Update RUSTSEC-0000-0000.md

Add security prose

Author: mmastrac

crates/openssl-probe/RUSTSEC-0000-0000.md

@@ -16,3 +16,16 @@ os = ["linux"]
 [versions]
 patched = []
 ```
+
+# `openssl-probe` may cause memory corruption in multi-threaded processes
+
+`openssl-probe` offers non-`unsafe` methods that call environment setters, which may be called
+in a multithreaded environment, and potentially clash with environment access on other threads.
+
+When these methods are called while other threads are active and accessing the environment, it
+may cause the other threads to access dangling pointer values in the cases where the underlying
+environment data is moved or resized in response to an additional environment variable being
+added, or a variable's contents being enlarged.
+
+The affected function is `try_init_ssl_cert_env_vars` in 
+<https://github.com/alexcrichton/openssl-probe/blob/master/src/lib.rs#L65>.