Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import CVE-2023-41051 as RustSec advisory #1766

Merged
merged 1 commit into from
Sep 6, 2023
Merged

Import CVE-2023-41051 as RustSec advisory #1766

merged 1 commit into from
Sep 6, 2023

Conversation

roypat
Copy link
Contributor

@roypat roypat commented Sep 6, 2023

Hello,
please consider adding this advisory about the vm_memory crate to the Rust advisory database.
Thank you,
Patrick Roy

Shnatsel
Shnatsel approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@Shnatsel Shnatsel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very clear and informative. Thanks for the report!

I've left a suggestion to also add the GHSA alias. If you have no objections, let's commit that and I'll merge.

crates/vm-memory/RUSTSEC-0000-0000.md Outdated
informational = "unsound"
categories = ["memory-exposure"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"
aliases = ["CVE-2023-41051"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
aliases = ["CVE-2023-41051"]
aliases = ["CVE-2023-41051", "GHSA-49hh-fprx-m68g"]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, done!

Shnatsel
Shnatsel reviewed Sep 6, 2023
View reviewed changes
crates/vm-memory/RUSTSEC-0000-0000.md Outdated
Comment on lines 14 to 20
functions = {
"vm_memory::volatile_memory::VolatileMemory::get_atomic_ref" = ["< 0.12.2"],
"vm_memory::volatile_memory::VolatileMemory::aligned_as_ref" = ["< 0.12.2"],
"vm_memory::volatile_memory::VolatileMemory::aligned_as_mut" = ["< 0.12.2"],
"vm_memory::volatile_memory::VolatileMemory::get_ref" = ["< 0.12.2"],
"vm_memory::volatile_memory::VolatileMemory::get_array_ref" = ["< 0.12.2"],
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TOML does not support this syntax, which causes CI to fail. I believe instead of functions = { you need to write [functions] and have the rest freestanding: https://toml.io/en/v1.0.0#table

This is a rather surprising corner case of the TOML spec that many people complain about: toml-lang/toml#516

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, let me try, this might take a few attempts, haha

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoop, got it!

@Shnatsel
Copy link
Member

Shnatsel commented Sep 6, 2023

Thanks!

@Shnatsel Shnatsel merged commit c9fe870 into rustsec:main Sep 6, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Shnatsel Shnatsel Shnatsel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roypat @Shnatsel