CBL Mariner 2.0 Security Update: libgit2 / rust (CVE-2023-22742)

The version of libgit2 / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-22742 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with t...

CVE-2024-39697

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a...

CVE-2024-39697 phonenumber panics on parsing crafted phonenumber inputs

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a...

GHSA-MJW4-JJ88-V687 panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...

panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...

[SECURITY] Fedora 40 Update: rust-sequoia-gpg-agent-0.4.2-1.fc40

A library for interacting with GnuPG's gpg-agent...

[SECURITY] Fedora 39 Update: rust-sequoia-openpgp-1.21.1-1.fc39

OpenPGP data types and associated machinery...

[SECURITY] Fedora 39 Update: rust-sequoia-sq-0.37.0-3.fc39

Command-line frontends for Sequoia...

[SECURITY] Fedora 39 Update: rust-sequoia-gpg-agent-0.4.2-1.fc39

A library for interacting with GnuPG's gpg-agent...

Fedora 40 : rust-sequoia-chameleon-gnupg / rust-sequoia-gpg-agent / etc (2024-12f0caa904)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-12f0caa904 advisory. - Update the sequoia-openpgp crate to version 1.21.1. Addresses RUSTSEC-2024-0345. - Update the sequoia-keystore crate to version 0.5.1. - Update the...

Fedora 39 : rust-sequoia-chameleon-gnupg / rust-sequoia-gpg-agent / etc (2024-029752e60b)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-029752e60b advisory. - Update the sequoia-openpgp crate to version 1.21.1. Addresses RUSTSEC-2024-0345. - Update the sequoia-keystore crate to version 0.5.1. - Update the...

GHSA-74R5-G7VC-J2V2 zerovec-derive incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

zerovec-derive incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

zerovec incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

GHSA-XRV3-JMCP-374J zerovec incorrectly uses `#[repr(packed)]`

The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...

candid-extractor (>=0.1.0 <=0.1.2), debug-engine (>=0.1.0 <=0.1.1) +69 more potentially affected by unknown CVE via wasmtime-jit-debug (>=0.35.0 <=1.0.2)

wasmtime-jit-debug CARGO version =0.35.0, =0.1.0, =0.1.0, =0.1.3, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.0.6, =0.11.0, =0.9.0, =0.9.0, =0.9.0, =0.10.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0442...

OESA-2024-1812 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

OESA-2024-1811 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

actix-web-opentelemetry (>=0.13.0 <=0.15.0), apikit (>=0.1.0 <=0.2.0) +112 more potentially affected by unknown CVE via opentelemetry_api (>=0.18.0 <=0.20.0)

opentelemetryapi CARGO version =0.18.0, =0.13.0, =0.1.0, =0.0.1, =0.8.1, =4.0.15, =0.1.0, =0.1.0, =0.1.1, =0.4.0-rc.1, =0.5.0, =0.1.0, =6.6.4, =0.0.1, =0.0.1-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0387...

CBL Mariner 2.0 Security Update: tensorflow / rust / curl (CVE-2023-32001)

The version of tensorflow / rust / curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32001 advisory. - Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that th...