|Reported by:||Owned by:|
Description (last modified by )
A newer version of rustc will be needed for firefox-63.0 next month. This is the current version, and now that firefox-62.0.2 is out (with a fix for a change in this version) we should be good to go.
Builds and works with both llvm-6.0.1 and llvm-7.0.
Update: 1.29.1 released with a vulnerability fix which affects 1.26.0 and later:
Security advisory for the standard library
Sep 21, 2018 • The Rust Core Team
The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected.
We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.
You can find the full announcement on our rustlang-security-announcements mailing list here. https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0
NB - the fix is to deterministically panic if the overflow occurs.