
Security Advisory for the Standard Library - mauricioc
https://blog.rust-lang.org/2019/05/13/Security-advisory.html
======
pcwalton
Note that the likelihood of this being an _actual_ security issue is extremely
low. Rust just takes memory safety very seriously.

~~~
kam
Imagine if there were a CVE number for every API in the C++ standard library
that could segfault if blatantly misused.

------
bennofs
This just looks like it allows to bypass safety checks without marking the
code as unsafe. But so do most of the bugs listed in [https://github.com/rust-
lang/rust/labels/I-unsound%20%F0%9F%...](https://github.com/rust-
lang/rust/labels/I-unsound%20%F0%9F%92%A5)? What makes this different that
it's a security issue now?

~~~
pcwalton
I can't speak for the team, but I'm guessing that it's considered more severe
of an issue because it affects backwards compatibility.

~~~
raphlinus
This sounds right to me. Rust takes its compatibility promise seriously, but
reserves the right to break it when there's a security issue. This looks like
it's one of those times.

