From f7307c13040362bd4f04e7aa6db9a9eb2198a35a Mon Sep 17 00:00:00 2001
From: Ammar Askar <ammar@ammaraskar.com>
Date: Fri, 22 Jan 2021 11:09:50 -0800
Subject: [PATCH] Add advisory for data race in ruspiro-singleton

---
 crates/ruspiro-singleton/RUSTSEC-0000-0000.md | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 crates/ruspiro-singleton/RUSTSEC-0000-0000.md

diff --git a/crates/ruspiro-singleton/RUSTSEC-0000-0000.md b/crates/ruspiro-singleton/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..cb23fb2c1
--- /dev/null
+++ b/crates/ruspiro-singleton/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ruspiro-singleton"
+date = "2020-11-16"
+url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10"
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.4.1"]
+```
+
+# Singleton lacks bounds on Send and Sync.
+
+`Singleton<T>` is meant to be a static object that can be initialized lazily. In
+order to satisfy the requirement that `static` items must implement `Sync`,
+`Singleton` implemented both `Sync` and `Send` unconditionally.
+
+This allows for a bug where non-`Sync` types such as `Cell` can be used in
+singletons and cause data races in concurrent programs.
+
+The flaw was corrected in commit `b0d2bd20e` by adding trait bounds, requiring
+the contaiend type to implement `Sync`.