Affected Platforms

Documents the use of the `affected_platforms` attribute in advisories,
and adds it to a relevant advisory.

README.md

@@ -70,6 +70,10 @@ patched_versions = [">= 1.2.0"]
 # Versions which were never vulnerable (optional)
 unaffected_versions = ["< 1.1.0"]
 
+# Platforms this vulnerability specifically affects (optional)
+# See: https://docs.rs/rustsec/latest/rustsec/advisory/struct.PlatformReq.html
+#affected_platforms = ["*windows*"]
+
 # Vulnerability aliases, e.g. CVE IDs (optional but recommended)
 # Request a CVE for your RustSec vulns: https://iwantacve.org/
 aliases = ["CVE-2018-XXXX"]

crates/hyper/RUSTSEC-2016-0002.toml

@@ -6,6 +6,7 @@ references = ["RUSTSEC-2016-0001"]
 date = "2016-05-09"
 url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
 title = "HTTPS MitM vulnerability due to lack of hostname verification"
+affected_platforms = ["*windows*"]
 description = """
 When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
 perform hostname verification when making HTTPS requests.