2020-0030.md
new/advisory-db-20211005/crates/mozwire/RUSTSEC-2020-0030.md
--- old/advisory-db-20210802/crates/mozwire/RUSTSEC-2020-0030.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/mozwire/RUSTSEC-2020-0030.md
2021-10-01 23:25:09.000000000 +0200
@@ -19,6 +19,6 @@
No verification of the content of the string was made, and it could therefore
have included '../' leading to path traversal.
-This allows an attacker in controll of mozilla's servers to overwrite/create
local files named .conf.
+This allows an attacker in control of mozilla's servers to overwrite/create
local files named .conf.
The flaw was corrected by sanitizing the hostname field.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/nanorand/RUSTSEC-2021-0114.md
new/advisory-db-20211005/crates/nanorand/RUSTSEC-2021-0114.md
--- old/advisory-db-20210802/crates/nanorand/RUSTSEC-2021-0114.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/nanorand/RUSTSEC-2021-0114.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0114"
+package = "nanorand"
+date = "2021-09-23"
+url = "https://github.com/Absolucy/nanorand-rs/issues/28";
+keywords = ["memory-safety", "aliasing"]
+
+[versions]
+patched = [">= 0.6.1"]
+unaffected = ["< 0.5.0"]
+
+[affected]
+functions = { "nanorand::tls::tls_rand" = [">= 0.5.0", "<= 0.6.0"] }
+```
+
+# Aliased mutable references from `tls_rand` & `TlsWyRand`
+
+`TlsWyRand`'s implementation of `Deref` unconditionally dereferences a raw
pointer, and returns
+multiple mutable references to the same object, which is undefined behavior.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/net2/RUSTSEC-2020-0078.md
new/advisory-db-20211005/crates/net2/RUSTSEC-2020-0078.md
--- old/advisory-db-20210802/crates/net2/RUSTSEC-2020-0078.md 2021-07-26
22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/net2/RUSTSEC-2020-0078.md 2021-10-01
23:25:09.000000000 +0200
@@ -2,7 +2,6 @@
[advisory]
id = "RUSTSEC-2020-0078"
package = "net2"
-aliases = ["CVE-2020-35920"]
date = "2020-11-07"
url = "https://github.com/deprecrated/net2-rs/issues/105";
keywords = ["memory", "layout", "cast"]
@@ -16,7 +15,7 @@
The [`net2`](https://crates.io/crates/net2) crate has assumed
`std::net::SocketAddrV4`
and `std::net::SocketAddrV6` have the same memory layout as the system C
representation
-`sockaddr`. It has simply casted the pointers to convert the socket addresess
to the
+`sockaddr`. It has simply casted the pointers to convert the socket addresses
to the
system representation. The standard library does not say anything about the
memory
layout, and this will cause invalid memory access if the standard library
changes the implementation. No warnings or errors will be emitted once the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/nix/RUSTSEC-2021-0119.md
new/advisory-db-20211005/crates/nix/RUSTSEC-2021-0119.md
--- old/advisory-db-20210802/crates/nix/RUSTSEC-2021-0119.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/nix/RUSTSEC-2021-0119.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,39 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0119"
+package = "nix"
+date = "2021-09-27"
+url = "https://github.com/nix-rust/nix/issues/1541";
+categories = ["memory-corruption"]
+keywords = ["nss"]
+informational = "unsound"
+
+[versions]
+patched = ["^0.20.2", "^0.21.2", "^0.22.2", ">= 0.23.0",]
+unaffected = ["< 0.16.0"]
+
+[affected]
+os = ["linux", "freebsd", "android", "netbsd", "dragonfly", "openbsd",
"fuchsia"]
+functions = { "nix::unistd::getgrouplist" = [">= 0.16.0"] }
+```
+
+# Out-of-bounds write in nix::unistd::getgrouplist
+
+On certain platforms, if a user has more than 16 groups, the
+`nix::unistd::getgrouplist` function will call the libc `getgrouplist`
+function with a length parameter greater than the size of the buffer it
+provides, resulting in an out-of-bounds write and memory corruption.
