From b1c90cfd1044fe70a5711bc03f2139bb2304b8de Mon Sep 17 00:00:00 2001
From: Trent Nelson <490004+t-nelson@users.noreply.github.com>
Date: Mon, 23 Mar 2026 23:33:33 -0600
Subject: [PATCH] Add unaffected versions for RUSTSEC-2026-0049

vulnerable logic was introduced in https://github.com/rustls/webpki/commit/27342c05ed55b89a158c23bd5e7c78391f1255ba, first released in 0.102.0-alpha.0
---
 crates/rustls-webpki/RUSTSEC-2026-0049.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/rustls-webpki/RUSTSEC-2026-0049.md b/crates/rustls-webpki/RUSTSEC-2026-0049.md
index 087c7dae..17ac03af 100644
--- a/crates/rustls-webpki/RUSTSEC-2026-0049.md
+++ b/crates/rustls-webpki/RUSTSEC-2026-0049.md
@@ -9,6 +9,7 @@ aliases = ["GHSA-pwjx-qhcg-rvj4"]
 
 [versions]
 patched = [">= 0.103.10"]
+unaffected = ["< 0.102.0-alpha.0"]
 ```
 
 # CRLs not considered authoritative by Distribution Point due to faulty matching logic