Your message dated Fri, 22 Jun 2018 13:08:13 +0900
with message-id
<cabmqnvlfwpycozgaavzwjedq4wwvuz_5hpyp0f8cdj-z5z3...@mail.gmail.com>
and subject line Re: Bug#901653: mruby: CVE-2018-12248
has caused the Debian Bug report #901653,
regarding mruby: CVE-2018-12248
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
901653: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901653
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mruby
Version: 1.4.1-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/mruby/mruby/issues/4038
Hi,
The following vulnerability was published for mruby.
CVE-2018-12248[0]:
| An issue was discovered in mruby 1.4.1. There is a heap-based buffer
| over-read associated with OP_ENTER because
| mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of
| many arguments to fiber.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12248
[1] https://github.com/mruby/mruby/issues/4038
[2]
https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mruby
Version: 1.4.1+20180622+git640fca32-1
Hi,
This bug was fixed in 1.4.1+20180622+git640fca32-1.
Best regards,
Nobuhiro
2018-06-16 18:10 GMT+09:00 Salvatore Bonaccorso <[email protected]>:
> Source: mruby
> Version: 1.4.1-2
> Severity: important
> Tags: patch security upstream
> Forwarded: https://github.com/mruby/mruby/issues/4038
>
> Hi,
>
> The following vulnerability was published for mruby.
>
> CVE-2018-12248[0]:
> | An issue was discovered in mruby 1.4.1. There is a heap-based buffer
> | over-read associated with OP_ENTER because
> | mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of
> | many arguments to fiber.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-12248
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12248
> [1] https://github.com/mruby/mruby/issues/4038
> [2]
> https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--- End Message ---
