out_reference 0.1.x is unsound, needs advisory

[Kixunil]

https://github.com/RustyYato/out-ref/issues/1

There was no change for the past two years however I'm not eager to declare a small crate with a single specific job unmaintained if it works. So I'd suggest waiting a bit if the issue gets reply before claiming so.

[RustyYato]

I'll be passively maintaining out-reference, but there isn't much to add to this crate. Feel free to send PRs to add new features, and I'll verify and merge them.

[Shnatsel]

The unsoundness deserves an advisory.

Passive maintenance status is not usually something we make an advisory for; it's designed for crates with entirely unreachable maintainers.

[Shnatsel]

We currently have a lot of advisories to review, so I would appreciate if you could fill out the advisory template and submit it as a PR.

See https://github.com/RustSec/advisory-db/blob/master/CONTRIBUTING.md

[RustyYato]

Btw. I've yanked all previous versions of out-reference, so the damage should be minimal, I'll leave the advisory PR to @Kixunil as I don't have time to work on out-reference right now.

[Kixunil]

My time is also not great but I will try to do it later.

[pinkforest]

@Kixunil would you like to try to send us advisory on this still ? I know it's been like a year but :woman_shrugging: ought to ask first

[Kixunil]

Oh, forgot about this and also will be busy at least until Monday. If anyone wants to do it go ahead.

[pinkforest]

@Kixunil Monday is fine if you got time :) Help would be most appreciated. Thanks

[Nugine]

Any progress?