[Git][security-tracker-team/security-tracker][master] more rust crate triage

Moritz Muehlenhoff jmm at debian.org
Thu Aug 29 22:22:17 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
913f54f3 by Moritz Muehlenhoff at 2019-08-29T21:21:52Z
more rust crate triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -646,6 +646,8 @@ CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection,
 	NOT-FOR-US: FredReinink Wellness-app
 CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
 	- rust-smallvec 0.6.10-1
+	NOTE: https://github.com/servo/rust-smallvec/issues/149
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html
 CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust.  ...)
 	- rust-memoffset <unfixed> (bug #936025)
 	NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
@@ -655,15 +657,17 @@ CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for
 	NOTE: https://github.com/sile/libflate/issues/35
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
 CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust.  ...)
-	TODO: check
+	- rust-smallvec 0.6.10-1
+	NOTE: https://github.com/servo/rust-smallvec/issues/148
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
 CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate simd-json
 CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...)
-	TODO: check
+	NOT-FOR-US: Rust crate asn1_der
 CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate ncurses
 CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate ncurses
 CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...)
 	NOT-FOR-US: Rust crate pancurses
 CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 for Rust ...)
@@ -671,17 +675,20 @@ CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 fo
 CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for Rust. A ...)
 	NOT-FOR-US: Rust crate protobuf
 CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate slice-deque
 CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...)
-	TODO: check
+	NOT-FOR-US: Rust crate ammonia
 CVE-2018-21000 (An issue was discovered in the safe-transmute crate before 0.10.1 for  ...)
-	TODO: check
+	- rust-safe-transmute <not-affected> (Fixed with initial upload to archive)
+	NOTE: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0013.html
 CVE-2018-20999 (An issue was discovered in the orion crate before 0.11.2 for Rust. res ...)
-	TODO: check
+	NOT-FOR-US: Rust crate orion
 CVE-2018-20998 (An issue was discovered in the arrayfire crate before 3.6.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate arrayfire
 CVE-2018-20997 (An issue was discovered in the openssl crate before 0.10.9 for Rust. A ...)
-	TODO: check
+	- rust-openssl <not-affected> (Only affected 0.10.8, which was never in the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0010.html
 CVE-2018-20996 (An issue was discovered in the crossbeam crate before 0.4.1 for Rust.  ...)
 	TODO: check
 CVE-2018-20995 (An issue was discovered in the slice-deque crate before 0.1.16 for Rus ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/913f54f32cdf49bf3fd17864f1c0b43a5392afa4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/913f54f32cdf49bf3fd17864f1c0b43a5392afa4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190829/a859a0a5/attachment.html>

More information about the debian-security-tracker-commits mailing list