From 4aeb49df4e79e8a3dc85f059fdb576d8d8c231d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Fri, 11 Jul 2025 15:16:34 +0200
Subject: [PATCH] Add CVE-2025-53549 for matrix-sdk-sqlite

---
 crates/matrix-sdk-sqlite/RUSTSEC-0000-0000.md | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 crates/matrix-sdk-sqlite/RUSTSEC-0000-0000.md

diff --git a/crates/matrix-sdk-sqlite/RUSTSEC-0000-0000.md b/crates/matrix-sdk-sqlite/RUSTSEC-0000-0000.md
new file mode 100644
index 00000000..e05282e0
--- /dev/null
+++ b/crates/matrix-sdk-sqlite/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "matrix-sdk-sqlite"
+date = "2025-07-11"
+url = "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-275g-g844-73jh"
+aliases = ["CVE-2025-53549", "GHSA-275g-g844-73jh"]
+
+categories = ["format-injection"]
+keywords = ["sql-injection"]
+
+[affected.functions]
+"matrix_sdk_sqlite::SqliteEventCacheStore::find_event_relations" = [">= 0.11.0"]
+
+[versions]
+patched = [">= 0.13.0"]
+unaffected = ["< 0.11.0"]
+```
+
+# matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`
+
+The `SqliteEventCacheStore::find_event_with_relations` function constructs SQL
+queries using `format!()` with unescaped input, allowing an attacker to inject
+arbitrary SQL. This results in a SQL injection vulnerability.