+
+The libc `getgrouplist` function takes an in/out parameter `ngroups`
+specifying the size of the group buffer. When the buffer is too small to
+hold all of the reqested user's group memberships, some libc
+implementations, including glibc and Solaris libc, will modify `ngroups`
+to indicate the actual number of groups for the user, in addition to
+returning an error. The version of `nix::unistd::getgrouplist` in nix
+0.16.0 and up will resize the buffer to twice its size, but will not
+read or modify the `ngroups` variable. Thus, if the user has more than
+twice as many groups as the initial buffer size of 8, the next call to
+`getgrouplist` will then write past the end of the buffer.
+
+The issue would require editing /etc/groups to exploit, which is usually
+only editable by the root user.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/once_cell/RUSTSEC-2019-0017.md
new/advisory-db-20211005/crates/once_cell/RUSTSEC-2019-0017.md
--- old/advisory-db-20210802/crates/once_cell/RUSTSEC-2019-0017.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/once_cell/RUSTSEC-2019-0017.md
2021-10-01 23:25:09.000000000 +0200
@@ -21,7 +21,7 @@
# Panic during initialization of Lazy<T> might trigger undefined behavior
If during the first dereference of Lazy<T> the initialization function panics,
-subsequent derefernces will execute `std::hints::unreachable_unchecked`.
+subsequent dereferences will execute `std::hints::unreachable_unchecked`.
Applications with `panic = "abort"` are not affected, as there will be no
subsequent dereferences.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/openssl-src/RUSTSEC-2021-0097.md
new/advisory-db-20211005/crates/openssl-src/RUSTSEC-2021-0097.md
--- old/advisory-db-20210802/crates/openssl-src/RUSTSEC-2021-0097.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/openssl-src/RUSTSEC-2021-0097.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,35 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0097"
+package = "openssl-src"
+aliases = ["CVE-2021-3711"]
+categories = ["crypto-failure"]
+date = "2021-08-24"
+url = "https://www.openssl.org/news/secadv/20210824.txt";
+
+[versions]
+patched = [">= 111.16"]
+```
+
+# SM2 Decryption Buffer Overflow
+
+In order to decrypt SM2 encrypted data an application is expected to call the
+API function `EVP_PKEY_decrypt()`. Typically an application will call this
+function twice. The first time, on entry, the "out" parameter can be NULL and,
+on exit, the "outlen" parameter is populated with the buffer size required to
+hold the decrypted plaintext. The application can then allocate a sufficiently
+sized buffer and call `EVP_PKEY_decrypt()` again, but this time passing a
non-NULL
+value for the "out" parameter.
+
+A bug in the implementation of the SM2 decryption code means that the
+calculation of the buffer size required to hold the plaintext returned by the
+first call to `EVP_PKEY_decrypt()` can be smaller than the actual size
required by
+the second call. This can lead to a buffer overflow when `EVP_PKEY_decrypt()`
is
+called by the application a second time with a buffer that is too small.
+
+A malicious attacker who is able present SM2 content for decryption to an
+application could cause attacker chosen data to overflow the buffer by up to a
+maximum of 62 bytes altering the contents of other data held after the
+buffer, possibly changing application behaviour or causing the application to
+crash. The location of the buffer is application dependent but is typically
+heap allocated.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/openssl-src/RUSTSEC-2021-0098.md
new/advisory-db-20211005/crates/openssl-src/RUSTSEC-2021-0098.md
--- old/advisory-db-20210802/crates/openssl-src/RUSTSEC-2021-0098.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/openssl-src/RUSTSEC-2021-0098.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,48 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0098"
+package = "openssl-src"
+aliases = ["CVE-2021-3712"]
+categories = ["denial-of-service", "crypto-failure"]
+date = "2021-08-24"
+url = "https://www.openssl.org/news/secadv/20210824.txt";
+
+[versions]
+patched = [">= 111.16"]
+```
+
+# Read buffer overruns processing ASN.1 strings
+
+ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
+structure which contains a buffer holding the string data and a field holding
+the buffer length. This contrasts with normal C strings which are represented
as
+a buffer for the string data which is terminated with a NUL (0) byte.
+
+Although not a strict requirement, ASN.1 strings that are parsed using
OpenSSL's
+own "d2i" functions (and other similar parsing functions) as well as any string
+whose value has been set with the ASN1_STRING_set() function will additionally
+NUL terminate the byte array in the ASN1_STRING structure.
+
+However, it is possible for applications to directly construct valid
ASN1_STRING
+structures which do not NUL terminate the byte array by directly setting the
+"data" and "length" fields in the ASN1_STRING array. This can also happen by
+using the `ASN1_STRING_set0()` function.
