add crossbeam-queue advisory

rustsec · May 10, 2022 · 3d8a9a3 · 3d8a9a3
1 parent 7975ad6
commit 3d8a9a3
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/crates/crossbeam-queue/RUSTSEC-0000-0000.md b/crates/crossbeam-queue/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "crossbeam-queue"
+date = "2022-05-10"
+informational = "unsound"
+url = "https://github.com/crossbeam-rs/crossbeam/pull/458"
+
+[versions]
+patched = [">= 0.2.3"]
+
+```
+
+# `SegQueue` creates zero value of any type
+
+Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.
+This is unsound e.g. if `T` is a reference type (which must be non-null).
+
+The flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.