Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb87a45a by Moritz Muehlenhoff at 2019-09-09T20:23:49Z
rust crates CVEfied
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,21 +91,24 @@ CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a
username. ...)
CVE-2019-16145
RESERVED
CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18
for Rust. ...)
- TODO: check
+ NOT-FOR-US: Rust crate generator
CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for
Rust. The ...)
- TODO: check
+ NOT-FOR-US: Rust crate blake
CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0
for Rust. ...)
TODO: check
CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1
for Rust. ...)
- TODO: check
+ - rust-once-cell <not-affected> (Only affects 0.2.5 and later)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for
Rust. Ther ...)
- TODO: check
+ NOT-FOR-US: Rust crate chttp
CVE-2019-16139 (An issue was discovered in the compact_arena crate before
0.4.0 for Ru ...)
TODO: check
CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for
Rust, aff ...)
- TODO: check
+ - rust-image <not-affected> (Fixed before initial upload)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for
Rust, when ...)
- TODO: check
+ - rust-spin 0.5.2-1
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
CVE-2019-16136
RESERVED
CVE-2019-16135
@@ -803,15 +806,6 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers
to execute arbitrary
- exim4 4.92.1-3
NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
NOTE:
https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
-CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance
of arbitrary types]
- - rust-image <not-affected> (Fixed before initial upload)
- NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
-CVE-2019-XXXX [rust once_cell: Panic during initialization of Lazy might
trigger undefined behavior]
- - rust-once-cell <not-affected> (Only affects 0.2.5 and later)
- NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
-CVE-2019-XXXX [rust chttp: Use-after-free in buffer conversion implementation]
- - rust-spin 0.5.2-1
- NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
CVE-2019-15845
RESERVED
CVE-2019-15844
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb87a45af899a0576d384b2f4d5c31298e0d262a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb87a45af899a0576d384b2f4d5c31298e0d262a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
