From b1d3a5e73f82f96a1ee5d4a4135832c56416e2bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20K=C4=85dzio=C5=82ka?= <kuba@kadziolka.net>
Date: Tue, 12 May 2020 19:04:44 +0200
Subject: [PATCH] Advisory for rio

---
 crates/rio/RUSTSEC-0000-0000.toml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/rio/RUSTSEC-0000-0000.toml

diff --git a/crates/rio/RUSTSEC-0000-0000.toml b/crates/rio/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000000..19e8a83eab
--- /dev/null
+++ b/crates/rio/RUSTSEC-0000-0000.toml
@@ -0,0 +1,19 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rio"
+date = "2020-05-11"
+title = "rio allows a use-after-free buffer access when a future is leaked"
+url = "https://github.com/spacejam/rio/issues/11"
+categories = ["memory-corruption", "memory-exposure"]
+description = """
+When a `rio::Completion` is leaked, its drop code will not run. The drop code
+is responsible for waiting until the kernel completes the I/O operation into, or
+out of, the buffer borrowed by `rio::Completion`. Leaking the struct will allow
+one to access and/or drop the buffer, which can lead to a use-after-free,
+data races or leaking secrets.
+
+Upstream is not interested in fixing the issue.
+"""
+
+[versions]
+patched = []