This gist contains the patches for CVE-2019-16760 (read the security advisory). The following patches are available:
rust-1.19.0.patch
: patch for Rust 1.19.0 (signature)rust-1.2x.0.patch
: patch for Rust 1.20.0 to Rust 1.25.0 (signature)
The patches are meant to be applied on top of a source tarball of Rust, and they contain both the fix to the vulnerability and a test to ensure they work. Running Cargo's test suite should also execute the new test.
The patches are released under both the MIT license and the Apache 2.0 license, and signatures from the Rust Security Team's GPG key are provided. This gist was created by a member of the Rust Security team, and it is linked in the security advisory as the official source for the patches.