Add advisory for timing variability in curve25519-dalek-ng

crates/curve25519-dalek-ng/RUSTSEC-0000-0000.md

@@ -0,0 +1,30 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "curve25519-dalek-ng"
+date = "2025-06-27"
+url = "https://rustsec.org/advisories/RUSTSEC-2024-0344"
+references = ["https://github.com/dalek-cryptography/curve25519-dalek/pull/659"]
+categories = ["crypto-failure"]
+related = ["RUSTSEC-2024-0344"]
+
+[versions]
+patched = []
+```
+
+# Timing variability of RUSTSEC-2024-0344 also applicable to `curve25519-dalek-ng`
+
+[`curve25519-dalek-ng`](https://crates.io/crates/curve25519-dalek-ng) is a fork of [`curve25519-dalek`](https://crates.io/crates/curve25519-dalek) that was created at a time when it was still vulnerable to the timing variability reported in [RUSTSEC-2024-0344](https://rustsec.org/advisories/RUSTSEC-2024-0344).
+
+Timing variability of any kind is problematic when working with  potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets.
+
+To patch the vulnerability, backports of
+* [curve25519-dalek/pull/659](https://github.com/dalek-cryptography/curve25519-dalek/pull/659) and [curve25519-dalek/pull/661](https://github.com/dalek-cryptography/curve25519-dalek/pull/661), or the subsequent
+* [curve25519-dalek/pull/662](https://github.com/dalek-cryptography/curve25519-dalek/pull/662), or the subsequent
+* [curve25519-dalek/pull/665](https://github.com/dalek-cryptography/curve25519-dalek/pull/665)
+
+are required for `curve25519-dalek-ng`.
+
+A patch attempt exists with [zkcrypto/curve25519-dalek-ng/pull/25](https://github.com/zkcrypto/curve25519-dalek-ng/pull/25) since Aug 14, 2024, but it remains open and unanswered. To date, there is no patched version available.
+
+Crates that use `curve25519-dalek-ng`'s `Scalar` for private key operations are also vulnerable. An example of such a crate is [`ed25519-consensus`](https://crates.io/crates/ed25519-consensus).