#11188: rustc-1.29.1
-------------------------+------------------------
 Reporter:  ken@…        |       Owner:  blfs-book
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  8.4
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+------------------------
Description changed by ken@…:

Old description:

> A newer version of rustc will be needed for firefox-63.0 next month. This
> is the current version, and now that firefox-62.0.2 is out (with a fix
> for a change in this version) we should be good to go.
>
> Builds and works with both llvm-6.0.1 and llvm-7.0.

New description:

 A newer version of rustc will be needed for firefox-63.0 next month. This
 is the current version, and now that firefox-62.0.2 is out (with a fix for
 a change in this version) we should be good to go.

 Builds and works with both llvm-6.0.1 and llvm-7.0.

 Update: 1.29.1 released with a vulnerability fix which affects 1.26.0 and
 later:


 Security advisory for the standard library

 Sep 21, 2018 • The Rust Core Team

 The Rust team was recently notified of a security vulnerability affecting
 the standard library’s str::repeat function. When passed a large number
 this function has an integer overflow which can lead to an out of bounds
 write. If you are not using str::repeat, you are not affected.

 We’re in the process of applying for a CVE number for this vulnerability.
 Fixes for this issue have landed in the Rust repository for the
 stable/beta/master branches. Nightlies and betas with the fix will be
 produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix
 for stable Rust.

 You can find the full announcement on our rustlang-security-announcements
 mailing list here. [https://groups.google.com/forum/#!topic/rustlang-
 security-announcements/CmSuTm-SaU0]

 NB - the fix is to deterministically panic if the overflow occurs.

--

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11188#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to