[Git][security-tracker-team/security-tracker][master] "new" rust-smallvec issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 3 15:39:42 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35d25521 by Moritz Muehlenhoff at 2022-01-03T16:39:07+01:00
"new" rust-smallvec issue
rust-sha2 n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -950,7 +950,8 @@ CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust.
 CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
 	NOT-FOR-US: Rust crate molecule
 CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
-	TODO: check
+	- rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
 CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
 	NOT-FOR-US: Rust crate mopa
 CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
@@ -972,17 +973,17 @@ CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for
 CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
 	NOT-FOR-US: Rust crate csv-sniffer
 CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
-	TODO: check
+	NOT-FOR-US: Rust crate columnar
 CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate flumedb
 CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
-	TODO: check
+	NOT-FOR-US: Rust crate binjs
 CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bronzedb-protocol
 CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate derive-com-impl
 CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust.  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate vec-const
 CVE-2021-45111
 	RESERVED
 CVE-2021-45071
@@ -1016,29 +1017,32 @@ CVE-2021-23176
 CVE-2021-23166
 	RESERVED
 CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate acc_reader
 CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate acc_reader
 CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate buffoon
 CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bite
 CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust crate pnet
 CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate actix-web
 CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust.  ...)
-	TODO: check
+	- rust-smallvec 1.1.0-1
+	[buster] - rust-smallvec <no-dsa> (Minor issue)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html
+	NOTE: https://github.com/servo/rust-smallvec/issues/126
 CVE-2021-4174
 	RESERVED
 CVE-2021-4173 (vim is vulnerable to Use After Free ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d25521bbd30e038df081a17c1cde6db6843e8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35d25521bbd30e038df081a17c1cde6db6843e8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220103/2f2cf760/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list