From aaf99ec45deb430d77414830deeb76cae1e65c51 Mon Sep 17 00:00:00 2001
From: Konrad Borowski <konrad@borowski.pw>
Date: Sun, 28 Apr 2019 15:06:27 +0200
Subject: [PATCH] Add advisory for ammonia

---
 crates/ammonia/RUSTSEC-0000-0000.toml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/ammonia/RUSTSEC-0000-0000.toml

diff --git a/crates/ammonia/RUSTSEC-0000-0000.toml b/crates/ammonia/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..5d8bb03
--- /dev/null
+++ b/crates/ammonia/RUSTSEC-0000-0000.toml
@@ -0,0 +1,22 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ammonia"
+date = "2019-04-27"
+title = "Uncontrolled recursion leads to abort in HTML serialization"
+description = """
+Affected versions of this crate did use recursion for serialization of HTML
+DOM trees.
+
+This allows an attacker to cause abort due to stack overflow by providing
+a pathologically nested input.
+
+The flaw was corrected by serializing the DOM tree iteratively instead.
+"""
+patched_versions = [">= 2.1.0"]
+url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
+keywords = ["stack-overflow", "crash"]
+affected_functions = [
+    "ammonia::clean",
+    "ammonia::Document::to_string",
+    "ammonia::Document::write_to",
+]