Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advisory for sqlx <= 0.8.0 #2039

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Advisory for sqlx <= 0.8.0 #2039

merged 1 commit into from
Aug 16, 2024

Conversation

abonander
Copy link
Contributor

@abonander abonander commented Aug 15, 2024
edited
Loading

launchbadge/sqlx#3440

I'm not sure whether to open separate advisories for each affected sqlx-* crate. Ultimately, only sqlx is meant to be used directly.

@Shnatsel
Copy link
Member

Thanks! Looks good to me.

Would you prefer to have this go live ASAP, or once the fix is published?

@abonander
Copy link
Contributor Author

That's an open question. This is my first time filing an advisory so I don't know what's preferred here.

I suppose if people's builds start bailing out due to cargo deny and there isn't a patch they can immediately upgrade to, they might be pretty annoyed.

But this is technically a 0-day so getting the information out there may be more important.

@Shnatsel
Copy link
Member

I'll go ahead and publish it then. Thank you!

@Shnatsel Shnatsel merged commit aa6d10b into rustsec:main Aug 16, 2024
1 check passed
weiznich added a commit to weiznich/advisory-db that referenced this pull request Aug 23, 2024
@weiznich
Fill an advisory for protocol level injections for diesel
89403b1 
This is essentially the same as rustsec#2039 but for diesel.
@weiznich weiznich mentioned this pull request Aug 23, 2024
Merged
Shnatsel pushed a commit that referenced this pull request Aug 23, 2024
@weiznich
Fill an advisory for protocol level injections for diesel (#2048)
db0c302 
This is essentially the same as #2039 but for diesel.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abonander @Shnatsel