Control: tags -1 - moreinfo Hi,
On Sun, Aug 26, 2018 at 02:35:52PM +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On 2018-07-31 03:29, Nobuhiro Iwamatsu wrote: > > I hereby propose an update for stretch of mruby. It contains a patch > > fixing CVE-2017-9527 [1]. The security issue was marked as being > > no-DSA [2]. > > According to the security tracker, that bug is not yet fixed in unstable - > is that correct? The version informatin on security-tracker was bit misleading resp. incorrect for unstable. The issue was fixed originally with an experimental upload as 1.2.0+20170601+git51e0e690-1. Later on a 1.3.0-1 was uploaded to unstable, I checked and the change was included there, so I fixed up the security-tracker information. There is though still the proposal from Moritz, to include more fixes in the proposed update if possible. Regards, Salvatore