Your message dated Fri, 22 Jun 2018 13:07:26 +0900
with message-id
<CABMQnV+ODAMWvUDrZCAeG0ObAa=b+k4_wsrmt1pdctgtos+...@mail.gmail.com>
and subject line Re: Bug#901652: mruby: CVE-2018-12249
has caused the Debian Bug report #901652,
regarding mruby: CVE-2018-12249
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
901652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901652
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mruby
Version: 1.4.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/mruby/mruby/issues/4037
Hi,
The following vulnerability was published for mruby.
CVE-2018-12249[0]:
| An issue was discovered in mruby 1.4.1. There is a NULL pointer
| dereference in mrb_class_real because "class BasicObject" is not
| properly supported in class.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12249
[1] https://github.com/mruby/mruby/issues/4037
[2]
https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mruby
Version: 1.4.1+20180622+git640fca32-1
Hi,
This bug was fixed in 1.4.1+20180622+git640fca32-1.
Best regards,
Nobuhiro
2018-06-16 18:09 GMT+09:00 Salvatore Bonaccorso <[email protected]>:
> Source: mruby
> Version: 1.4.1-2
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/mruby/mruby/issues/4037
>
> Hi,
>
> The following vulnerability was published for mruby.
>
> CVE-2018-12249[0]:
> | An issue was discovered in mruby 1.4.1. There is a NULL pointer
> | dereference in mrb_class_real because "class BasicObject" is not
> | properly supported in class.c.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-12249
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12249
> [1] https://github.com/mruby/mruby/issues/4037
> [2]
> https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--- End Message ---
