From 7feb037b84c34b5f711eadeae98b3482b6e41f11 Mon Sep 17 00:00:00 2001
From: Matt Brubeck <mbrubeck@limpet.net>
Date: Tue, 12 Jan 2021 11:05:27 -0800
Subject: [PATCH] RUSTSEC-2020-0017.md (use-after-free in internment) is fixed
 (#554)

The vulnerability in this report was fixed in internment 0.4.0.  For details, see
https://github.com/droundy/internment/issues/11#issuecomment-758862385.
---
 crates/internment/RUSTSEC-2020-0017.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crates/internment/RUSTSEC-2020-0017.md b/crates/internment/RUSTSEC-2020-0017.md
index 59c9f9c..0438b44 100644
--- a/crates/internment/RUSTSEC-2020-0017.md
+++ b/crates/internment/RUSTSEC-2020-0017.md
@@ -11,7 +11,7 @@ url = "https://github.com/droundy/internment/issues/11"
 "internment::ArcIntern::drop" = [">= 0.3.12"]
 
 [versions]
-patched = []
+patched = [">= 0.4.0"]
 unaffected = ["< 0.3.12"]
 ```
 
@@ -21,4 +21,7 @@ unaffected = ["< 0.3.12"]
 which is about to get another user. The new user will get a reference
 to freed memory.
 
+This was fixed by serializing access to an interned object while it
+is being deallocated.
+
 Versions prior to 0.3.12 used stronger locking which avoided the problem.