From ec4a689a305a4605036735328e8a5f02d1b54110 Mon Sep 17 00:00:00 2001
From: John Vandenberg <jayvdb@gmail.com>
Date: Mon, 17 Nov 2025 10:32:48 +0800
Subject: [PATCH 1/2] Mark hexchat unsound and unmaintained

---
 crates/hexchat/RUSTSEC-0000-0000.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 crates/hexchat/RUSTSEC-0000-0000.md

diff --git a/crates/hexchat/RUSTSEC-0000-0000.md b/crates/hexchat/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000000..f00ef11f32
--- /dev/null
+++ b/crates/hexchat/RUSTSEC-0000-0000.md
@@ -0,0 +1,26 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "hexchat"
+date = "2025-11-17"
+url = "https://github.com/pie-flavor/hexchat-rs/issues/3"
+categories = ["memory-corruption", "memory-exposure"]
+keywords = ["memory-safety"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# hexchat crate is unsound and unmaintained
+
+All versions of this crate have function `deregister_command` which can result in use after free.
+This is unsound.
+
+In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads.
+
+In addition, the `hexchat` crate is no longer actively maintained.  If you rely on this crate, consider switching to a recommended alternative.
+
+## Recommended alternatives
+
+- [`hexavalent`](https://crates.io/crates/hexavalent)
\ No newline at end of file

From 9db682c0782c94074a040a456cb472c25babbb75 Mon Sep 17 00:00:00 2001
From: John Vandenberg <jayvdb@gmail.com>
Date: Mon, 23 Feb 2026 08:50:10 +0800
Subject: [PATCH 2/2] drop alternative

---
 crates/hexchat/RUSTSEC-0000-0000.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/crates/hexchat/RUSTSEC-0000-0000.md b/crates/hexchat/RUSTSEC-0000-0000.md
index f00ef11f32..3cf913fe40 100644
--- a/crates/hexchat/RUSTSEC-0000-0000.md
+++ b/crates/hexchat/RUSTSEC-0000-0000.md
@@ -19,8 +19,5 @@ This is unsound.
 
 In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads.
 
-In addition, the `hexchat` crate is no longer actively maintained.  If you rely on this crate, consider switching to a recommended alternative.
-
-## Recommended alternatives
-
-- [`hexavalent`](https://crates.io/crates/hexavalent)
\ No newline at end of file
+In addition, the `hexchat` crate is no longer actively maintained.  If you rely on this crate, consider switching
+to an alternative.