From f17368e8d68066f8656d872cbe05d7095ed46bf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Kijewski?=
 <kijewski@library.vetmed.fu-berlin.de>
Date: Fri, 19 Jan 2024 15:39:46 +0100
Subject: [PATCH 1/2] rust-i18n: Use-after-free when setting the locale

---
 crates/rust-i18n/RUSTSEC-0000-0000.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 crates/rust-i18n/RUSTSEC-0000-0000.md

diff --git a/crates/rust-i18n/RUSTSEC-0000-0000.md b/crates/rust-i18n/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..e97083530
--- /dev/null
+++ b/crates/rust-i18n/RUSTSEC-0000-0000.md
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rust-i18n"
+date = "2024-01-19"
+url = "https://github.com/longbridgeapp/rust-i18n/issues/71"
+informational = "unsound"
+categories = ["memory-exposure"]
+
+[affected]
+functions = { "rust_i18n::set_locale" = [">= 3.0.0"] }
+
+[versions]
+patched = []
+unaffected = ["< 3.0.0"]
+```
+
+# Use-after-free when setting the locale
+
+Version 3.0.0 introduced an `AtomicStr` type, that is used to store the current locale.
+It stores the locale as a raw pointer to an `Arc<String>`.
+The locale can be read with `AtomicStr::as_str()`.
+`AtomicStr::as_str()` does not increment the usage counter of the `Arc`.
+
+If the locale is changed in one thread, another thread can have a stale -- possibly already freed --
+reference to the stored string.

From a381fb5dd530c5b83fff5dc004f54cc6497dd372 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Kijewski?= <rene.kijewski@fu-berlin.de>
Date: Tue, 23 Jan 2024 11:53:21 +0100
Subject: [PATCH 2/2] rust-i18n: a fix was released

---
 .../RUSTSEC-0000-0000.md                               | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
 rename crates/{rust-i18n => rust-i18n-support}/RUSTSEC-0000-0000.md (71%)

diff --git a/crates/rust-i18n/RUSTSEC-0000-0000.md b/crates/rust-i18n-support/RUSTSEC-0000-0000.md
similarity index 71%
rename from crates/rust-i18n/RUSTSEC-0000-0000.md
rename to crates/rust-i18n-support/RUSTSEC-0000-0000.md
index e97083530..4c7746129 100644
--- a/crates/rust-i18n/RUSTSEC-0000-0000.md
+++ b/crates/rust-i18n-support/RUSTSEC-0000-0000.md
@@ -1,17 +1,21 @@
 ```toml
 [advisory]
 id = "RUSTSEC-0000-0000"
-package = "rust-i18n"
+package = "rust-i18n-support"
 date = "2024-01-19"
 url = "https://github.com/longbridgeapp/rust-i18n/issues/71"
 informational = "unsound"
 categories = ["memory-exposure"]
+references = [
+    "https://github.com/longbridgeapp/rust-i18n/pull/72",
+    "https://github.com/longbridgeapp/rust-i18n/releases/tag/v3.0.1",
+]
 
 [affected]
-functions = { "rust_i18n::set_locale" = [">= 3.0.0"] }
+functions = { "rust_i18n_support::AtomicStr::as_str" = ["< 3.0.1, >= 3.0.0"] }
 
 [versions]
-patched = []
+patched = [">= 3.0.1"]
 unaffected = ["< 3.0.0"]
 ```