The Rust Programming Language Standard Library 1.18.0 and later is affected by an Information Exposure vulnerability. Contents of uninitialized memory could be printed to string or to log file in the debug trait implementation for std::collections::vec_deque::Iter when the program invokes the debug printing for an iterator over an empty VecDeque. References: https://github.com/rust-lang/rust/issues/53566 Upstream Patch: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
Created rust tracking bugs for this issue: Affects: epel-7 [bug 1736771] Affects: fedora-29 [bug 1736769] Affects: fedora-30 [bug 1736770]
> 1.18.0 and later The upstream patch was merged for 1.30.0, so only 1.18.0 through 1.29.* are affected. Fedora and EPEL all have Rust 1.36, so I will close those bugs as CURRENTRELEASE.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1010299