From 74e85683892acd9bf04c761b009c4929f9a47d68 Mon Sep 17 00:00:00 2001
From: "Sergey \"Shnatsel\" Davidoff" <sdavydov@google.com>
Date: Sat, 26 Sep 2020 21:47:56 +0200
Subject: [PATCH] Advisory for unsound pinning in actix-codec

---
 crates/actix-codec/RUSTSEC-0000-0000.toml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 crates/actix-codec/RUSTSEC-0000-0000.toml

diff --git a/crates/actix-codec/RUSTSEC-0000-0000.toml b/crates/actix-codec/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..40fa8c1
--- /dev/null
+++ b/crates/actix-codec/RUSTSEC-0000-0000.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "actix-codec"
+date = "2020-01-30"
+title = "Use-after-free in Framed due to lack of pinning"
+url = "https://github.com/actix/actix-net/issues/91"
+categories = ["memory-corruption"]
+
+description = """
+Affected versions of this crate did not require the buffer wrapped in `Framed` to be pinned,
+but treated it as if it had a fixed location in memory. This may result in a use-after-free.
+ 
+The flaw was corrected by making the affected functions accept `Pin<&mut Self>` instead of `&mut self`.
+"""
+
+# Versions which include fixes for this vulnerability (mandatory)
+[versions]
+patched = [">= 0.3.0-beta.1"]