From 5466d5badf95763b2ed3b581bb1d55dd3aace067 Mon Sep 17 00:00:00 2001
From: Thom Chiovoloni <tchiovoloni@mozilla.com>
Date: Sat, 15 Jun 2019 13:08:46 -0700
Subject: [PATCH] Add advisory for ncurses

---
 crates/ncurses/RUSTSEC-0000-0000.toml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/ncurses/RUSTSEC-0000-0000.toml

diff --git a/crates/ncurses/RUSTSEC-0000-0000.toml b/crates/ncurses/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..dfebc90
--- /dev/null
+++ b/crates/ncurses/RUSTSEC-0000-0000.toml
@@ -0,0 +1,22 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "ncurses"
+date = "2019-06-15"
+
+title = "Buffer overflow and format vulnerabilities in functions exposed without unsafe"
+
+description = """
+`ncurses` exposes functions from the ncurses library which:
+
+- Pass buffers without length to C functions that may write an arbitrary amount of
+  data, leading to a buffer overflow. (`instr`, `mvwinstr`, etc)
+- Passes rust &str to strings expecting C format arguments, allowing a format
+  vulnerability (functions in the `printw` family).
+"""
+
+patched_versions = []
+
+url = "https://github.com/RustSec/advisory-db/issues/106"
+
+affected_functions = ["ncurses::instr", "ncurses::mvwinstr", "ncurses::printw", "ncurses::mvprintw", "ncurses::mvwprintw"]
\ No newline at end of file