Add advisory for data race in ruspiro-singleton

crates/ruspiro-singleton/RUSTSEC-0000-0000.md

@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ruspiro-singleton"
+date = "2020-11-16"
+url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10"
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.4.1"]
+```
+
+# Singleton lacks bounds on Send and Sync.
+
+`Singleton<T>` is meant to be a static object that can be initialized lazily. In
+order to satisfy the requirement that `static` items must implement `Sync`,
+`Singleton` implemented both `Sync` and `Send` unconditionally.
+
+This allows for a bug where non-`Sync` types such as `Cell` can be used in
+singletons and cause data races in concurrent programs.
+
+The flaw was corrected in commit `b0d2bd20e` by adding trait bounds, requiring
+the contaiend type to implement `Sync`.