From e95d3600496c9889bcd09c77d0968e7483a4d100 Mon Sep 17 00:00:00 2001
From: Martin Pugh <martin@parity.io>
Date: Tue, 13 Jul 2021 14:46:23 +0200
Subject: [PATCH] Add advisory for libsecp256k1 (#963)

* add advisory

* fix formatting
---
 crates/libsecp256k1/RUSTSEC-0000-0000.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 crates/libsecp256k1/RUSTSEC-0000-0000.md

diff --git a/crates/libsecp256k1/RUSTSEC-0000-0000.md b/crates/libsecp256k1/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..3d26386
--- /dev/null
+++ b/crates/libsecp256k1/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libsecp256k1"
+date = "2021-07-13"
+url = "https://github.com/paritytech/libsecp256k1/pull/67"
+categories = ["crypto-failure"]
+[versions]
+patched = [">= 0.5.0"]
+```
+
+# libsecp256k1 allows overflowing signatures
+
+libsecp256k1 accepts signatures whose R or S parameter is larger than the
+secp256k1 curve order, which differs from other implementations. This could
+lead to invalid signatures being verified.
+
+The error is resolved in 0.5.0 by adding a `check_overflow` flag.