From f8ff9cfc6fe246920404186a5628d4c992e4b069 Mon Sep 17 00:00:00 2001
From: Jonathan Foote <jmfoote@loyola.edu>
Date: Fri, 24 Jan 2020 15:27:56 -0500
Subject: [PATCH] Add lucet-runtime-internals sigstack allocation vuln advisory

---
 .../RUSTSEC-0000-0000.toml                    | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml

diff --git a/crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml b/crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..1129037
--- /dev/null
+++ b/crates/lucet-runtime-internals/RUSTSEC-0000-0000.toml
@@ -0,0 +1,24 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "lucet-runtime-internals"
+
+date = "2020-01-24"
+
+title = "sigstack allocation bug can cause memory corruption or leak"
+
+description = """
+An embedding using affected versions of lucet-runtime configured to use
+non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode
+without optimizations, could leak data from the signal handler stack to guest
+programs. This can potentially cause data from the embedding host to leak to
+guest programs or cause corruption of guest program memory.
+
+This flaw was resolved by correcting the sigstack allocation logic.
+"""
+
+patched_versions = ["< 0.5.0, >= 0.4.3", “>= 0.5.1”]
+
+url = "https://github.com/bytecodealliance/lucet/pull/401”
+
+categories = ["memory-corruption", "memory-exposure"]