From 5cc058955173015a23bc80cafb4a576af7ea9946 Mon Sep 17 00:00:00 2001
From: "Sergey \"Shnatsel\" Davidoff" <sdavydov@google.com>
Date: Fri, 14 Aug 2020 18:22:30 +0200
Subject: [PATCH] Add advisory for rgb

---
 crates/rgb/RUSTSEC-0000-0000.toml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 crates/rgb/RUSTSEC-0000-0000.toml

diff --git a/crates/rgb/RUSTSEC-0000-0000.toml b/crates/rgb/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..f08b91b
--- /dev/null
+++ b/crates/rgb/RUSTSEC-0000-0000.toml
@@ -0,0 +1,21 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rgb"
+date = "2020-10-14"
+title = "Allows viewing and modifying arbitrary structs as bytes"
+url = "https://github.com/kornelski/rust-rgb/issues/35"
+informational = "unsound"
+keywords = ["type confusion"]
+description = """
+Affected versions of rgb crate allow viewing and modifying data any type `T` wrapped in `RGB<T>` as bytes,
+and do not correctly constrain `RGB<T>` and other wrapper structures to the types for which it is safe to do so.
+
+If a type containing madding is wrapped in `RGB<T>` and similar wrapper structures,
+viewing it as bytes may lead to exposure of contents of uninitialized memory.
+
+If a type containing a pointer is wrapped in `RGB<T>` and similar wrapper structures,
+modifying it as bytes may lead to derefericing of arbitrary pointers.
+"""
+[versions]
+patched = [">= 0.8.20"]
+unaffected = ["< 0.5.4"]