Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f13df257 by Moritz Muehlenhoff at 2019-09-02T14:31:44Z various issues in Rust crates - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,12 @@ +CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance of arbitrary types] + - rust-image <not-affected> (Fixed before initial upload) + NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html +CVE-2019-XXXX [rust once_cell: Panic during initialization of Lazy might trigger undefined behavior] + - rust-once-cell <not-affected> (Only affects 0.2.5 and later) + NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html +CVE-2019-XXXX [rust chttp: Use-after-free in buffer conversion implementation] + - rust-spin 0.5.2-1 + NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html CVE-2019-15845 RESERVED CVE-2019-15844 @@ -782,17 +791,22 @@ CVE-2018-20989 (An issue was discovered in the untrusted crate before 0.6.2 for - rust-untrusted <not-affected> (Fixed with initial upload to archive) NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0001.html CVE-2017-18589 (An issue was discovered in the cookie crate before 0.7.6 for Rust. Lar ...) - TODO: check + - rust-cookie <not-affected> (Fixed before initial upload to archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0005.html CVE-2017-18588 (An issue was discovered in the security-framework crate before 0.1.12 ...) - TODO: check + - rust-security-framework-sys <not-affected> (Fixed before initial upload to archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0003.html CVE-2017-18587 (An issue was discovered in the hyper crate before 0.9.18 for Rust. It ...) - TODO: check + - rust-hyper <not-affected> (Fixed before initial upload to archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0002.html CVE-2016-10933 (An issue was discovered in the portaudio crate through 0.7.0 for Rust. ...) - TODO: check + NOT-FOR-US: Rust crate portaudio CVE-2016-10932 (An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...) - TODO: check + - rust-hyper <not-affected> (Fixed before initial upload to archive and Windows-specific anyway) + NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0002.html CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...) - TODO: check + - rust-openssl <not-affected> (Fixed before initial upload to archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0001.html CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...) TODO: check CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f13df2571d3e9fb2e15dfb78d56ac9d4dbeed1c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f13df2571d3e9fb2e15dfb78d56ac9d4dbeed1c9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
