Opened 5 years ago

Closed 5 years ago

#11188 closed enhancement (fixed)


Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by ken@…)

A newer version of rustc will be needed for firefox-63.0 next month. This is the current version, and now that firefox-62.0.2 is out (with a fix for a change in this version) we should be good to go.

Builds and works with both llvm-6.0.1 and llvm-7.0.

Update: 1.29.1 released with a vulnerability fix which affects 1.26.0 and later:

Security advisory for the standard library

Sep 21, 2018 • The Rust Core Team

The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected.

We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.

You can find the full announcement on our rustlang-security-announcements mailing list here.!topic/rustlang-security-announcements/CmSuTm-SaU0

NB - the fix is to deterministically panic if the overflow occurs.

Change History (3)

comment:1 by ken@…, 5 years ago

Description: modified (diff)
Summary: rustc-1.29.0rustc-1.29.1

comment:2 by ken@…, 5 years ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:3 by ken@…, 5 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.