From d59af0f71688a5bb0657beb058a144ce74089478 Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Wed, 4 Sep 2019 18:25:54 +0200
Subject: [PATCH 1/8] Undefined behavior in rand_core

---
 crates/rand_core/RUSTSEC-0000-0000.toml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 crates/rand_core/RUSTSEC-0000-0000.toml

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000000..640b7504ac
--- /dev/null
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -0,0 +1,15 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rand_core"
+date = "2019-04-19"
+title = "Unaligned memory access and invalid pointer usage"
+description = """
+Affected versions of this crate violated alignment when casting byte slices to
+integer slices and violated pointer provenance rules, resulting in undefined
+behavior.
+ 
+The flaws were corrected by Ralf Jung and Diggory Hardy.
+"""
+patched_versions = [">= 0.4.2"]
+url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
+affected_functions = ["rand_core::BlockRng::next_u64", "rand_core::BlockRng::fill_bytes"]

From 3a9d04b5fae6db4e419886f12024cb60d938a957 Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Wed, 4 Sep 2019 18:34:06 +0200
Subject: [PATCH 2/8] Undefined behavior in rand

---
 crates/rand/RUSTSEC-0000-0000.toml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 crates/rand/RUSTSEC-0000-0000.toml

diff --git a/crates/rand/RUSTSEC-0000-0000.toml b/crates/rand/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000000..4108052d80
--- /dev/null
+++ b/crates/rand/RUSTSEC-0000-0000.toml
@@ -0,0 +1,14 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rand"
+date = "2019-04-19"
+title = "Invalid pointer usage"
+description = """
+Affected versions of this crate violated pointer provenance rules, resulting in
+undefined behavior.
+ 
+The flaw was corrected by Ralf Jung.
+"""
+patched_versions = [">= 0.7.0"]
+unaffected_versions = ["< 0.5.0"]
+url = "https://github.com/rust-random/rand/blob/master/CHANGELOG.md#070---2019-06-28"

From 4f6105735e1987fcb8604aa4d158c0a3ecf6e9e7 Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Wed, 24 Jun 2020 19:49:34 +0200
Subject: [PATCH 3/8] Make Rand advisories informational

---
 crates/rand/RUSTSEC-0000-0000.toml      | 1 +
 crates/rand_core/RUSTSEC-0000-0000.toml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crates/rand/RUSTSEC-0000-0000.toml b/crates/rand/RUSTSEC-0000-0000.toml
index 4108052d80..c583932f27 100644
--- a/crates/rand/RUSTSEC-0000-0000.toml
+++ b/crates/rand/RUSTSEC-0000-0000.toml
@@ -2,6 +2,7 @@
 id = "RUSTSEC-0000-0000"
 package = "rand"
 date = "2019-04-19"
+informational = "unsound"
 title = "Invalid pointer usage"
 description = """
 Affected versions of this crate violated pointer provenance rules, resulting in
diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index 640b7504ac..a0168622c0 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -2,6 +2,7 @@
 id = "RUSTSEC-0000-0000"
 package = "rand_core"
 date = "2019-04-19"
+informational = "unsound"
 title = "Unaligned memory access and invalid pointer usage"
 description = """
 Affected versions of this crate violated alignment when casting byte slices to

From f4a382d31b719adf582935aa1c469ae6ec02553d Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Tue, 30 Jun 2020 17:19:55 +0200
Subject: [PATCH 4/8] Don't mention violations of pointer provenance rules

The pointer provenance rules are not yet properly defined for Rust.
---
 crates/rand/RUSTSEC-0000-0000.toml      | 15 ---------------
 crates/rand_core/RUSTSEC-0000-0000.toml |  7 +++----
 2 files changed, 3 insertions(+), 19 deletions(-)
 delete mode 100644 crates/rand/RUSTSEC-0000-0000.toml

