From 59bee556dd56ebbe139fe951db287e60a97b29bc Mon Sep 17 00:00:00 2001
From: Lyndon Brown <jnqnfe@gmail.com>
Date: Sun, 25 Oct 2020 19:19:41 +0000
Subject: [PATCH] Add advisory for use-after-frees fixed in libpulse-binding
 v1.2.1 (#433)

---
 crates/libpulse-binding/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/libpulse-binding/RUSTSEC-0000-0000.md

diff --git a/crates/libpulse-binding/RUSTSEC-0000-0000.md b/crates/libpulse-binding/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..dcd0dd5
--- /dev/null
+++ b/crates/libpulse-binding/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libpulse-binding"
+date = "2018-06-15"
+url = "https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w"
+categories = ["memory-corruption"]
+
+[versions]
+patched = [">= 1.2.1"]
+
+[affected.functions]
+"libpulse_binding::stream::Stream::get_format_info" = ["< 1.2.1"]
+"libpulse_binding::stream::Stream::get_context" = ["< 1.2.1"]
+```
+
+# Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods
+
+Affected versions contained a pair of use-after-free issues with the objects returned by the `get_format_info` and `get_context` methods of `Stream` objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.