From 70389f6a25cca930d3d06f28eec2de3dd077c0c8 Mon Sep 17 00:00:00 2001
From: Alexander Payne <self@myrrlyn.dev>
Date: Fri, 27 Mar 2020 16:10:15 -0600
Subject: [PATCH] Report memory management error in `bitvec`

See myrrlyn/bitvec#55
---
 crates/bitvec/RUSTSEC-0000-0000.toml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 crates/bitvec/RUSTSEC-0000-0000.toml

diff --git a/crates/bitvec/RUSTSEC-0000-0000.toml b/crates/bitvec/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..c33c071
--- /dev/null
+++ b/crates/bitvec/RUSTSEC-0000-0000.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "bitvec"
+date = "2020-03-27"
+title = "use-after or double free of allocated memory"
+url = "https://github.com/myrrlyn/bitvec/issues/55"
+categories = ["memory-corruption"]
+description = """
+Conversion of `BitVec` to `BitBox` did not account for allocation movement.
+
+The flaw was corrected by using the address after resizing, rather than the original base address.
+"""
+functions = { "bitvec::vec::BitVec::into_boxed_bitslice" = ["< 0.17.4, >= 0.11.0"] }
+[versions]
+patched = [">= 0.17.4"]
+unaffected = ["< 0.11.0"]