Merge pull request #318 from Qwaz/failure-336

Informational advisory for rust-lang-nursery/failure#336
2026-01-04 18:50:34 +01:00 · 2020-08-15 01:03:56 +02:00
parent 90624f4e01 7ba77515fa
commit 1837ccc396
1 changed files with 20 additions and 0 deletions
--- a/crates/failure/RUSTSEC-0000-0000.toml
+++ b/crates/failure/RUSTSEC-0000-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "failure"
+date = "2019-11-13"
+informational = "unsound"
+title = "Type confusion if __private_get_type_id__ is overriden"
+url = "https://github.com/rust-lang-nursery/failure/issues/336"
+keywords = ["unsound"]
+description = """
+Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause
+type confusion when downcasting, which is an undefined behavior.
+
+Users who derive `Fail` trait are not affected.
+"""
+
+[affected]
+functions = { "failure::Fail::__private_get_type_id__" = [">= 0.1.0"] }
+
+[versions]
+patched = []