From 7e9fe78ade2f6ee04c9931a5772e56ca69123a82 Mon Sep 17 00:00:00 2001
From: Thom Chiovoloni <tchiovoloni@mozilla.com>
Date: Sat, 15 Jun 2019 13:13:18 -0700
Subject: [PATCH] Add advisory for pancurses

---
 crates/pancurses/RUSTSEC-0000-0000.toml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/pancurses/RUSTSEC-0000-0000.toml

diff --git a/crates/pancurses/RUSTSEC-0000-0000.toml b/crates/pancurses/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..5712362
--- /dev/null
+++ b/crates/pancurses/RUSTSEC-0000-0000.toml
@@ -0,0 +1,19 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "pancurses"
+date = "2019-06-15"
+
+title = "Format string vulnerabilities in `pancurses`"
+
+description = """
+`pancurses::mvprintw` and `pancurses::printw` passes a pointer from a rust `&str` to C,
+allowing hostile input to execute a format string attack, which trivially allows writing
+arbitrary data to stack memory.
+"""
+
+patched_versions = []
+
+url = "https://github.com/RustSec/advisory-db/issues/106"
+
+affected_functions = ["pancurses::mvprintw", "pancurses::printw"]