+
+Numerous OpenSSL functions that print ASN.1 data have been found to assume that
+the ASN1_STRING byte array will be NUL terminated, even though this is not
+guaranteed for strings that have been directly constructed. Where an
application
+requests an ASN.1 structure to be printed, and where that ASN.1 structure
+contains ASN1_STRINGs that have been directly constructed by the application
+without NUL terminating the "data" field, then a read buffer overrun can occur.
+
+The same thing can also occur during name constraints processing of
certificates
+(for example if a certificate has been directly constructed by the application
+instead of loading it via the OpenSSL parsing functions, and the certificate
+contains non NUL terminated ASN1_STRING structures). It can also occur in the
+`X509_get1_email()`, `X509_REQ_get1_email()` and `X509_get1_ocsp()` functions.
+
+If a malicious actor can cause an application to directly construct an
+ASN1_STRING and then process it through one of the affected OpenSSL functions
+then this issue could be hit. This might result in a crash (causing a Denial of
+Service attack). It could also result in the disclosure of private memory
+contents (such as private keys, or sensitive plaintext).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0101.md
new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0101.md
--- old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0101.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0101.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0101"
+package = "pleaser"
+date = "2021-05-27"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31155";
+categories = ["privilege-escalation"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+aliases = ["CVE-2021-31155", "GHSA-vc5p-j8vw-mc6x"]
+[versions]
+patched = [">= 0.4"]
+```
+
+# Permissions bypass in pleaser
+
+Failure to normalize the umask in pleaser before 0.4 allows a local attacker
to gain full root privileges if they are allowed to execute at least one
command.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0102.md
new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0102.md
--- old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0102.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0102.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0102"
+package = "pleaser"
+date = "2021-05-27"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31154";
+categories = ["privilege-escalation"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+aliases = ["CVE-2021-31154", "GHSA-pp74-39w2-v4w9"]
+[versions]
+patched = [">= 0.4"]
+```
+
+# Permissions bypass in pleaser
+
+pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp
and the target directory. This allows a local attacker to gain full root
privileges by staging a symlink attack.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0104.md
new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0104.md
--- old/advisory-db-20210802/crates/pleaser/RUSTSEC-2021-0104.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/pleaser/RUSTSEC-2021-0104.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0104"
+package = "pleaser"
+date = "2021-05-27"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2021-31153";
+categories = ["file-disclosure"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+aliases = ["CVE-2021-31153", "GHSA-f3fg-5j9p-vchc"]
+[versions]
+patched = [">= 0.4"]
+```
+
+# File exposure in pleaser
+
+pleaser before 0.4 allows a local unprivileged attacker to gain knowledge
about the existence of files or directories in privileged locations via the
search_path function, the --check option, or the -d option.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/raw-cpuid/RUSTSEC-2021-0013.md
new/advisory-db-20211005/crates/raw-cpuid/RUSTSEC-2021-0013.md
--- old/advisory-db-20210802/crates/raw-cpuid/RUSTSEC-2021-0013.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/raw-cpuid/RUSTSEC-2021-0013.md
2021-10-01 23:25:09.000000000 +0200
@@ -47,4 +47,4 @@
See https://github.com/gz/rust-cpuid/issues/41.
The flaw has been fixed in v9.0.0, by intentionally breaking compilation
-when targetting SGX or 32-bit x86 without SSE. This covers all affected CPUs.
+when targeting SGX or 32-bit x86 without SSE. This covers all affected CPUs.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/raw-cpuid/RUSTSEC-2021-0089.md
new/advisory-db-20211005/crates/raw-cpuid/RUSTSEC-2021-0089.md
--- old/advisory-db-20210802/crates/raw-cpuid/RUSTSEC-2021-0089.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/raw-cpuid/RUSTSEC-2021-0089.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0089"
+package = "raw-cpuid"
+date = "2021-01-20"
+url = "https://github.com/gz/rust-cpuid/issues/43";
+categories = ["memory-corruption", "denial-of-service"]
+
+[versions]
+patched = [">= 9.1.1"]
+unaffected = ["<= 3.1.0"]
+```
+
+# Optional `Deserialize` implementations lacking validation
+
+When activating the non-default feature `serialize`, most structs implement
+`serde::Deserialize` without sufficient validation. This allows breaking
+invariants in safe code, leading to:
+
+* Undefined behavior in `as_string()` methods (which use
+ `std::str::from_utf8_unchecked()` internally).