diff --git a/crates/rand/RUSTSEC-0000-0000.toml b/crates/rand/RUSTSEC-0000-0000.toml
deleted file mode 100644
index c583932f27..0000000000
--- a/crates/rand/RUSTSEC-0000-0000.toml
+++ /dev/null
@@ -1,15 +0,0 @@
-[advisory]
-id = "RUSTSEC-0000-0000"
-package = "rand"
-date = "2019-04-19"
-informational = "unsound"
-title = "Invalid pointer usage"
-description = """
-Affected versions of this crate violated pointer provenance rules, resulting in
-undefined behavior.
- 
-The flaw was corrected by Ralf Jung.
-"""
-patched_versions = [">= 0.7.0"]
-unaffected_versions = ["< 0.5.0"]
-url = "https://github.com/rust-random/rand/blob/master/CHANGELOG.md#070---2019-06-28"
diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index a0168622c0..554f93d5ca 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -3,12 +3,11 @@ id = "RUSTSEC-0000-0000"
 package = "rand_core"
 date = "2019-04-19"
 informational = "unsound"
-title = "Unaligned memory access and invalid pointer usage"
+title = "Unaligned memory access"
 description = """
 Affected versions of this crate violated alignment when casting byte slices to
-integer slices and violated pointer provenance rules, resulting in undefined
-behavior.
- 
+integer slices, resulting in undefined behavior.
+
 The flaws were corrected by Ralf Jung and Diggory Hardy.
 """
 patched_versions = [">= 0.4.2"]

From 8125b665d6213fc9627321b0d8544134c9673a5c Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Tue, 30 Jun 2020 19:47:03 +0200
Subject: [PATCH 5/8] Flaws -> flaw

Co-authored-by: Ralf Jung <post@ralfj.de>
---
 crates/rand_core/RUSTSEC-0000-0000.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index 554f93d5ca..4608a2d5f9 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -8,7 +8,7 @@ description = """
 Affected versions of this crate violated alignment when casting byte slices to
 integer slices, resulting in undefined behavior.
 
-The flaws were corrected by Ralf Jung and Diggory Hardy.
+The flaw was corrected by Ralf Jung and Diggory Hardy.
 """
 patched_versions = [">= 0.4.2"]
 url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"

From 55fe5961e73e2928d57ae7f88d1e6e5b2237b429 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 24 Jul 2020 09:28:40 -0700
Subject: [PATCH 6/8] rand_core: fix formatting

---
 crates/rand_core/RUSTSEC-0000-0000.toml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index 4608a2d5f9..1de1e9c90f 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -10,6 +10,9 @@ integer slices, resulting in undefined behavior.
 
 The flaw was corrected by Ralf Jung and Diggory Hardy.
 """
-patched_versions = [">= 0.4.2"]
 url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
-affected_functions = ["rand_core::BlockRng::next_u64", "rand_core::BlockRng::fill_bytes"]
+versions.patched = [">= 0.4.2"]
+affected.functions = { 
+  "rand_core::BlockRng::next_u64" = ["< 0.4.2"]
+  "rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
+}

From 264c4a7d229bcbfd9fb414ff9221b4263db7eb68 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 24 Jul 2020 09:50:01 -0700
Subject: [PATCH 7/8] Fix TOML table formatting

---
 crates/rand_core/RUSTSEC-0000-0000.toml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index 1de1e9c90f..d980ab5ba8 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -12,7 +12,7 @@ The flaw was corrected by Ralf Jung and Diggory Hardy.
 """
 url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
 versions.patched = [">= 0.4.2"]
-affected.functions = { 
-  "rand_core::BlockRng::next_u64" = ["< 0.4.2"]
-  "rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
-}
+
+[affected.functions]
+"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
+"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]

From 128e7dff6083b8c832d5e6b0a6b2de4f711fbae9 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 24 Jul 2020 09:58:22 -0700
Subject: [PATCH 8/8] Fix versions TOML

---
 crates/rand_core/RUSTSEC-0000-0000.toml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
index d980ab5ba8..021efc6ac4 100644
--- a/crates/rand_core/RUSTSEC-0000-0000.toml
+++ b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -11,8 +11,10 @@ integer slices, resulting in undefined behavior.
 The flaw was corrected by Ralf Jung and Diggory Hardy.
 """
 url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
-versions.patched = [">= 0.4.2"]
 
 [affected.functions]
 "rand_core::BlockRng::next_u64" = ["< 0.4.2"]
 "rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
+
+[versions]
+patched = [">= 0.4.2"]