From 3c6d3186ab06737d1defd2b5ae556d0ecd161603 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 28 Dec 2024 17:54:04 +0000 Subject: [PATCH] Assigned RUSTSEC-2024-0431 to xous (#2184) Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com> --- .duplicate-id-guard | 2 +- crates/xous/{RUSTSEC-0000-0000.md => RUSTSEC-2024-0431.md} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename crates/xous/{RUSTSEC-0000-0000.md => RUSTSEC-2024-0431.md} (91%) diff --git a/.duplicate-id-guard b/.duplicate-id-guard index e25668824..039ed0ab1 100644 --- a/.duplicate-id-guard +++ b/.duplicate-id-guard @@ -1,3 +1,3 @@ This file causes merge conflicts if two ID assignment jobs run concurrently. This prevents duplicate ID assignment due to a race between those jobs. -97956887ce91190352cda430ea9fe4bd91127d344a9c891801efe1e0a3e186ba - +aad38777d2c1ccadc744a9c8f822e35c79415e87b192c5752fa69e54775e58dc - diff --git a/crates/xous/RUSTSEC-0000-0000.md b/crates/xous/RUSTSEC-2024-0431.md similarity index 91% rename from crates/xous/RUSTSEC-0000-0000.md rename to crates/xous/RUSTSEC-2024-0431.md index e73327bfe..4e2bfa7e8 100644 --- a/crates/xous/RUSTSEC-0000-0000.md +++ b/crates/xous/RUSTSEC-2024-0431.md @@ -1,6 +1,6 @@ ```toml [advisory] -id = "RUSTSEC-0000-0000" +id = "RUSTSEC-2024-0431" package = "xous" date = "2024-12-23" url = "https://github.com/betrusted-io/xous-core/issues/410" @@ -20,4 +20,4 @@ functions = {"xous::definitions::MemoryRange::as_slice" = ["< 0.9.51"], "xous::d We consider `as_slice` and `as_slice_mut` unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated `from_parts`. We consider that `from_parts` should be removed in latest version because it will help trigger unsoundness in `as_slice`. With new declared as unsafe, `as_slice` should also declared as unsafe. -This was patched in by marking two functions as `unsafe`. \ No newline at end of file +This was patched in by marking two functions as `unsafe`.