From 4bfa224c9f64ed0a0da0a7f82319d61bd878748a Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Sun, 24 Jan 2021 15:36:47 -0800
Subject: [PATCH] Add advisory for data race in tiny_future

---
 crates/tiny_future/RUSTSEC-0000-0000.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 crates/tiny_future/RUSTSEC-0000-0000.md

diff --git a/crates/tiny_future/RUSTSEC-0000-0000.md b/crates/tiny_future/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..1e1e3fe
--- /dev/null
+++ b/crates/tiny_future/RUSTSEC-0000-0000.md
@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tiny_future"
+date = "2020-12-08"
+url = "https://github.com/KizzyCode/tiny_future/issues/1"
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.4.0"]
+```
+
+# Future<T> lacks bounds on Send and Sync.
+
+`tiny_future` contains a light-weight implementation of `Future`s. The `Future`
+type it has lacked bound on its `Send` and `Sync` traits.
+
+This allows for a bug where non-thread safe types such as `Cell` can be used in
+`Future`s and cause data races in concurrent programs.
+
+The flaw was corrected in commit `c791919` by adding trait bounds to `Future`'s
+`Send` and `Sync`.