Add advisory for libgit2-sys (#1879)

* Add advisory for libgit2-sys

* Fix function prefix.

* Remove empty affected table

crates/libgit2-sys/RUSTSEC-0000-0000.md

@@ -0,0 +1,30 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libgit2-sys"
+date = "2024-02-06"
+url = "https://github.com/rust-lang/git2-rs/pull/1017"
+references = ["https://github.com/libgit2/libgit2/releases/tag/v1.7.2"]
+categories = ["denial-of-service", "code-execution", "memory-corruption"]
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
+related = ["GHSA-j2v7-4f6v-gpg8", "CVE-2024-24577", "GHSA-54mf-x2rh-hq9v", "CVE-2024-24575"]
+
+[affected.functions]
+"libgit2_sys::git_revparse_single" = ["< 0.16.2, >= 0.13.0"]
+"libgit2_sys::git_index_add" = ["< 0.16.2"]
+
+[versions]
+patched = [">= 0.16.2"]
+```
+
+# Memory corruption, denial of service, and arbitrary code execution in libgit2
+
+The [libgit2](https://github.com/libgit2/libgit2/) project fixed three security issues in the 1.7.2 release. These issues are:
+
+* The `git_revparse_single` function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the `git2` crate via the [`Repository::revparse_single`](https://docs.rs/git2/latest/git2/struct.Repository.html#method.revparse_single) method.
+* The `git_index_add` function may cause heap corruption and possibly lead to arbitrary code execution. This function is exposed in the `git2` crate via the [`Index::add`](https://docs.rs/git2/latest/git2/struct.Index.html#method.add) method.
+* The smart transport negotiation may experience an out-of-bounds read when a remote server did not advertise capabilities.
+
+The `libgit2-sys` crate bundles libgit2, or optionally links to a system libgit2 library. In either case, versions of the libgit2 library less than 1.7.2 are vulnerable. The 0.16.2 release of `libgit2-sys` bundles the fixed version of 1.7.2, and requires a system libgit2 version of at least 1.7.2.
+
+It is recommended that all users upgrade.