Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 #221

Merged
merged 1 commit into from Jan 9, 2020
Merged

Correct affected version range on RUSTSEC-2019-003[34] to patched at 0.1.20 #221

merged 1 commit into from Jan 9, 2020

Commits on Jan 9, 2020

  1. Correct affected version range on RUSTSEC-2019-003[34] to patched at … 

    …0.1.20

I believe these two vulnerabilities were patched at 0.1.20.

For RUSTSEC-2019-0033:

The advisory links to the bug: hyperium/http#352
In that bug, the fixing PR was hyperium/http#360
That PR merged the commit 81ceb61 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][1]).

[1]: hyperium/http@81ceb61

For RUSTSEC-2019-0034:

This advisory is two separate GitHub issues against `HeaderMap::drain`,
http rustsec#354 and http rustsec#355.

For the first: the issue: hyperium/http#354
In that bug, the fixing PR was hyperium/http#357
That PR merged the commit 82d53db to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][2]).

[2]: hyperium/http@82d53db

For the second: the issue: hyperium/http#355
In that bug, the fixing PR was hyperium/http#362
That PR merged the commit 8ffe094 to fix the bug; that commit, according to
GitHub, was first picked up by tag v0.1.20 ([commit][3]).

[3]: hyperium/http@8ffe094
    @roy-work
    roy-work committed Jan 9, 2020
    Configuration menu
    Copy the full SHA
    200651c View commit details
    Browse the repository at this point in the history