Add advisories for libcrux-psq, libcrux-ecdh & libcrux-ed25519

crates/libcrux-ecdh/RUSTSEC-0000-0000.md

@@ -0,0 +1,25 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libcrux-ecdh"
+date = "2026-01-26"
+aliases = ["GHSA-435g-fcv3-8j26"]
+url = "https://github.com/cryspen/libcrux/pull/1301"
+cvss = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
+
+[affected.functions]
+"libcrux_ecdh::validate_scalar" = [ "<= 0.0.5" ]
+
+[versions]
+patched = [">= 0.0.6"]
+```
+
+# X25519 secret validation did not check buffer length or clamping
+
+The latest releases of the libcrux-ecdh crate contains the following
+bug-fix:
+
+[#1301](https://github.com/cryspen/libcrux/pull/1301): Check length
+and clamping in X25519 secret validation. This is a breaking change
+since errors are now raised on unclamped X25519 secrets or inputs of
+the wrong length

crates/libcrux-ed25519/RUSTSEC-0000-0000.md

@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libcrux-ed25519"
+date = "2026-02-05"
+aliases = ["GHSA-435g-fcv3-8j26"]
+url = "https://github.com/cryspen/libcrux/pull/1320"
+cvss = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
+
+[affected.functions]
+"libcrux_ed25519::generate_key_pair" = [ "<= 0.0.5" ]
+
+[versions]
+patched = [">= 0.0.6"]
+```
+
+# Unnecessary clamping of seed reduces seed entropy to 251 bits
+
+The latest releases of the libcrux-ed25519 crate contains the
+following bug-fix:
+
+[#1320](https://github.com/cryspen/libcrux/pull/1320): Remove
+duplicated clamping step during key generation
+
+The issue fixed in
+[#1320](https://github.com/cryspen/libcrux/pull/1320) was first
+reported by Nadim Kobeissi.

crates/libcrux-psq/RUSTSEC-0000-0000.0.md

@@ -0,0 +1,27 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libcrux-psq"
+date = "2026-02-08"
+aliases = ["GHSA-435g-fcv3-8j26"]
+url = "https://github.com/cryspen/libcrux/pull/1319"
+cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+
+[affected.functions]
+"libcrux_psq::Channel::read_message" = [ "<= 0.0.6" ]
+
+[versions]
+patched = [">= 0.0.7"]
+```
+
+# Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext
+
+The latest releases of the libcrux-psq crate contains the following
+bug-fix:
+
+[#1319](https://github.com/cryspen/libcrux/pull/1319): Propagate
+AEADError instead of panicking
+
+The issue fixed in
+[#1319](https://github.com/cryspen/libcrux/pull/1319) was first
+reported by Nadim Kobeissi.

crates/libcrux-psq/RUSTSEC-0000-0000.1.md

@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libcrux-psq"
+date = "2026-01-26"
+aliases = ["GHSA-435g-fcv3-8j26"]
+url = "https://github.com/cryspen/libcrux/pull/1301"
+cvss = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
+
+[versions]
+patched = [">= 0.0.7"]
+```
+
+# Incorrect X25519 clamping check rejects all secrets on import
+
+The latest releases of the libcrux-psq crate contains the following
+bug-fix:
+
+[#1301](https://github.com/cryspen/libcrux/pull/1301): Fix broken
+clamping check for imported X25519 secret keys