Merge pull request #95 from gnzlbg/slice_deq2

Add advisory for slice-deque

crates/slice-deque/RUSTSEC-0000-0000.toml

@@ -0,0 +1,25 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "slice-deque"
+date = "2019-05-07"
+title = "Bug in SliceDeque::move_head_unchecked corrupts its memory"
+patched_versions = [">= 0.2.0"]
+url = "https://github.com/gnzlbg/slice_deque/issues/57"
+keywords = ["memory-corruption", "rce"]
+references = ["RUSTSEC-2018-0008"]
+description = """
+
+Affected versions of this crate entered a corrupted state if
+`mem::size_of::<T>() % allocation_granularity() != 0` and a specific allocation
+pattern was used: sufficiently shifting the deque elements over the mirrored
+page boundary.
+
+This allows an attacker that controls controls both element insertion and
+removal to corrupt the deque, such that reading elements from it would read
+bytes corresponding to other elements in the deque. (e.g. a read of T could read
+some bytes from one value and some bytes from an adjacent one, resulting in a T
+whose value representation is not meaningful). This is undefined behavior.
+ 
+The flaw was corrected by using a pair of pointers to track the head and tail of
+the deque instead of a pair of indices. This pair of pointers are represented
+using a Rust slice."""