buck2.advisories.yaml

schema-version: 2.0.2

package:
  name: buck2

advisories:
  - id: CGA-6cf8-49j8-g8m2
    aliases:
      - GHSA-8qv2-5vq6-g2g7
    events:
      - timestamp: 2024-07-30T07:03:03Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: 0e9895e889044139
            componentName: webpki
            componentVersion: 0.21.4
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype
      - timestamp: 2024-07-30T19:56:31Z
        type: pending-upstream-fix
        data:
          note: When bumping this dependency it broke the build as other direct/indirect dependencies use that version and might need to bump other dependencies as well.

  - id: CGA-7x36-fpv3-2vfj
    aliases:
      - CVE-2021-38187
      - GHSA-hc92-9h3m-c39j
    events:
      - timestamp: 2024-07-30T07:03:04Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: d524ae68101acd7d
            componentName: anymap
            componentVersion: 0.12.1
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype
      - timestamp: 2024-07-30T20:27:04Z
        type: fixed
        data:
          fixed-version: 20240701-r2
      - timestamp: 2024-10-08T20:22:46Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: d524ae68101acd7d
            componentName: anymap
            componentVersion: 0.12.1
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype
      - timestamp: 2024-10-09T09:39:20Z
        type: pending-upstream-fix
        data:
          note: The affected dependency is no longer maintained in an official capacity and is the responsibility of upstream maintainers to implement a different dependency or fix.

  - id: CGA-g37g-cgr5-vmc5
    aliases:
      - GHSA-wwq9-3cpr-mm53
    events:
      - timestamp: 2024-12-05T08:19:22Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: 086819d4d95d14d5
            componentName: hashbrown
            componentVersion: 0.15.0
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype

  - id: CGA-g62h-6j69-738r
    aliases:
      - CVE-2024-47609
      - GHSA-4jwc-w2hc-78qv
    events:
      - timestamp: 2024-10-02T08:06:01Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: 1bae579c23114e66
            componentName: tonic
            componentVersion: 0.9.2
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype

  - id: CGA-phfv-856w-g6rj
    aliases:
      - CVE-2024-12224
      - GHSA-h97m-ww89-6jmq
    events:
      - timestamp: 2024-12-10T08:30:10Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: buck2
            componentID: dd995b088b85142e
            componentName: idna
            componentVersion: 0.5.0
            componentType: rust-crate
            componentLocation: /usr/bin/buck2
            scanner: grype