From 8f6dc8608a67b711b74fa1595f01abab3be8cc00 Mon Sep 17 00:00:00 2001
From: Youngsuk Kim <joseph942010@gmail.com>
Date: Tue, 26 Jan 2021 20:21:19 -0500
Subject: [PATCH] beef: beef::Cow lacks a Sync bound on its Send trait allowing
 for data races (#696)

---
 crates/beef/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/beef/RUSTSEC-0000-0000.md

diff --git a/crates/beef/RUSTSEC-0000-0000.md b/crates/beef/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..077970e
--- /dev/null
+++ b/crates/beef/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "beef"
+date = "2020-10-28"
+url = "https://github.com/maciejhirsz/beef/issues/37"
+categories = ["memory-corruption", "thread-safety"]
+
+[versions]
+patched = [">= 0.5.0"]
+```
+
+# beef::Cow lacks a Sync bound on its Send trait allowing for data races
+
+Affected versions of this crate did not have a `T: Sync` bound in the `Send` impl for `Cow<'_, T, U>`. This allows users to create data races by making `Cow` contain types that are (Send && !Sync) like `Cell<_>` or `RefCell<_>`.
+
+Such data races can lead to memory corruption.
+
+The flaw was corrected in commit d1c7658 by adding trait bounds `T: Sync` and `T::Owned: Send` to the `Send` impl for `Cow<'_, T, U>`.