From 56350b28038fdd030be78754ff5ce702bf760dc8 Mon Sep 17 00:00:00 2001
From: Jake McGinty <me@jake.su>
Date: Thu, 6 Jun 2019 16:54:16 +0900
Subject: [PATCH] [portaudio] add build script RCE

---
 crates/portaudio/RUSTSEC-0000-0000.toml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 crates/portaudio/RUSTSEC-0000-0000.toml

diff --git a/crates/portaudio/RUSTSEC-0000-0000.toml b/crates/portaudio/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..988c598
--- /dev/null
+++ b/crates/portaudio/RUSTSEC-0000-0000.toml
@@ -0,0 +1,15 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "portaudio"
+date = "2016-08-01"
+title = "HTTP download and execution allows MitM RCE"
+description = """
+The build script in the portaudio crate will attempt to download via HTTP
+the portaudio source and build it.
+
+A Mallory in the middle can intercept the download with their own archive
+and get RCE.
+"""
+patched_versions = []
+url = "https://github.com/RustAudio/rust-portaudio/issues/144"
+keywords = ["ssl", "mitm"]