Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve references in RUSTSEC-2024-0359 (#2202)
* Improve attribution in RUSTSEC-2024-0359 In some cases it is easy to see who discovered and reported a bug, but in the case of RUSTSEC-2024-0359 (GHSA-cx7h-h87r-jpgr) one would have had to follow a link to the issue (or look at the advisory-db commit history). Furthermore, the text of the advisory here is directly based on the text of that issue. So improving attribution seems worthwhile in this case. This adds brief explicit credit to @ssbr at the end of the body of the advisory. This is modeled roughly after how credit was given in RUSTSEC-2023-0064 (GHSA-rrjw-j4m2-mf34), another gitoxide advisory. Because the GitHub Advisory Database entry GHSA-cx7h-h87r-jpgr for RUSTSEC-2024-0359 is imported from here, I believe it will also (eventually) be updated with this change, even without being edited directly. Although that database supports credit metadata, it seems currently infeasible to add reporter or finder credit to an entry that is imported from RUSTSEC rather than, e.g., from a repo-local GHSA (github/advisory-database#4620). So this is also in effect a workaround for that. * Update RUSTSEC-2024-0359 external info metadata The main metadata change here is to add the missing global GHSA alias (see GHSA-cx7h-h87r-jpgr). While I'm at it, I've also updated the reference issue URL, since the `gitoxide` repository is under `GitoixeLabs` now (moved from `Byron`).
- Loading branch information
1 parent
a458a78
commit cfd49ce