[yanks] Document yanks for #716 (#733)

* [yanks] Document yanks for #716 * [yanks] Add security advisory links
google · Dec 18, 2023 · 3755cfd · 3755cfd
1 parent 1c28e0d
commit 3755cfd
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,24 @@ Releases](https://github.com/google/zerocopy/releases).
 
 ## Yanks and Regressions
 
+### 0.2.2 through 0.2.8, 0.3.0 through 0.3.1, 0.4.0, 0.5.0, 0.6.0 through 0.6.5, 0.7.0 through 0.7.30
+
+*Security advisories for this bug have been published as
+[RUSTSEC-2023-0074][rustsec-advisory] and [GHSA-3mv5-343c-w2qg][github-advisory].*
+
+In these versions, the `Ref` methods `into_ref`, `into_mut`, `into_slice`, and
+`into_mut_slice` were permitted in combination with the standard library
+`cell::Ref` and `cell::RefMut` types for `Ref<B, T>`'s `B` type parameter. These
+combinations are unsound, and may permit safe code to exhibit undefined
+behavior. Fixes have been published to each affected minor version which do not
+permit this code to compile.
+
+See [#716][issue-716] for more details.
+
+[rustsec-advisory]: https://rustsec.org/advisories/RUSTSEC-2023-0074.html
+[github-advisory]: https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg
+[issue-716]: https://github.com/google/zerocopy/issues/716
+
 ### 0.7.27, 0.7.28
 
 These versions were briefly yanked due to a non-soundness regression reported in