+* Panics due to failed assertions.
+
+See https://github.com/gz/rust-cpuid/issues/43.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/rdiff/RUSTSEC-2021-0094.md
new/advisory-db-20211005/crates/rdiff/RUSTSEC-2021-0094.md
--- old/advisory-db-20210802/crates/rdiff/RUSTSEC-2021-0094.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/rdiff/RUSTSEC-2021-0094.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0094"
+package = "rdiff"
+date = "2021-02-03"
+url = "https://github.com/dyule/rdiff/issues/3";
+categories = ["memory-exposure"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# Window can read out of bounds if Read instance returns more bytes than
buffer size
+
+`rdiff` performs a diff of two provided strings or files. As part of its
reading
+code it uses the return value of a `Read` instance to set the length of
+its internal character vector.
+
+If the `Read` implementation claims that it has read more bytes than the length
+of the provided buffer, the length of the vector will be set to longer than its
+capacity. This causes `rdiff` APIs to return uninitialized memory in its API
+methods.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/reffers/RUSTSEC-2020-0094.md
new/advisory-db-20211005/crates/reffers/RUSTSEC-2020-0094.md
--- old/advisory-db-20210802/crates/reffers/RUSTSEC-2020-0094.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/reffers/RUSTSEC-2020-0094.md
2021-10-01 23:25:09.000000000 +0200
@@ -11,7 +11,7 @@
[versions]
# Versions which include fixes for this vulnerability
-patched = []
+patched = [">= 0.6.1"]
```
# Unsound: can make `ARefss` contain a !Send, !Sync object.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/sha2/RUSTSEC-2021-0100.md
new/advisory-db-20211005/crates/sha2/RUSTSEC-2021-0100.md
--- old/advisory-db-20210802/crates/sha2/RUSTSEC-2021-0100.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/sha2/RUSTSEC-2021-0100.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0100"
+package = "sha2"
+date = "2021-09-08"
+categories = ["crypto-failure"]
+keywords = ["cryptography"]
+url = "https://github.com/RustCrypto/hashes/pull/314";
+
+[versions]
+patched = [">= 0.9.8"]
+unaffected = ["< 0.9.7"]
+```
+
+# Miscomputed results when using AVX2 backend
+
+The v0.9.7 release of the `sha2` crate introduced a new AVX2-accelerated
+backend which was automatically enabled for all x86/x86_64 CPUs where AVX2
+support was autodetected at runtime.
+
+This backend was buggy and would miscompute results for long messages
+(i.e. messages spanning multiple SHA blocks).
+
+The crate has since been yanked, but any users who upgraded to v0.9.7 should
+immediately upgrade to v0.9.8 and recompute any hashes which were previously
+computed by v0.9.7.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/socket2/RUSTSEC-2020-0079.md
new/advisory-db-20211005/crates/socket2/RUSTSEC-2020-0079.md
--- old/advisory-db-20210802/crates/socket2/RUSTSEC-2020-0079.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/socket2/RUSTSEC-2020-0079.md
2021-10-01 23:25:09.000000000 +0200
@@ -6,6 +6,7 @@
url = "https://github.com/rust-lang/socket2-rs/issues/119";
keywords = ["memory", "layout", "cast"]
informational = "unsound"
+aliases = ["CVE-2020-35920"]
[versions]
patched = [">= 0.3.16"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/spirv_headers/RUSTSEC-2021-0096.md
new/advisory-db-20211005/crates/spirv_headers/RUSTSEC-2021-0096.md
--- old/advisory-db-20210802/crates/spirv_headers/RUSTSEC-2021-0096.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/spirv_headers/RUSTSEC-2021-0096.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,15 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0096"
+package = "spirv_headers"
+date = "2021-08-16"
+url = "https://github.com/gfx-rs/rspirv/issues/197";
+informational = "unmaintained"
+[versions]
+patched = []
+```
+
+# spirv_headers is unmaintained, use spirv instead
+
+Because of versioning issues; the `spirv_headers` crate is unmaintained. Use
[spirv](https://crates.io/crates/spirv)
+for parsing spirv files.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/crates/tar/RUSTSEC-2021-0080.md
new/advisory-db-20211005/crates/tar/RUSTSEC-2021-0080.md
--- old/advisory-db-20210802/crates/tar/RUSTSEC-2021-0080.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/tar/RUSTSEC-2021-0080.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,60 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0080"
+package = "tar"
+aliases = ["CVE-2021-38511"]
+date = "2021-07-19"
+url = "https://github.com/alexcrichton/tar-rs/issues/238";
+
+[versions]
+# none, 0day
+patched = [">= 0.4.36"]
+
+[affected]
+functions = { "tar::Archive::unpack" = ["< 0.4.36"] }
+```
+
+# Links in archive can create arbitrary directories
+
+When unpacking a tarball that contains a symlink the `tar` crate may create
+directories outside of the directory it's supposed to unpack into.
