Document out-of-bounds vulnerability in net/uriparser < 0.9.1
Reported by: sebastian@pipping.org (via e-mail)