Merge pull request #93 from xfix/ammonia-advisory

Add advisory for ammonia

crates/ammonia/RUSTSEC-0000-0000.toml

@@ -0,0 +1,22 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ammonia"
+date = "2019-04-27"
+title = "Uncontrolled recursion leads to abort in HTML serialization"
+description = """
+Affected versions of this crate did use recursion for serialization of HTML
+DOM trees.
+
+This allows an attacker to cause abort due to stack overflow by providing
+a pathologically nested input.
+
+The flaw was corrected by serializing the DOM tree iteratively instead.
+"""
+patched_versions = [">= 2.1.0"]
+url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
+keywords = ["stack-overflow", "crash"]
+affected_functions = [
+    "ammonia::clean",
+    "ammonia::Document::to_string",
+    "ammonia::Document::write_to",
+]