+
+The function errors when it's trying to create a file, but the folders are
+already created at this point.
+
+```rust
+use std::{io, io::Result};
+use tar::{Archive, Builder, EntryType, Header};
+
+fn main() -> Result<()> {
+ let mut buf = Vec::new();
+
+ {
+ let mut builder = Builder::new(&mut buf);
+
+ // symlink: parent -> ..
+ let mut header = Header::new_gnu();
+ header.set_path("symlink")?;
+ header.set_link_name("..")?;
+ header.set_entry_type(EntryType::Symlink);
+ header.set_size(0);
+ header.set_cksum();
+ builder.append(&header, io::empty())?;
+
+ // file: symlink/exploit/foo/bar
+ let mut header = Header::new_gnu();
+ header.set_path("symlink/exploit/foo/bar")?;
+ header.set_size(0);
+ header.set_cksum();
+ builder.append(&header, io::empty())?;
+
+ builder.finish()?;
+ };
+
+ Archive::new(&*buf).unpack("demo")
+}
+```
+
+This has been fixed in https://github.com/alexcrichton/tar-rs/pull/259 and is
+published as `tar` 0.4.36. Thanks to Martin Michaelis (@mgjm) for discovering
+and reporting this, and Nikhil Benesch (@benesch) for the fix!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/tectonic_xdv/RUSTSEC-2021-0112.md
new/advisory-db-20211005/crates/tectonic_xdv/RUSTSEC-2021-0112.md
--- old/advisory-db-20210802/crates/tectonic_xdv/RUSTSEC-2021-0112.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/tectonic_xdv/RUSTSEC-2021-0112.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0112"
+package = "tectonic_xdv"
+date = "2021-02-17"
+url = "https://github.com/tectonic-typesetting/tectonic/issues/752";
+categories = ["memory-exposure"]
+informational = "unsound"
+[versions]
+patched = [">= 0.1.12"]
+```
+
+# `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
+
+Affected versions of this crate passes an uninitialized buffer to a
user-provided `Read` implementation.
+
+Arbitrary `Read` implementations can read from the uninitialized buffer
(memory exposure) and also can return incorrect number of bytes written to the
buffer. Reading from uninitialized memory produces undefined values that can
quickly invoke undefined behavior.
+
+The problem was fixed in commit `cdff034` by zero-initializing the buffer
before passing it to a user-provided `Read` implementation.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/tremor-script/RUSTSEC-2021-0111.md
new/advisory-db-20211005/crates/tremor-script/RUSTSEC-2021-0111.md
--- old/advisory-db-20210802/crates/tremor-script/RUSTSEC-2021-0111.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/tremor-script/RUSTSEC-2021-0111.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,61 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0111"
+package = "tremor-script"
+date = "2021-09-16"
+url = "https://github.com/tremor-rs/tremor-runtime/pull/1217";
+categories = ["memory-corruption", "memory-exposure"]
+
+[versions]
+patched = [">= 0.11.6"]
+unaffected = ["<= 0.7.2"]
+
+```
+
+# Memory Safety Issue when using `patch` or `merge` on `state` and assign the
result back to `state`
+
+Affected versions of this crate maintains references to memory that might have
been freed already.
+If affects the following two `tremor-script` language constructs:
+
+* A [Merge](https://www.tremor.rs/docs/tremor-script/index#merge) where we
assign the result back to the target expression
+ and the expression to be merged needs to reference the `event`:
+
+```
+let state = merge state of event end;
+```
+
+* A [Patch](https://www.tremor.rs/docs/tremor-script/index#patch) where we
assign the result back to the target expression
+ and the patch operations used need to reference the `event`:
+
+```
+let state = patch state of insert event.key => event.value end;
+```
+
+For constructs like this (it doesnt matter what is references in the
expression to be merged or the patch operations) an optimization
+was applied to manipulate the target value in-place, instead of cloning it.
