The Rust team was recently notified of a security vulnerability affectingthe standard library’s str::repeat
function. When passed a large number thisfunction has an integer overflow which can lead to an out of bounds write. Ifyou are not using str::repeat
, you are not affected.
We’re in the process of applying for a CVE number for this vulnerability. Fixesfor this issue have landed in the Rust repository for the stable/beta/master branches.Nightlies and betas with the fix will be produced tonight, and 1.29.1 will bereleased on 2018-09-25 with the fix for stable Rust.
You can find the full announcement on our rustlang-security-announcements mailinglist here.