[Git][security-tracker-team/security-tracker][master] various issues in Rust crates

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f13df257 by Moritz Muehlenhoff at 2019-09-02T14:31:44Z
various issues in Rust crates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,12 @@
+CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance of arbitrary types]
+	- rust-image <not-affected> (Fixed before initial upload)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
+CVE-2019-XXXX [rust once_cell: Panic during initialization of Lazy might trigger undefined behavior]
+	- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
+CVE-2019-XXXX [rust chttp: Use-after-free in buffer conversion implementation]
+	- rust-spin 0.5.2-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
 CVE-2019-15845
 	RESERVED
 CVE-2019-15844
@@ -782,17 +791,22 @@ CVE-2018-20989 (An issue was discovered in the untrusted crate before 0.6.2 for
 	- rust-untrusted <not-affected> (Fixed with initial upload to archive)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0001.html
 CVE-2017-18589 (An issue was discovered in the cookie crate before 0.7.6 for Rust. Lar ...)
-	TODO: check
+	- rust-cookie <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0005.html
 CVE-2017-18588 (An issue was discovered in the security-framework crate before 0.1.12  ...)
-	TODO: check
+	- rust-security-framework-sys <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0003.html
 CVE-2017-18587 (An issue was discovered in the hyper crate before 0.9.18 for Rust. It  ...)
-	TODO: check
+	- rust-hyper <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0002.html
 CVE-2016-10933 (An issue was discovered in the portaudio crate through 0.7.0 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate portaudio
 CVE-2016-10932 (An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...)
-	TODO: check
+	- rust-hyper <not-affected> (Fixed before initial upload to archive and Windows-specific anyway)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0002.html
 CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...)
-	TODO: check
+	- rust-openssl <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0001.html
 CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...)
 	TODO: check
 CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f13df2571d3e9fb2e15dfb78d56ac9d4dbeed1c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f13df2571d3e9fb2e15dfb78d56ac9d4dbeed1c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190902/c898e9ea/attachment.html>