Security advisory for the standard library

  • 时间: 2018-09-22 08:22:18

The Rust team was recently notified of a security vulnerability affectingthe standard library’s str::repeatfunction. When passed a large number thisfunction has an integer overflow which can lead to an out of bounds write. Ifyou are not using str::repeat, you are not affected.

We’re in the process of applying for a CVE number for this vulnerability. Fixesfor this issue have landed in the Rust repository for the stable/beta/master branches.Nightlies and betas with the fix will be produced tonight, and 1.29.1 will bereleased on 2018-09-25 with the fix for stable Rust.

You can find the full announcement on our rustlang-security-announcements mailinglist here.