* Add advisory for tokio-rs/tokio#4225
If a `tokio::sync::oneshot` channel is closed (via the
[`oneshot::Receiver::close`] method), a data race may occur if the
`oneshot::Sender::send` method is called while the corresponding
`oneshot::Receiver` is `await`ed or calling `try_recv`.
When these methods are called concurrently on a closed channel, the two halves
of the channel can concurrently access a shared memory location, resulting in a
data race. This has been observed to [cause memory corruption][corruption].
Note that the race only occurs when **both** halves of the channel are used
after one half has called `close`. Code where `close` is not used, or where the
`Receiver` is not `await`ed and `try_recv` is not called after calling `close`,
is not affected.
See tokio-rs/tokio#4225 for more details.
This issue was patched in v1.13.1. The patch was backported to the current
LTS version (v1.8.x) in release v1.8.4.
* Update crates/tokio/RUSTSEC-0000-0000.md
Co-authored-by: Tony Arcieri <bascule@gmail.com>
* fix toml lint
whoops
* Update crates/tokio/RUSTSEC-0000-0000.md
* Update crates/tokio/RUSTSEC-0000-0000.md
Co-authored-by: Tony Arcieri <bascule@gmail.com>
* add cve info to advisories
* Put `aliases` field in the proper place
It should not be under `[versions]`
* move `aliases` to the proper place
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
* Add RUSTSEC for tokio#3929
* Update version range
* Wrap with code fences
* Add advisory information
* Add unaffected
* Don't use tilde in version specification
it's not yet supported by rustsec v0.24
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
