RHSA-2021:2243: Red Hat Security Advisory: rust-toolset-1.49 and rust-toolset-1.49-rust update

New rust-toolset-1.49 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement update adds the rust-toolset-1.49 packages to Red Hat Developer Tools. (BZ#1902240) Security Fix(es):

• rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318)
• rust: memory safety violation in String::retain() (CVE-2020-36317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2020-36317: rust: memory safety violation in String::retain()
• CVE-2020-36318: rust: use-after-free or double free in VecDeque::make_contiguous