Source: mruby Version: 1.4.1-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/mruby/mruby/issues/4038
Hi, The following vulnerability was published for mruby. CVE-2018-12248[0]: | An issue was discovered in mruby 1.4.1. There is a heap-based buffer | over-read associated with OP_ENTER because | mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of | many arguments to fiber. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12248 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12248 [1] https://github.com/mruby/mruby/issues/4038 [2] https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b Please adjust the affected versions in the BTS as needed. Regards, Salvatore
