Fedora: Security Advisory for rust-gitui (FEDORA-2023-e3c8abd37e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-bat (FEDORA-2023-e3c8abd37e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: rust-libgit2-sys0.12-0.12.26-5.fc36

Native bindings to the libgit2 library...

[SECURITY] Fedora 36 Update: rust-libgit2-sys-0.13.5-1.fc36

Native bindings to the libgit2 library...

[SECURITY] Fedora 37 Update: rust-libgit2-sys0.12-0.12.26-5.fc37

Native bindings to the libgit2 library...

[SECURITY] Fedora 37 Update: rust-libgit2-sys-0.13.5-1.fc37

Native bindings to the libgit2 library...

Fedora 36 : rust-libgit2-sys (2023-055b389109)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-055b389109 advisory. Update to version 0.13.5 includes bundled libgit2 v1.4.5 with the latest security fixes. Tenable has extracted the preceding description block directly from...

Amazon Linux 2022 : cargo, clippy, rust (ALAS2022-2023-278)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-278 advisory. Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.66 (SUSE-SU-2023:0132-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0132-1 advisory. - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform...

SUSE-SU-2023:0133-1 Security update for rust1.65

This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH bsc1206930...

SUSE-SU-2023:0132-1 Security update for rust1.66

This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSHbsc1206930...

acari-lib (>=0.1.11 <=0.1.12), acme-rs (>=0.1.0 <=0.2.0) +350 more potentially affected by unknown CVE via buf_redux (>=0.1.3 <=0.8.4)

bufredux CARGO version =0.1.3, =0.1.11, =0.1.0, =0.9.2, =0.5.1, =0.2.0, =0.1.0, =0.0.1, =0.1.5, =0.0.5, =0.0.1, =0.1.0, =1.0.0, =0.26.1, =0.26.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0028...

RUSTSEC-2023-0028 buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

Man-In-The-Middle (MITM)

rust is vulnerable to Man-In-The-Middle MITM attacks. An attacker is able to perform man-in-the-middle MITM attacks because the library does not perform SSH host key verification when cloning indexes and dependencies via SSH...

Fedora: Security Advisory for rust (FEDORA-2023-575fcaf4bf)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 36 : rust (2023-575fcaf4bf)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-575fcaf4bf advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...

a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +890 more potentially affected by CVE-2023-22742 via git2 (>=0.10.0 <=0.16.0)

git2 CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.0.0, =0.1.0, =0.3.3 - amisgitpm =0.0.1 - amp =0.6.2 and more Source cves: CVE-2023-22742 Source advisory: OSV:GHSA-M4CH-RFV5-X5G3...

GHSA-F85W-WVC7-CRWC bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`

In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...

bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`

In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...