From 924dd24c23f15673b368b870daa4912320ad3ba8 Mon Sep 17 00:00:00 2001
From: Pierre Krieger <pierre.krieger1708@gmail.com>
Date: Wed, 15 May 2019 19:02:48 +0200
Subject: [PATCH] Add libp2p ed25519 signature verification failure

---
 crates/libp2p-core/RUSTSEC-0000-0000.toml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 crates/libp2p-core/RUSTSEC-0000-0000.toml

diff --git a/crates/libp2p-core/RUSTSEC-0000-0000.toml b/crates/libp2p-core/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..50d343e
--- /dev/null
+++ b/crates/libp2p-core/RUSTSEC-0000-0000.toml
@@ -0,0 +1,13 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libp2p-core"
+date = "2019-05-15"
+title = "Failure to properly verify ed25519 signatures makes any signature valid"
+description = """
+Affected versions of this crate did not properly verify ed25519 signatures.
+Any signature with a correct length was considered valid.
+
+This allows an attacker to impersonate any node identity.
+"""
+patched_versions = [">= 0.7.1", ">= 0.8.1"]
+unaffected_versions = ["< 0.3"]