+
+Our `Value` struct which underpins all event data in `tremor-script`, is
representing as borrowed strings `beef::Cow<'lifetime, str>`
+that reference the actual `Vec<u8>` the event is based upon. We keep the raw
byte-array next to the event structure inside our `Event` struct as a
self-referential struct,
+so we make sure that the structured `Value` and its references are valid
across its whole lifetime.
+
+The optimization was considered safe as long as it was only possible to merge
or patche `event` data or static data.
+When `state` was introduced to `tremor-script` a new possibility existed, to
keep `Value` data around for longer than the lifetime of an event.
+If `event` data is merged or patched into `state` without cloning `state`
first, it can still reference keys or values from
+the previous event, which will now be invalid. This allows access to those
already freed regions of memory and to get their content out over the wire.
+
+
+## Workaround
+
+If an upgrade is not possible, a possible workaround is to avoid the
optimization
+by introducing a temporary variable and not immediately reassigning to `state`:
+
+```
+let tmp = merge state of event end;
+let state = tmp
+```
+
+## Fix
+
+The flaw was corrected in `tremor-script` version 0.11.6 via commit
[1a2efcd](https://github.com/tremor-rs/tremor-runtime/commit/1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e)
by removing the optimization
+and always clone the target expression of a
[Merge](https://www.tremor.rs/docs/tremor-script/index#merge) or
[Patch](https://www.tremor.rs/docs/tremor-script/index#patch.
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/trust-dns-server/RUSTSEC-2020-0001.md
new/advisory-db-20211005/crates/trust-dns-server/RUSTSEC-2020-0001.md
--- old/advisory-db-20210802/crates/trust-dns-server/RUSTSEC-2020-0001.md
2021-07-26 22:46:07.000000000 +0200
+++ new/advisory-db-20211005/crates/trust-dns-server/RUSTSEC-2020-0001.md
2021-10-01 23:25:09.000000000 +0200
@@ -13,7 +13,7 @@
unaffected = ["< 0.16.0"]
```
-# Stack overflow when resolving addional records from MX or SRV null targets
+# Stack overflow when resolving additional records from MX or SRV null targets
There's a stack overflow leading to a crash and potential DOS when processing
additional records for return of MX or SRV record types from the server.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/vec-const/RUSTSEC-2021-0082.md
new/advisory-db-20211005/crates/vec-const/RUSTSEC-2021-0082.md
--- old/advisory-db-20210802/crates/vec-const/RUSTSEC-2021-0082.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/vec-const/RUSTSEC-2021-0082.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0082"
+package = "vec-const"
+date = "2021-08-14"
+url = "https://github.com/Eolu/vec-const/issues/1#issuecomment-898908241";
+categories = ["memory-corruption"]
+keywords = ["memory-safety"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# vec-const attempts to construct a Vec from a pointer to a const slice
+
+This crate claims to construct a const `Vec` with nonzero length and capacity,
but that cannot be done because such a `Vec` requires a pointer from an
allocator.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/vm-memory/RUSTSEC-2020-0157.md
new/advisory-db-20211005/crates/vm-memory/RUSTSEC-2020-0157.md
--- old/advisory-db-20210802/crates/vm-memory/RUSTSEC-2020-0157.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/vm-memory/RUSTSEC-2020-0157.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,16 @@
+```toml
+[advisory]
+id = "RUSTSEC-2020-0157"
+package = "vm-memory"
+date = "2020-06-02"
+url = "https://nvd.nist.gov/vuln/detail/CVE-2020-13759";
+categories = ["memory-corruption"]
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+aliases = ["CVE-2020-13759", "GHSA-mm4m-qg48-f7wc"]
+[versions]
+patched = [">= 0.2.1", "^0.1.1"]
+```
+
+# Improper Synchronization and Race Condition in vm-memory
+
+rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to
cause a denial of service (loss of IP networking) because read_obj and
write_obj do not properly access memory. This affects aarch64 (with musl or
