-
Notifications
You must be signed in to change notification settings - Fork 67
/
Copy pathbuck2.advisories.yaml
129 lines (123 loc) · 3.67 KB
/
buck2.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
schema-version: 2.0.2
package:
name: buck2
advisories:
- id: CGA-6cf8-49j8-g8m2
aliases:
- GHSA-8qv2-5vq6-g2g7
events:
- timestamp: 2024-07-30T07:03:03Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: 0e9895e889044139
componentName: webpki
componentVersion: 0.21.4
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- timestamp: 2024-07-30T19:56:31Z
type: pending-upstream-fix
data:
note: When bumping this dependency it broke the build as other direct/indirect dependencies use that version and might need to bump other dependencies as well.
- id: CGA-7x36-fpv3-2vfj
aliases:
- CVE-2021-38187
- GHSA-hc92-9h3m-c39j
events:
- timestamp: 2024-07-30T07:03:04Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: d524ae68101acd7d
componentName: anymap
componentVersion: 0.12.1
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- timestamp: 2024-07-30T20:27:04Z
type: fixed
data:
fixed-version: 20240701-r2
- timestamp: 2024-10-08T20:22:46Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: d524ae68101acd7d
componentName: anymap
componentVersion: 0.12.1
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- timestamp: 2024-10-09T09:39:20Z
type: pending-upstream-fix
data:
note: The affected dependency is no longer maintained in an official capacity and is the responsibility of upstream maintainers to implement a different dependency or fix.
- timestamp: 2025-02-19T09:17:40Z
type: fixed
data:
fixed-version: 20250102-r3
- id: CGA-g37g-cgr5-vmc5
aliases:
- GHSA-wwq9-3cpr-mm53
events:
- timestamp: 2024-12-05T08:19:22Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: 086819d4d95d14d5
componentName: hashbrown
componentVersion: 0.15.0
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- timestamp: 2025-01-04T13:29:25Z
type: fixed
data:
fixed-version: 20250102-r3
- id: CGA-g62h-6j69-738r
aliases:
- CVE-2024-47609
- GHSA-4jwc-w2hc-78qv
events:
- timestamp: 2024-10-02T08:06:01Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: 1bae579c23114e66
componentName: tonic
componentVersion: 0.9.2
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- id: CGA-phfv-856w-g6rj
aliases:
- CVE-2024-12224
- GHSA-h97m-ww89-6jmq
events:
- timestamp: 2024-12-10T08:30:10Z
type: detection
data:
type: scan/v1
data:
subpackageName: buck2
componentID: dd995b088b85142e
componentName: idna
componentVersion: 0.5.0
componentType: rust-crate
componentLocation: /usr/bin/buck2
scanner: grype
- timestamp: 2025-01-04T13:29:24Z
type: fixed
data:
fixed-version: 20250102-r3