From f65960fb51375f0162a659db261848eb2ee6bdfa Mon Sep 17 00:00:00 2001
From: "Heinz N. Gies" <heinz@licenser.net>
Date: Mon, 24 Jun 2019 20:35:21 +0200
Subject: [PATCH 1/2] Add advisory for segfault bug in simd-json.rs

---
 crates/simd-json/RUSTSEC-0000-0000.toml | 40 +++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 crates/simd-json/RUSTSEC-0000-0000.toml

diff --git a/crates/simd-json/RUSTSEC-0000-0000.toml b/crates/simd-json/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..c20dc06
--- /dev/null
+++ b/crates/simd-json/RUSTSEC-0000-0000.toml
@@ -0,0 +1,40 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "simd-json"
+
+# Disclosure date of the advisory as an RFC 3339 date (mandatory)
+date = "2019-06-24"
+
+title = "Flaw in string parsing can lead to crashes due to invalid memory access."
+
+# Enter a short-form description of the vulnerability here (mandatory)
+description = """
+The affected version of this crate did not guard against accessing memory
+beyond the range of it's input data. A pointer cast to read the data into
+a 256 bit register could lead to a sengmentation fault when the end plus
+the 32 byte (256 bit) read would overlap into the next page during string
+parsing.
+
+```
+page   |  ...  page 1  ...  | ... page 2  ... |
+data   | x[n * 32 byte]xx__ |                 |
+access | ..][ 32 byte ]     |                 |
+segflt |               [ 32 | byte ]          |
+```
+
+This allows an attacker to eventually crash a service.
+ 
+The flaw was corrected by using a padding buffer for the last read form the
+input. So that we are we never read over the boundary of the input data.
+"""
+
+patched_versions = [">= 0.1.15"]
+
+unaffected_versions = ["<= 0.1.13"]
+
+url = "https://github.com/Licenser/simdjson-rs/pull/273"
+
+keywords = ["simd"]
+
+affected_arch = ["x86", "x86_64"]
\ No newline at end of file

From 8134840adea28cbec08b69698461c78f786106f9 Mon Sep 17 00:00:00 2001
From: "Heinz N. Gies" <heinz@licenser.net>
Date: Mon, 24 Jun 2019 21:11:48 +0200
Subject: [PATCH 2/2] Remove comments and fix spelling

---
 crates/simd-json/RUSTSEC-0000-0000.toml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/crates/simd-json/RUSTSEC-0000-0000.toml b/crates/simd-json/RUSTSEC-0000-0000.toml
index c20dc06..e4e48f6 100644
--- a/crates/simd-json/RUSTSEC-0000-0000.toml
+++ b/crates/simd-json/RUSTSEC-0000-0000.toml
@@ -3,17 +3,15 @@ id = "RUSTSEC-0000-0000"
 
 package = "simd-json"
 
-# Disclosure date of the advisory as an RFC 3339 date (mandatory)
 date = "2019-06-24"
 
 title = "Flaw in string parsing can lead to crashes due to invalid memory access."
 
-# Enter a short-form description of the vulnerability here (mandatory)
 description = """
 The affected version of this crate did not guard against accessing memory
-beyond the range of it's input data. A pointer cast to read the data into
-a 256 bit register could lead to a sengmentation fault when the end plus
-the 32 byte (256 bit) read would overlap into the next page during string
+beyond the range of its input data. A pointer cast to read the data into
+a 256-bit register could lead to a segmentation fault when the end plus
+the 32 bytes (256 bit) read would overlap into the next page during string
 parsing.
 
 ```
@@ -25,7 +23,7 @@ segflt |               [ 32 | byte ]          |
 
 This allows an attacker to eventually crash a service.
  
-The flaw was corrected by using a padding buffer for the last read form the
+The flaw was corrected by using a padding buffer for the last read from the
 input. So that we are we never read over the boundary of the input data.
 """