From 439853f66794de12bf30e819b9c108bdb30387ee Mon Sep 17 00:00:00 2001
From: "Stephen M. Coakley" <me@stephencoakley.com>
Date: Sun, 1 Sep 2019 13:45:03 -0500
Subject: [PATCH] Create RUSTSEC-0000-0000.toml

---
 crates/chttp/RUSTSEC-0000-0000.toml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 crates/chttp/RUSTSEC-0000-0000.toml

diff --git a/crates/chttp/RUSTSEC-0000-0000.toml b/crates/chttp/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..5211215
--- /dev/null
+++ b/crates/chttp/RUSTSEC-0000-0000.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "chttp"
+date = "2019-09-01"
+title = "Use-after-free in buffer conversion implementation"
+description = """
+The From<Buffer> implementation for Vec<u8> was not properly implemented,
+returning a vector backed by freed memory. This could lead to memory corruption
+or be exploited to cause undefined behavior.
+ 
+A fix was published in version 0.1.3.
+"""
+patched_versions = [">= 0.1.3"]
+unaffected_versions = ["< 0.1.1"]
+url = "https://github.com/sagebind/isahc/issues/2"
+keywords = ["memory-management", "memory-corruption"]