rustc:sid is vulnerable to denial of service. The Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
github.com/rust-lang/rust/issues/82282
github.com/rust-lang/rust/pull/82289
lists.fedoraproject.org/archives/list/[email protected]/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
lists.fedoraproject.org/archives/list/[email protected]/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/
lists.fedoraproject.org/archives/list/[email protected]/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE/
security-tracker.debian.org/tracker/CVE-2021-28879
security.gentoo.org/glsa/202210-09