[Git][security-tracker-team/security-tracker][master] rust crates CVEfied

Moritz Muehlenhoff jmm at debian.org
Mon Sep 9 21:24:08 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb87a45a by Moritz Muehlenhoff at 2019-09-09T20:23:49Z
rust crates CVEfied

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91,21 +91,24 @@ CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
 CVE-2019-16145
 	RESERVED
 CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate generator
 CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...)
-	TODO: check
+	NOT-FOR-US: Rust crate blake
 CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust.  ...)
 	TODO: check
 CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust.  ...)
-	TODO: check
+	- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
 CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust crate chttp
 CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...)
 	TODO: check
 CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...)
-	TODO: check
+	- rust-image <not-affected> (Fixed before initial upload)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
 CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for Rust, when  ...)
-	TODO: check
+	- rust-spin 0.5.2-1
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
 CVE-2019-16136
 	RESERVED
 CVE-2019-16135
@@ -803,15 +806,6 @@ CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary
 	- exim4 4.92.1-3
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1
 	NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4
-CVE-2019-XXXX [rust image: Flaw in interface may drop uninitialized instance of arbitrary types]
-	- rust-image <not-affected> (Fixed before initial upload)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html
-CVE-2019-XXXX [rust once_cell: Panic during initialization of Lazy might trigger undefined behavior]
-	- rust-once-cell <not-affected> (Only affects 0.2.5 and later)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html
-CVE-2019-XXXX [rust chttp: Use-after-free in buffer conversion implementation]
-	- rust-spin 0.5.2-1
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html
 CVE-2019-15845
 	RESERVED
 CVE-2019-15844



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb87a45af899a0576d384b2f4d5c31298e0d262a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb87a45af899a0576d384b2f4d5c31298e0d262a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/97aa4d27/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list