Skip to content

Commit

Permalink
Correct affected version range on RUSTSEC-2019-003[34] to patched at …
Browse files Browse the repository at this point in the history 
…0.1.20

I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: hyperium/http#352
In that bug, the fixing PR was hyperium/http#360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: hyperium/http@81ceb61

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http rustsec#354 and http rustsec#355.

For the first: the issue: hyperium/http#354
In that bug, the fixing PR was hyperium/http#357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: hyperium/http@82d53db

For the second: the issue: hyperium/http#355
In that bug, the fixing PR was hyperium/http#362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: hyperium/http@8ffe094
  • Loading branch information
@roy-work
roy-work committed Jan 9, 2020
1 parent 2899482 commit 200651c
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions crates/http/RUSTSEC-2019-0033.toml
View file
Expand Up @@ -13,12 +13,12 @@ the library will invoke `self.grow(0)` and start infinite probing.
This allows an attacker who controls the argument to `reserve()`
to cause a potential denial of service (DoS).
The flaw was corrected in 0.2.0 release of `http` crate.
The flaw was corrected in 0.1.20 release of `http` crate.
"""
patched_versions = [">= 0.2.0"]
patched_versions = [">= 0.1.20"]
url = "https://github.com/hyperium/http/issues/352"
categories = ["denial-of-service"]
keywords = ["http", "integer-overflow", "DoS"]

[affected.functions]
"http::header::HeaderMap::reserve" = ["< 0.2.0"]
"http::header::HeaderMap::reserve" = ["< 0.1.20"]
6 changes: 3 additions & 3 deletions crates/http/RUSTSEC-2019-0034.toml
View file
Expand Up @@ -10,11 +10,11 @@ which introduced unsoundness in its public safe API.
[Failing to drop the Drain struct causes double-free](https://github.com/hyperium/http/issues/354),
and [it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation](https://github.com/hyperium/http/issues/355).
The flaw was corrected in 0.2.0 release of `http` crate.
The flaw was corrected in 0.1.20 release of `http` crate.
"""
patched_versions = [">= 0.2.0"]
patched_versions = [">= 0.1.20"]
categories = ["memory-corruption"]
keywords = ["memory-safety", "double-free", "unsound"]

[affected.functions]
"http::header::HeaderMap::drain" = ["< 0.2.0"]
"http::header::HeaderMap::drain" = ["< 0.1.20"]

0 comments on commit 200651c

Please sign in to comment.