[Git][security-tracker-team/security-tracker][master] Four CVEs assigned for rust crates

Salvatore Bonaccorso carnil at debian.org
Mon Sep 14 19:42:02 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
992cafde by Salvatore Bonaccorso at 2020-09-14T20:41:33+02:00
Four CVEs assigned for rust crates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -713,7 +713,7 @@ CVE-2020-25204
 	RESERVED
 CVE-2020-25203
 	RESERVED
-CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2]
+CVE-2020-25576 [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2]
 	- rust-rand-core 0.5.0-1 (bug #969911; low)
 	[buster] - rust-rand-core <no-dsa> (Minor issue)
 	- rust-rand-core-0.3 <unfixed> (bug #970186; low)
@@ -721,12 +721,12 @@ CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.
 	[buster] - rust-rand-core-0.2 <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
 	NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
-CVE-2019-XXXX [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS]
+CVE-2020-25574 [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS]
 	- rust-http <unfixed> (bug #969896; low)
 	[buster] - rust-http <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
 	NOTE: https://github.com/hyperium/http/issues/352
-CVE-2019-XXXX [RUSTSEC-2020-0036: type confusion when downcasting]
+CVE-2020-25575 [RUSTSEC-2020-0036: type confusion when downcasting]
 	- rust-failure <unfixed> (bug #969839; low)
 	[buster] - rust-failure <ignored> (Minor issue; unmaintained upstream)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html
@@ -19572,7 +19572,7 @@ CVE-2020-15949
 	RESERVED
 CVE-2020-15948
 	RESERVED
-CVE-2020-XXXX [RUSTSEC-2020-0026]
+CVE-2020-25573 [RUSTSEC-2020-0026]
 	- rust-linked-hash-map <unfixed> (bug #966246)
 	[buster] - rust-linked-hash-map <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/992cafde1eb9b14c6c353c848e24f4e9b608efb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/992cafde1eb9b14c6c353c848e24f4e9b608efb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/47c43d9e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list