Translate database into V3 advisory format (#420)

As proposed in #240 and tracked in #414, this PR translates all
advisories into the new "V3" advisory format, which is based on Markdown
with leading TOML front matter.

This format makes it easier to see rendered Markdown syntax
descriptions, whether rendered by an IDE or GitHub. This should help
with both crafting advisories initially as well as review, and ideally
encourages more lengthy descriptions.

Support for this format shipped in `cargo-audit` v0.12.0 on
May 6th, 2020.

.github/workflows/validate.yml

@@ -16,12 +16,12 @@ jobs:
       uses: actions/cache@v1
       with:
         path: ~/.cargo/bin
-        key: rustsec-admin-v0.2.0
+        key: rustsec-admin-v0.3.0-pre
 
     - name: Install rustsec-admin
       run: |
         if [ ! -f $HOME/.cargo/bin/rustsec-admin ]; then
-            cargo install rustsec-admin
+            cargo install rustsec-admin --vers 0.3.0-pre
         fi
 
     - name: Lint advisories

crates/actix-codec/RUSTSEC-2020-0049.toml → crates/actix-codec/RUSTSEC-2020-0049.md

@@ -1,17 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0049"
 package = "actix-codec"
+categories = ["memory-corruption"]
 date = "2020-01-30"
-title = "Use-after-free in Framed due to lack of pinning"
 url = "https://github.com/actix/actix-net/issues/91"
-categories = ["memory-corruption"]
 
-description = """
+[versions]
+patched = [">= 0.3.0-beta.1"]
+```
+
+# Use-after-free in Framed due to lack of pinning
+
 Affected versions of this crate did not require the buffer wrapped in `Framed` to be pinned,
 but treated it as if it had a fixed location in memory. This may result in a use-after-free.
 
 The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`.
-"""
-
-[versions]
-patched = [">= 0.3.0-beta.1"]

crates/actix-http/RUSTSEC-2020-0048.toml → crates/actix-http/RUSTSEC-2020-0048.md

@@ -1,19 +1,19 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0048"
 package = "actix-http"
+categories = ["memory-corruption"]
 date = "2020-01-24"
-title = "Use-after-free in BodyStream due to lack of pinning"
 url = "https://github.com/actix/actix-web/issues/1321"
-categories = ["memory-corruption"]
 
-description = """
+[versions]
+patched = [">= 2.0.0-alpha.1"]
+```
+
+# Use-after-free in BodyStream due to lack of pinning
+
 Affected versions of this crate did not require the buffer wrapped in `BodyStream` to be pinned,
 but treated it as if it had a fixed location in memory. This may result in a use-after-free.
 
 The flaw was corrected by making the trait `MessageBody` require `Unpin`
 and making `poll_next()` function accept `Pin<&mut Self>` instead of `&mut self`.
-"""
-
-# Versions which include fixes for this vulnerability (mandatory)
-[versions]
-patched = [">= 2.0.0-alpha.1"]

crates/actix-service/RUSTSEC-2020-0046.toml → crates/actix-service/RUSTSEC-2020-0046.md

@@ -1,22 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0046"
 package = "actix-service"
-date = "2020-01-08"
-
-title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
-url = "https://github.com/actix/actix-net/pull/158"
 categories = ["memory-corruption"]
+date = "2020-01-08"
 informational = "unsound"
+url = "https://github.com/actix/actix-net/pull/158"
+
+[versions]
+patched = [">= 1.0.6"]
+```
+
+# bespoke Cell implementation allows obtaining several mutable references to the same data
 
-description = """
 The custom implementation of a Cell primitive in the affected versions of this crate
 does not keep track of mutable references to the underlying data.
 
 This allows obtaining several mutable references to the same object
 which may result in arbitrary memory corruption, most likely use-after-free.
 
 The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
-"""
-
-[versions]
-patched = [">= 1.0.6"]

crates/actix-utils/RUSTSEC-2020-0045.toml → crates/actix-utils/RUSTSEC-2020-0045.md

@@ -1,22 +1,22 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0045"
 package = "actix-utils"
-date = "2020-01-08"
-
-title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
-url = "https://github.com/actix/actix-net/issues/160"
 categories = ["memory-corruption"]
+date = "2020-01-08"
 informational = "unsound"
+url = "https://github.com/actix/actix-net/issues/160"
+
+[versions]
+patched = [">= 2.0.0"]
+```
+
+# bespoke Cell implementation allows obtaining several mutable references to the same data
 
-description = """
 The custom implementation of a Cell primitive in the affected versions of this crate
 does not keep track of mutable references to the underlying data.
 
