Skip to content

Commit e7262cf

Browse files
pietroalbinipietroalbini
authored
Merge pull request #386 from rust-lang/rust-1.34.2
Rust 1.34.2 release announcement
2 parents 01ceb8d + 1e7c88d commit e7262cf

File tree

1 file changed

+47
-0
lines changed

1 file changed

+47
-0
lines changed

posts/2019-05-14-Rust-1.34.2.md

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
---
2+
layout: post
3+
title: "Announcing Rust 1.34.2"
4+
author: The Rust Release Team
5+
release: true
6+
---
7+
8+
The Rust team has published a new point release of Rust, 1.34.2. Rust is a
9+
programming language that is empowering everyone to build reliable and
10+
efficient software.
11+
12+
If you have a previous version of Rust installed via rustup, getting Rust
13+
1.34.2 is as easy as:
14+
15+
```console
16+
$ rustup update stable
17+
```
18+
19+
If you don't have it already, you can [get `rustup`][install] from the
20+
appropriate page on our website.
21+
22+
[install]: https://www.rust-lang.org/install.html
23+
[notes]: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1342-2019-05-14
24+
25+
## What's in 1.34.2 stable
26+
27+
Sean McArthur reported a [security vulnerability][ml] affecting the standard
28+
library that caused the [`Error::downcast`][Error::downcast] family of methods
29+
to perform unsound casts when a manual implementation of the
30+
[`Error::type_id`][Error::type_id] method returned the wrong
31+
[`TypeId`][TypeId], leading to security issues such as out of bounds
32+
reads/writes/etc.
33+
34+
The [`Error::type_id`][Error::type_id] method was recently stabilized as part
35+
of Rust 1.34.0. This point release **destabilizes** it, preventing any code on
36+
the stable and beta channels to implement or use it, awaiting future plans that
37+
will be discussed in [issue #60784][60784].
38+
39+
An in-depth explaination of this issue was posted in yesterday's [security
40+
advisory][ml]. The assigned CVE for the vulnerability is [CVE-2019-12083][cve].
41+
42+
[ml]: https://groups.google.com/d/msg/rustlang-security-announcements/aZabeCMUv70/-2Y6-SL6AQAJ
43+
[Error::downcast]: https://doc.rust-lang.org/stable/std/error/trait.Error.html#method.downcast
44+
[Error::type_id]: https://doc.rust-lang.org/stable/std/error/trait.Error.html#method.type_id
45+
[TypeId]: https://doc.rust-lang.org/stable/std/any/struct.TypeId.html
46+
[60784]: https://github.com/rust-lang/rust/issues/60784
47+
[cve]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12083

0 commit comments

Comments
 (0)