From d3cf0ba318eda613cd32253029f279574cc27b25 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 12 May 2022 09:31:22 -0600
Subject: [PATCH] Yank RUSTSEC-2020-0159: unsound `localtime_r` call in
 `chrono`

Per rustsec/advisory-db#1190, it would be good to move to a policy where
we don't file advisories against crates which perform unsynchronized
reads from the process environment, and instead focus only on crates
which modify the process environment in an unsynchronized manner.
---
 crates/chrono/RUSTSEC-2020-0159.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crates/chrono/RUSTSEC-2020-0159.md b/crates/chrono/RUSTSEC-2020-0159.md
index dcdc177fc..7ef2787f3 100644
--- a/crates/chrono/RUSTSEC-2020-0159.md
+++ b/crates/chrono/RUSTSEC-2020-0159.md
@@ -7,6 +7,8 @@ url = "https://github.com/chronotope/chrono/issues/499"
 categories = ["code-execution", "memory-corruption"]
 keywords = ["segfault"]
 related = ["CVE-2020-26235", "RUSTSEC-2020-0071"]
+withdrawn = "2022-05-12" # see rustsec/advisory-db#1190
+yanked = true
 
 [versions]
 patched = []