From 6d238619b62bdec4e11ebb2f382716df711d8eee Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Fri, 24 Jul 2020 19:00:19 +0200
Subject: [PATCH] Undefined behavior in Rand (#149)

Co-authored-by: Ralf Jung <post@ralfj.de>
Co-authored-by: Tony Arcieri <bascule@gmail.com>
---
 crates/rand_core/RUSTSEC-0000-0000.toml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 crates/rand_core/RUSTSEC-0000-0000.toml

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
new file mode 100644
index 000000000..021efc6ac
--- /dev/null
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rand_core"
+date = "2019-04-19"
+informational = "unsound"
+title = "Unaligned memory access"
+description = """
+Affected versions of this crate violated alignment when casting byte slices to
+integer slices, resulting in undefined behavior.
+
+The flaw was corrected by Ralf Jung and Diggory Hardy.
+"""
+url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
+
+[affected.functions]
+"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
+"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
+
+[versions]
+patched = [">= 0.4.2"]