From cff4f820acd57c628b62ac27f7dbd789f0be82d3 Mon Sep 17 00:00:00 2001
From: Lzu Tao <taolzu@gmail.com>
Date: Sat, 25 Apr 2020 15:38:14 +0000
Subject: [PATCH] warn about CVE-2020-1967

---
 crates/openssl-src/RUSTSEC-0000-0000.toml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 crates/openssl-src/RUSTSEC-0000-0000.toml

diff --git a/crates/openssl-src/RUSTSEC-0000-0000.toml b/crates/openssl-src/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..c582913
--- /dev/null
+++ b/crates/openssl-src/RUSTSEC-0000-0000.toml
@@ -0,0 +1,18 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl-src"
+date = "2020-04-25"
+title = "Crash causing Denial of Service attack"
+url = "https://www.openssl.org/news/secadv/20200421.txt"
+categories = ["denial-of-service"]
+description = """
+Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 
+handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 
+"signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature 
+algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of 
+Service attack."""
+aliases = ["CVE-2020-1967"]
+
+[versions]
+patched = [">= 111.9.0+1.1.1g"]
+unaffected = ["< 111.6.0+1.1.1d"]