 This allows obtaining several mutable references to the same object
 which may result in arbitrary memory corruption, most likely use-after-free.
 
 The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
-"""
-
-[versions]
-patched = [">= 2.0.0"]

crates/actix-web/RUSTSEC-2018-0019.toml → crates/actix-web/RUSTSEC-2018-0019.md

@@ -1,11 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0019"
 package = "actix-web"
+categories = ["memory-corruption"]
 date = "2018-06-08"
-title = "Multiple memory safety issues"
 url = "https://github.com/actix/actix-web/issues/289"
-categories = ["memory-corruption"]
-description = """
+
+[versions]
+patched = [">= 0.7.15"]
+```
+
+# Multiple memory safety issues
+
 Affected versions contain multiple memory safety issues, such as:
 
  - Unsoundly coercing immutable references to mutable references
@@ -15,7 +21,3 @@ Affected versions contain multiple memory safety issues, such as:
 This may result in a variety of memory corruption scenarios, most likely use-after-free.
 
 A signficant refactoring effort has been conducted to resolve these issues.
-"""
-
-[versions]
-patched = [">= 0.7.15"]

crates/alg_ds/RUSTSEC-2020-0033.toml → crates/alg_ds/RUSTSEC-2020-0033.md

@@ -1,13 +1,15 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0033"
 package = "alg_ds"
 date = "2020-08-25"
-title = "Matrix::new() drops uninitialized memory"
 url = "https://gitlab.com/dvshapkin/alg-ds/-/issues/1"
-description = """
-`Matrix::new()` internally calls `Matrix::fill_with()` which uses `*ptr = value` pattern to initialize the buffer.
-This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.
-"""
 
 [versions]
 patched = []
+```
+
+# Matrix::new() drops uninitialized memory
+
+`Matrix::new()` internally calls `Matrix::fill_with()` which uses `*ptr = value` pattern to initialize the buffer.
+This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.

crates/alpm-rs/RUSTSEC-2020-0032.toml → crates/alpm-rs/RUSTSEC-2020-0032.md

@@ -1,14 +1,16 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0032"
 package = "alpm-rs"
 date = "2020-08-20"
 informational = "unsound"
-title = "StrcCtx deallocates a memory region that it doesn't own"
 url = "https://github.com/pigeonhands/rust-arch/issues/2"
-description = """
-`StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`.
-This can introduce memory safety issues such as double-free and use-after-free to client programs.
-"""
 
 [versions]
 patched = []
+```
+
+# StrcCtx deallocates a memory region that it doesn't own
+
+`StrcCtx` deallocate a memory region that it doesn't own when `StrcCtx` is created without using `StrcCtx::new`.
+This can introduce memory safety issues such as double-free and use-after-free to client programs.

crates/ammonia/RUSTSEC-2019-0001.toml → crates/ammonia/RUSTSEC-2019-0001.md

@@ -1,25 +1,27 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0001"
 package = "ammonia"
+aliases = ["CVE-2019-15542"]
 date = "2019-04-27"
-title = "Uncontrolled recursion leads to abort in HTML serialization"
-url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
 keywords = ["stack-overflow", "crash"]
-description = """
-Affected versions of this crate did use recursion for serialization of HTML
-DOM trees.
-
-This allows an attacker to cause abort due to stack overflow by providing
-a pathologically nested input.
-
-The flaw was corrected by serializing the DOM tree iteratively instead.
-"""
-aliases = ["CVE-2019-15542"]
+url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
 
 [affected.functions]
-"ammonia::clean" = ["< 2.1.0"]
 "ammonia::Document::to_string" = ["< 2.1.0"]
 "ammonia::Document::write_to" = ["< 2.1.0"]
+"ammonia::clean" = ["< 2.1.0"]
 
 [versions]
 patched = [">= 2.1.0"]
+```
+
+# Uncontrolled recursion leads to abort in HTML serialization
+
+Affected versions of this crate did use recursion for serialization of HTML
+DOM trees.
+
+This allows an attacker to cause abort due to stack overflow by providing
+a pathologically nested input.
+
+The flaw was corrected by serializing the DOM tree iteratively instead.

crates/arr/RUSTSEC-2020-0034.toml → crates/arr/RUSTSEC-2020-0034.md

@@ -1,16 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0034"
 package = "arr"
 date = "2020-08-25"
-title = "Multiple security issues including data race, buffer overflow, and uninitialized memory drop"
 url = "https://github.com/sjep/array/issues/1"
-description = """
+
+[versions]
+patched = []
+```
+
+# Multiple security issues including data race, buffer overflow, and uninitialized memory drop
+
 `arr` crate contains multiple security issues. Specifically,
 
