The Rust Programming Language Standard Library 1.18.0 and later is affected by an Information Exposure vulnerability. Contents of uninitialized memory could be printed to string or to log file in the debug trait implementation for std::collections::vec_deque::Iter when the program invokes the debug printing for an iterator over an empty VecDeque.
Created rust tracking bugs for this issue:
Affects: epel-7 [bug 1736771]
Affects: fedora-29 [bug 1736769]
Affects: fedora-30 [bug 1736770]
> 1.18.0 and later
The upstream patch was merged for 1.30.0, so only 1.18.0 through 1.29.* are affected. Fedora and EPEL all have Rust 1.36, so I will close those bugs as CURRENTRELEASE.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):