From 0c128ba5cc30cc8a486e6d825ff90a8c9af0b54c Mon Sep 17 00:00:00 2001
From: Lukas Bergdoll <lukas.bergdoll@gmail.com>
Date: Sat, 11 Nov 2023 15:48:23 +0100
Subject: [PATCH] Add Insufficient covariance check makes self_cell unsound
 (#1818)

---
 crates/self_cell/RUSTSEC-0000-0000.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 crates/self_cell/RUSTSEC-0000-0000.md

diff --git a/crates/self_cell/RUSTSEC-0000-0000.md b/crates/self_cell/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..30179dc
--- /dev/null
+++ b/crates/self_cell/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "self_cell"
+date = "2023-11-10"
+url = "https://github.com/Voultapher/self_cell/issues/49"
+categories = []
+keywords = ["unsound", "self_cell", "self-referential"]
+
+[versions]
+patched = [">= 0.10.3, < 1.0.0", ">= 1.0.2"]
+```
+
+# Insufficient covariance check makes self_cell unsound
+
+All public versions prior to `1.02` used an insufficient check to ensure that
+users correctly marked the dependent type as either `covariant` or
+`not_covariant`. This allowed users to mark a dependent as covariant even though
+its type was not covariant but invariant, for certain invariant types involving
+trait object lifetimes. One example for such a dependent type is `type
+Dependent<'a> = RefCell<Box<dyn fmt::Display + 'a>>`. Such a type allowed
+unsound usage in purely safe user code that leads to undefined behavior. The
+patched versions now produce a compile time error if such a type is marked as
+`covariant`.