glibc) and x86_64 (with musl).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/wasmtime/RUSTSEC-2021-0110.md
new/advisory-db-20211005/crates/wasmtime/RUSTSEC-2021-0110.md
--- old/advisory-db-20210802/crates/wasmtime/RUSTSEC-2021-0110.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/wasmtime/RUSTSEC-2021-0110.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0110"
+package = "wasmtime"
+date = "2021-09-17"
+references =
["https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf";,
"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49";,
"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx";]
+categories = ["memory-corruption", "memory-exposure"]
+keywords = ["use-after-free", "out-of-bounds read", "out-of-bounds write",
"Wasm", "garbage collection"]
+aliases = ["CVE-2021-39216", "CVE-2021-39219", "CVE-2021-39218"]
+
+[versions]
+patched = [">= 0.30.0"]
+unaffected = []
+
+[affected.functions]
+"wasmtime::Store::gc" = ["< 0.30.0"]
+"wasmtime::Linker::func_wrap" = ["< 0.30.0"]
+"wasmtime::Linker::func_new" = ["< 0.30.0"]
+```
+
+# Multiple Vulnerabilities in Wasmtime
+
+* [Use after free passing `externref`s to Wasm in
+
Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf)
+
+* [Out-of-bounds read/write and invalid free with `externref`s and GC
safepoints
+ in
+
Wasmtime](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49)
+
+* [Wrong type for `Linker`-define functions when used across two
+
`Engine`s](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/advisory-db-20210802/crates/zeroize_derive/RUSTSEC-2021-0115.md
new/advisory-db-20211005/crates/zeroize_derive/RUSTSEC-2021-0115.md
--- old/advisory-db-20210802/crates/zeroize_derive/RUSTSEC-2021-0115.md
1970-01-01 01:00:00.000000000 +0100
+++ new/advisory-db-20211005/crates/zeroize_derive/RUSTSEC-2021-0115.md
2021-10-01 23:25:09.000000000 +0200
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-2021-0115"
+package = "zeroize_derive"
+date = "2021-09-24"
+url = "https://github.com/iqlusioninc/crates/issues/876";
+
+[versions]
+patched = [">= 1.2.0"]
+```
+
+# `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
+
+Affected versions of this crate did not implement `Drop` when
`#[zeroize(drop)]` was used on an `enum`.
+
+This can result in memory not being zeroed out after dropping it, which is
exactly what is intended when adding this attribute.
+
+The flaw was corrected in version 1.2 and `#[zeroize(drop)]` on `enum`s now
properly implements `Drop`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/advisory-db-20210802/rust/std/CVE-2021-29922.md
new/advisory-db-20211005/rust/std/CVE-2021-29922.md
--- old/advisory-db-20210802/rust/std/CVE-2021-29922.md 1970-01-01
01:00:00.000000000 +0100
+++ new/advisory-db-20211005/rust/std/CVE-2021-29922.md 2021-10-01
23:25:09.000000000 +0200
@@ -0,0 +1,29 @@
+```toml
+[advisory]
+id = "CVE-2021-29922"
+package = "std"
+date = "2020-01-31"
+url = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922";
+keywords = ["IpAddr", "SSRF", "RFI", "LFI"]
+
+[versions]
+patched = [">= 1.53.0"]
+
+[affected]
+[affected.functions]
+"std::net::IpAddr::from_str" = ["<= 1.52.1"]
+"std::net::Ipv4Addr::from_str" = ["<= 1.52.1"]
+"std::net::Ipv6Addr::from_str" = ["<= 1.52.1"]
+```
+
+# Improper Input Validation of octal literals in `std::net`
+
+Improper input validation of octal strings in rust-lang standard library `net`
allows unauthenticated remote attackers to perform
+indeterminate SSRF, RFI, and LFI attacks on many programs that rely on
rust-lang std::net.
+IP address octects are left stripped instead of evaluated as valid IP
addresses.
+For example, an attacker submitting an IP address to a web application that
relies on `std::net::IpAddr`,
+could cause SSRF via inputting octal input data;
+An attacker can submit exploitable IP addresses if the octet is 3 digits,
+with the minimum exploitable octet being 08 (Denial of Service) and the
maximum exploitable octet is 099 (Denial of Service).
+For example, an attacker can submit `010.8.8.8`, which is `8.8.8.8` (RFI), yet
`std::net::IpAddr` will evaluate this as `10.8.8.8`.
+Equally, an attacker can input `127.0.026.1` which is really `127.0.22.1` but
rust evaluates it as `127.0.26.1`.
