From f7c02faed1afc41101695a667bfd566f88d1837f Mon Sep 17 00:00:00 2001
From: "Sergey \"Shnatsel\" Davidoff" <sdavydov@google.com>
Date: Sat, 26 Sep 2020 18:31:04 +0200
Subject: [PATCH] add advisory for custom Cell in actix-utils

---
 crates/actix-utils/RUSTSEC-0000-0000.toml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 crates/actix-utils/RUSTSEC-0000-0000.toml

diff --git a/crates/actix-utils/RUSTSEC-0000-0000.toml b/crates/actix-utils/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..9f70c87
--- /dev/null
+++ b/crates/actix-utils/RUSTSEC-0000-0000.toml
@@ -0,0 +1,22 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "actix-utils"
+date = "2020-01-08"
+
+title = "bespoke Cell implementation allows obtaining several mutable references to the same data"
+url = "https://github.com/actix/actix-net/pull/158"
+categories = ["memory-corruption"]
+informational = "unsound"
+
+description = """
+The custom implementation of a Cell primitive in the affected versions of this crate
+does not keep track of mutable references to the underlying data.
+
+This allows obtaining several mutable references to the same object
+which may result in arbitrary memory corruption, most likely use-after-free.
+
+The flaw was corrected by switching from a bespoke `Cell<T>` implementation to `Rc<RefCell<T>>`.
+"""
+
+[versions]
+patched = [">= 2.0.0"]