 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
 2. `Index` and `IndexMut` implementation does not check the array bound.
 3. `Array::new_from_template()` drops uninitialized memory.
-"""
-
-[versions]
-patched = []

crates/array-queue/RUSTSEC-2020-0047.toml → crates/array-queue/RUSTSEC-2020-0047.md

@@ -1,17 +1,18 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0047"
 package = "array-queue"
 date = "2020-09-26"
-title = "array_queue pop_back() may cause a use-after-free"
-url = "https://github.com/raviqqe/array-queue/issues/2"
-description = """
-array_queue implements a circular queue that wraps around an array. However, it
-fails to properly index into the array in the `pop_back` function allowing the
-reading of previously dropped or uninitialized memory.
-"""
 keywords = ["memory-corruption", "uninitialized-memory", "use-after-free"]
+url = "https://github.com/raviqqe/array-queue/issues/2"
 
 [versions]
-
 patched = []
 unaffected = ["< 0.3.0"]
+```
+
+# array_queue pop_back() may cause a use-after-free
+
+array_queue implements a circular queue that wraps around an array. However, it
+fails to properly index into the array in the `pop_back` function allowing the
+reading of previously dropped or uninitialized memory.

crates/arrayfire/RUSTSEC-2018-0011.toml → crates/arrayfire/RUSTSEC-2018-0011.md

@@ -1,12 +1,24 @@
+```toml
 [advisory]
 id = "RUSTSEC-2018-0011"
 package = "arrayfire"
-date = "2018-12-18"
-title = "Enum repr causing potential memory corruption"
-url = "https://github.com/arrayfire/arrayfire-rust/pull/177"
+aliases = ["CVE-2018-20998"]
 categories = ["memory-corruption"]
+date = "2018-12-18"
 keywords = ["enum", "repr"]
-description = """
+url = "https://github.com/arrayfire/arrayfire-rust/pull/177"
+
+[affected]
+arch = ["x86_64"]
+os = ["windows"]
+
+[versions]
+patched = [">= 3.6.0"]
+unaffected = ["<= 3.5.0"]
+```
+
+# Enum repr causing potential memory corruption
+
 The attribute repr() added to enums to be compatible with C-FFI caused
 memory corruption on MSVC toolchain.
 
@@ -17,13 +29,3 @@ Rust version 1.28.
 The issue seems to be interlinked with which version of Rust is being used.
 
 The issue was fixed in crate 3.6.0.
-"""
-aliases = ["CVE-2018-20998"]
-
-[versions]
-patched = [">= 3.6.0"]
-unaffected = ["<= 3.5.0"]
-
-[affected]
-arch = ["x86_64"]
-os = ["windows"]

crates/asn1_der/RUSTSEC-2019-0007.toml → crates/asn1_der/RUSTSEC-2019-0007.md

@@ -1,18 +1,20 @@
+```toml
 [advisory]
 id = "RUSTSEC-2019-0007"
 package = "asn1_der"
+aliases = ["CVE-2019-15549"]
 date = "2019-06-13"
-title = "Processing of maliciously crafted length fields causes memory allocation SIGABRTs"
-url = "https://github.com/KizzyCode/asn1_der/issues/1"
 keywords = ["dos"]
-description = """
+url = "https://github.com/KizzyCode/asn1_der/issues/1"
+
+[versions]
+patched = [">= 0.6.2"]
+```
+
+# Processing of maliciously crafted length fields causes memory allocation SIGABRTs
+
 Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks.
 
 This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.
 
 The flaw was corrected by not preallocating memory.
-"""
-aliases = ["CVE-2019-15549"]
-
-[versions]
-patched = [">= 0.6.2"]

crates/atom/RUSTSEC-2020-0044.toml → crates/atom/RUSTSEC-2020-0044.md

@@ -1,15 +1,17 @@
+```toml
 [advisory]
 id = "RUSTSEC-2020-0044"
 package = "atom"
 date = "2020-09-21"
 informational = "unsound"
-title = "Unsafe Send implementation in Atom allows data races"
 url = "https://github.com/slide-rs/atom/issues/13"
-description = """
-The `atom` crate contains a security issue revolving around its implementation
-of the Send trait. It incorrectly allows any arbitrary type to be sent across
-threads potentially leading to use-after-free issues through memory races.
-"""
 
 [versions]
 patched = []
+```
+
+# Unsafe Send implementation in Atom allows data races
+
+The `atom` crate contains a security issue revolving around its implementation
+of the Send trait. It incorrectly allows any arbitrary type to be sent across
+threads potentially leading to use-after-free issues through memory races.