Report 0025-im to RustSec

crates/im/RUSTSEC-0000-0000.md

@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "im"
+date = "2020-11-09"
+url = "https://github.com/bodil/im-rs/issues/157"
+informational = "unsound"
+
+[versions]
+patched = []
+unaffected = ["< 12.0.0"]
+```
+
+# TreeFocus lacks bounds on its Send and Sync traits
+
+Affected versions of `im` contains `TreeFocus` that unconditionally implements `Send` and `Sync`.
+
+This allows a data race in safe Rust code if `TreeFocus` is extracted from `Focus` type.
+Typical users that only use `Focus` type are not affected.