Skip to content

Commit

Permalink
changelog: add 🚨 emoji for CVE entries
Browse files Browse the repository at this point in the history
  • Loading branch information
weihanglo committed Aug 24, 2023
1 parent f975722 commit 4b51b27
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@

### Changed

- [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p):
- 🚨 [CVE-2023-40030](https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p):
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports.
To mitigate this, feature name validation check is now turned into a hard error.
The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io,
Expand Down Expand Up @@ -326,7 +326,7 @@

### Fixed

- [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87):
- 🚨 [CVE-2023-38497](https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87):
Cargo 1.71.1 or later respects umask when extracting crate archives. It also
purges the caches it tries to access if they were generated by older Cargo versions.

Expand Down Expand Up @@ -1005,7 +1005,7 @@
## Cargo 1.66.1 (2023-01-10)

### Fixed
- [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
- 🚨 [CVE-2022-46176](https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j):
Added validation of SSH host keys for git URLs.
See [the docs](https://doc.rust-lang.org/cargo/appendix/git-authentication.html#ssh-known-hosts) for more information on how to configure the known host keys.

Expand Down Expand Up @@ -1231,11 +1231,11 @@

### Fixed

- [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
- 🚨 [CVE-2022-36113](https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j):
Extracting malicious crates can corrupt arbitrary files.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
- [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
- 🚨 [CVE-2022-36114](https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp):
Extracting malicious crates can fill the file system.
[#11089](https://github.com/rust-lang/cargo/pull/11089)
[#11088](https://github.com/rust-lang/cargo/pull/11088)
Expand Down

0 comments on commit 4b51b27

Please sign in to comment.