Add advisory for libsecp256k1 (#963)

s3krit · web-flow · commit e95d3600496c · 2021-07-13T15:46:23.000+03:00
* add advisory

* fix formatting
diff --git a/crates/libsecp256k1/RUSTSEC-0000-0000.md b/crates/libsecp256k1/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libsecp256k1"
+date = "2021-07-13"
+url = "https://github.com/paritytech/libsecp256k1/pull/67"
+categories = ["crypto-failure"]
+[versions]
+patched = [">= 0.5.0"]
+```
+
+# libsecp256k1 allows overflowing signatures
+
+libsecp256k1 accepts signatures whose R or S parameter is larger than the
+secp256k1 curve order, which differs from other implementations. This could
+lead to invalid signatures being verified.
+
+The error is resolved in 0.5.0 by adding a `check_overflow` flag.
