[internment] Use after free in internment

An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35874
https://github.com/droundy/internment/issues/11

[flatbuffers] Unsound casting in flatbuffers

An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-25004
https://github.com/google/flatbuffers/issues/5530
h…

[http] Double free in http

An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-25009
https://rustsec.org/advisories/RUSTSEC-2019-0034.html
htt…