From 793301b134c3cdfc02f730d90c61d1b9c652c6ee Mon Sep 17 00:00:00 2001
From: Jacob Pratt <jacob@jhpratt.dev>
Date: Wed, 18 Nov 2020 21:19:28 -0500
Subject: [PATCH] Potential segfault in the time crate (#485)

---
 crates/time/RUSTSEC-0000-0000.md | 68 ++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 crates/time/RUSTSEC-0000-0000.md

diff --git a/crates/time/RUSTSEC-0000-0000.md b/crates/time/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..d911baa
--- /dev/null
+++ b/crates/time/RUSTSEC-0000-0000.md
@@ -0,0 +1,68 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "time"
+date = "2020-11-18"
+url = "https://github.com/time-rs/time/issues/293"
+categories = ["code-execution", "memory-corruption"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+keywords = ["segfault"]
+aliases = ["CVE-2020-26235"]
+
+[affected]
+# any Unix-like OS
+os = [
+    "linux",
+    "Redox",
+    "rolaris",
+    "android",
+    "ios",
+    "macos",
+    "netbsd",
+    "openbsd",
+    "bitrig",
+    "freebsd",
+]
+[affected.functions]
+"time::UtcOffset::local_offset_at" = ["< 0.2.23"]
+"time::UtcOffset::try_local_offset_at" = ["< 0.2.23"]
+"time::UtcOffset::current_local_offset" = ["< 0.2.23"]
+"time::UtcOffset::try_current_local_offset" = ["< 0.2.23"]
+"time::OffsetDateTime::now_local" = ["< 0.2.23"]
+"time::OffsetDateTime::try_now_local" = ["< 0.2.23"]
+
+[versions]
+patched = [">= 0.2.23"]
+unaffected = ["< 0.2.7"]
+```
+
+# Potential segfault in the time crate
+
+## Impact
+
+Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions.
+
+The affected functions are:
+
+- `time::UtcOffset::local_offset_at`
+- `time::UtcOffset::try_local_offset_at`
+- `time::UtcOffset::current_local_offset`
+- `time::UtcOffset::try_current_local_offset`
+- `time::OffsetDateTime::now_local`
+- `time::OffsetDateTime::try_now_local`
+
+Non-Unix targets are unaffected. This includes Windows and wasm.
+
+## Patches
+
+Pending a proper fix, the internal method that determines the local offset has been modified to always return `None` on the affected operating systems. This has the effect of returning an `Err` on the `try_*` methods and `UTC` on the non-`try_*` methods.
+
+Users and library authors with time in their dependency tree should perform `cargo update`, which will pull in a the updated, unaffected code.
+
+## Workarounds
+
+No workarounds are known.
+
+## References
+
+#293