advisories/cargo-c.advisories.yaml at main · mjramirez-dev/advisories · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
schema-version: 2.0.2

package:
  name: cargo-c

advisories:
  - id: CGA-5j57-c4cq-mr29
    aliases:
      - CVE-2025-31130
      - GHSA-2frx-2596-x5r6
    events:
      - timestamp: 2025-04-05T07:55:21Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cargo-c
            componentID: bc3355c826977bab
            componentName: gix
            componentVersion: 0.69.1
            componentType: rust-crate
            componentLocation: /usr/bin/cargo-capi
            scanner: grype
      - timestamp: 2025-04-09T20:28:24Z
        type: pending-upstream-fix
        data:
          note: 'upstream maintainers have pinned gix to version 0.70.0 due to testing issues. All other associated gix-xxx packages are also pinned and cannot be upgraded independently due to restrictions. Source: https://github.com/rust-lang/cargo/pull/15391'

  - id: CGA-m6pp-f2j6-wwpp
    aliases:
      - CVE-2024-45405
      - GHSA-m8rp-vv92-46c7
    events:
      - timestamp: 2024-09-07T08:29:15Z
        type: fixed
        data:
          fixed-version: 0.10.4-r0

  - id: CGA-r3g2-x65f-95w4
    aliases:
      - CVE-2024-45305
      - GHSA-v26r-4c9c-h3j6
    events:
      - timestamp: 2024-09-04T07:39:03Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cargo-c
            componentID: cca5296fd56e330a
            componentName: gix-path
            componentVersion: 0.10.9
            componentType: rust-crate
            componentLocation: /usr/bin/cargo-capi
            scanner: grype
      - timestamp: 2024-09-06T17:00:49Z
        type: fixed
        data:
          fixed-version: 0.10.4-r0

  - id: CGA-rmqp-w7pw-6pc6
    aliases:
      - GHSA-pg9f-39pc-qf8g
    events:
      - timestamp: 2025-04-12T07:03:28Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cargo-c
            componentID: 024f90bd1c5edbc4
            componentName: crossbeam-channel
            componentVersion: 0.5.14
            componentType: rust-crate
            componentLocation: /usr/bin/cargo-capi
            scanner: grype
      - timestamp: 2025-04-17T17:38:59Z
        type: fixed
        data:
          fixed-version: 0.10.12-r1