From 7c96397ea1579cde0d701666d2c804e60f2825d9 Mon Sep 17 00:00:00 2001 From: Yechan Bae Date: Sun, 28 Jun 2020 01:48:42 -0400 Subject: [PATCH 1/3] Security advisory for AtheMathmo/rulinalg#201 --- crates/rulinalg/RUSTSEC-0000-0000.toml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 crates/rulinalg/RUSTSEC-0000-0000.toml diff --git a/crates/rulinalg/RUSTSEC-0000-0000.toml b/crates/rulinalg/RUSTSEC-0000-0000.toml new file mode 100644 index 000000000..e0d4359d5 --- /dev/null +++ b/crates/rulinalg/RUSTSEC-0000-0000.toml @@ -0,0 +1,22 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "rulinalg" +date = "2020-02-11" +title = "Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect" +url = "https://github.com/AtheMathmo/rulinalg/issues/201" +description = """ +The affected version of `rulinalg` has incorrect lifetime boundary definitions +for `RowMut::raw_slice` and `RowMut::raw_slice_mut`. They do not conform with +Rust's borrowing rule and allows the user to create multiple mutable references +to the same location. +""" + +[affected] +functions = { + "rulinalg::matrix::RowMut::raw_slice" = [">= 0.4.0"], + "rulinalg::matrix::RowMut::raw_slice_mut" = [">= 0.4.0"], +} + +[versions] +patched = [] +unaffected = ["< 0.4.0"] From 8149410e8dae63bce2883f2bb53b4e5b7d73e38b Mon Sep 17 00:00:00 2001 From: Yechan Bae Date: Mon, 29 Jun 2020 01:40:06 -0400 Subject: [PATCH 2/3] Fix toml format error --- crates/rulinalg/RUSTSEC-0000-0000.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crates/rulinalg/RUSTSEC-0000-0000.toml b/crates/rulinalg/RUSTSEC-0000-0000.toml index e0d4359d5..65fa7946b 100644 --- a/crates/rulinalg/RUSTSEC-0000-0000.toml +++ b/crates/rulinalg/RUSTSEC-0000-0000.toml @@ -12,10 +12,10 @@ to the same location. """ [affected] -functions = { - "rulinalg::matrix::RowMut::raw_slice" = [">= 0.4.0"], - "rulinalg::matrix::RowMut::raw_slice_mut" = [">= 0.4.0"], -} + + [affected.functions] + "rulinalg::matrix::RowMut::raw_slice" = [">= 0.4.0"] + "rulinalg::matrix::RowMut::raw_slice_mut" = [">= 0.4.0"] [versions] patched = [] From 49fcc50d2b596defa5a1fc2cfaef4ebafddf46f2 Mon Sep 17 00:00:00 2001 From: Yechan Bae Date: Tue, 30 Jun 2020 17:21:28 -0400 Subject: [PATCH 3/3] Reflect PR feedback and describe what might happen --- crates/rulinalg/RUSTSEC-0000-0000.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crates/rulinalg/RUSTSEC-0000-0000.toml b/crates/rulinalg/RUSTSEC-0000-0000.toml index 65fa7946b..3c76cd44c 100644 --- a/crates/rulinalg/RUSTSEC-0000-0000.toml +++ b/crates/rulinalg/RUSTSEC-0000-0000.toml @@ -8,7 +8,8 @@ description = """ The affected version of `rulinalg` has incorrect lifetime boundary definitions for `RowMut::raw_slice` and `RowMut::raw_slice_mut`. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references -to the same location. +to the same location. This may result in unexpected calculation result and data +race if both references are used at the same time. """ [affected]