Your message dated Wed, 17 Jun 2026 11:35:58 +0000
with message-id <[email protected]>
and subject line Bug#1016212: fixed in squirrel3 3.1-8.5
has caused the Debian Bug report #1016212,
regarding squirrel3: CVE-2021-41556
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1016212: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016212
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: squirrel3
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for squirrel3.
CVE-2021-41556[0]:
| sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an
| out-of-bounds read (in the core interpreter) that can lead to Code
| Execution. If a victim executes an attacker-controlled squirrel
| script, it is possible for the attacker to break out of the squirrel
| script sandbox even if all dangerous functionality such as File System
| functions has been disabled. An attacker might abuse this bug to
| target (for example) Cloud services that allow customization via
| SquirrelScripts, or distribute malware through video games that embed
| a Squirrel Engine.
https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-41556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41556
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: squirrel3
Source-Version: 3.1-8.5
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
squirrel3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated squirrel3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jun 2026 17:22:20 +0300
Source: squirrel3
Architecture: source
Version: 3.1-8.5
Distribution: unstable
Urgency: medium
Maintainer: Fabian Wolff <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1016212
Changes:
squirrel3 (3.1-8.5) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2021-41556: Sandbox Escape (Closes: #1016212)
Checksums-Sha1:
9022bb377981dd63fe8ef9046fb5435214f5daf8 2043 squirrel3_3.1-8.5.dsc
d6ab41ba6ef35d331f8583b2c053815429a9f20a 8084 squirrel3_3.1-8.5.debian.tar.xz
Checksums-Sha256:
354607d3070dccd83e146c4117abe06d5e0661a4cc56b18c2e0a4e46d96b14f2 2043
squirrel3_3.1-8.5.dsc
f9bda63c3a355f259cab958d3e0e93e11bead4ac9938f8e9c131fd856bedcd71 8084
squirrel3_3.1-8.5.debian.tar.xz
Files:
8209338c2fd0d254bf24a747619f46c1 2043 interpreters optional
squirrel3_3.1-8.5.dsc
22163eb81d2cebd27e6aac9daa1edaef 8084 interpreters optional
squirrel3_3.1-8.5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmowC3kACgkQiNJCh6LY
mLGftA/7BwD+i/7yA3GMCM5gKIJ/YWhahIXk1d1pmQRPncvBZt8TvaOZ/uLQxBre
gsleuxPibQih34DG78T/xCKvmcb6G2HWkBWYo8u2prFLfCpJV3LMLLirlTZUpbmT
XXRu12QZ1aFUrIX2wGYvl4XWBAYPqWA8RM51oxJ5LSM/8wFW8INHFsWCSJb+r1Le
2K8vDOK3TMlaDZFjwb98A7r/mwsKkP8d6Cie4mF/nUY+1XkDVUgXNyOmloGb+N2n
I6lV5S2Jojmr9Kbv6mfiWFFM+DoZFmWL5upUJlYEUAPguFG9Tmqrnu2QbFTkE3b2
3XMVxIfFznCs9QH4PAShxZslBmTUn6bo0LPyaej20NdF1Rxr2+DDmW0IznX553Ew
7GFHjU9DacgBoMJHDDA4c9N0TPuMiPsiES06X2F4mOz+HRm4WdAcIVU231X1fIzq
KYNN2RwqBOaS3AGdHXoIhmjcF2+RuMP8oCTI2HQzZj1NROxhmXO0iT7YTnxLbq+B
dL/pJcr4De0orLvQNTiiS7f03w9QpvWTO4OV9NzUK3p5lgBLkO6d+dhfAV6z/MEt
ROMWjHvwbfYOu/irf3Zm8Qgs/8LloV4MrZYi2b3WgIVrKngsPGoSxN4IdbRAExoF
9DAKbbm+/PB/YuDKJxehXilaZ2oFuB3ueFc/UxmvCZZvJ99SSpc=
=Qsx5
-----END PGP SIGNATURE-----
pgp6cGPxEtoYi.pgp
Description: PGP signature
--- End Message ---
