-
Notifications
You must be signed in to change notification settings - Fork 2
/
data.toml
151 lines (130 loc) · 3.21 KB
/
data.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# RustSec Reported
[[cve]]
id = "CVE-2015-20001"
issue = 25842
introduced = "1.0.0"
fixed = "1.2.0"
title = "Panic safety violation in BinaryHeap"
[[cve]]
id = "CVE-2018-1000657"
issue = 44800
introduced = "1.3.0"
fixed = "1.22.0"
title = "Buffer overflow vulnerability in VecDeque::reserve()"
[[cve]]
id = "CVE-2018-1000810"
issue = 54399
introduced = "1.26.0"
fixed = "1.29.1"
title = "Buffer overflow vulnerability in str::repeat()"
[[cve]]
id = "CVE-2019-12083"
issue = 60787
introduced = "1.34.0"
fixed = "1.34.2"
title = "Memory safety vulnerabilities arising from `Error::type_id`"
[[cve]]
id = "CVE-2020-36317"
issue = 78498
introduced = "1.26.0"
fixed = "1.49.0"
title = "String::retain allows safely creating invalid strings when abusing panic"
[[cve]]
id = "CVE-2020-36318"
issue = 79808
introduced = "1.48.0"
fixed = "1.49.0"
title = "VecDeque::make_contiguous may duplicate the contained elements"
[[cve]]
id = "CVE-2021-28877"
issue = 80670
introduced = "1.11.0"
fixed = "1.51.0"
title = "TrustedRandomAaccess specialization composes incorrectly for nested iter::Zips"
[[cve]]
id = "CVE-2021-28875"
issue = 80894
found_by = "Rudra"
introduced = "1.20.0"
fixed = "1.50.0"
title = "Logic bug in Read can cause buffer overflow in read_to_end()"
[[cve]]
id = "CVE-2021-28876"
issue = 81740
found_by = "Myself"
introduced = "1.14.0"
fixed = "1.52.0"
title = "Panic safety issue in Zip specialization"
[[cve]]
id = "CVE-2021-28879"
issue = 82282
found_by = "Myself"
introduced = "1.14.0"
fixed = "1.52.0"
title = "Zip can cause buffer overflow when a consumed Zip iterator is used again"
[[cve]]
id = "CVE-2021-28878"
issue = 82291
introduced = "1.14.0"
fixed = "1.52.0"
title = "Zip may call __iterator_get_unchecked twice with the same index"
# Only CVE (no RustSec)
[[cve]]
id = "CVE-2017-20004"
issue = 41622
introduced = "1.0.0"
fixed = "1.19.0"
title = "MutexGuard<Cell<i32>> must not be Sync"
[[cve]]
id = "CVE-2018-25008"
issue = 51780
introduced = "1.3.0"
fixed = "1.29.0"
title = "Insufficient synchronization in `Arc::get_mut`"
[[cve]]
id = "CVE-2019-1010299"
issue = 53566
introduced = "1.18.0"
fixed = "1.30.0"
title = "vec_deque::Iter has unsound Debug implementation"
[[cve]]
id = "CVE-2020-36323"
issue = 80335
found_by = "Rudra"
introduced = "1.28.0"
fixed = "1.52.0"
title = "API soundness issue in join() implementation of [Borrow<str>]"
[[cve]]
id = "CVE-2021-31162"
issue = 83618
found_by = "Myself"
introduced = "1.48.0"
fixed = "1.52.0"
title = "Double free in Vec::from_iter specialization when drop panics"
# Bugs in backlog
[[backlog]]
issue = 86443
found_by = "Myself"
title = "Panic safety issue in `Zip::next_back()` TrustedRandomAccess specialization"
applied = false
[[backlog]]
issue = 81138
title = "String::replace_range is unsound"
applied = false
[[backlog]]
issue = 85322
title = "The implementation of `InPlaceIterable` for `Peekable` is unsound"
applied = false
[[backlog]]
issue = 85613
found_by = "Myself"
title = "Double free in Vec::dedup_by when T's drop panics"
applied = false
[[backlog]]
issue = 85813
title = "Unsound Debug impl for collections::linked_list::IterMut"
applied = false
[[backlog]]
issue = 85873
title = "TrustedRandomAccess optimization for Zip containing vec::IntoIter is unsound"
applied = false