Opened 7 years ago
Closed 7 years ago
#11188 closed enhancement (fixed)
rustc-1.29.1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 8.4 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
A newer version of rustc will be needed for firefox-63.0 next month. This is the current version, and now that firefox-62.0.2 is out (with a fix for a change in this version) we should be good to go.
Builds and works with both llvm-6.0.1 and llvm-7.0.
Update: 1.29.1 released with a vulnerability fix which affects 1.26.0 and later:
Security advisory for the standard library
Sep 21, 2018 • The Rust Core Team
The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected.
We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.
You can find the full announcement on our rustlang-security-announcements mailing list here. https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0
NB - the fix is to deterministically panic if the overflow occurs.
Change History (3)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | rustc-1.29.0 → rustc-1.29.1 |
comment:2 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
r20550