Source: mruby Version: 1.4.1+20180622+git640fca32-1 Hi,
This bug was fixed in 1.4.1+20180622+git640fca32-1. Best regards, Nobuhiro 2018-06-16 18:10 GMT+09:00 Salvatore Bonaccorso <[email protected]>: > Source: mruby > Version: 1.4.1-2 > Severity: important > Tags: patch security upstream > Forwarded: https://github.com/mruby/mruby/issues/4038 > > Hi, > > The following vulnerability was published for mruby. > > CVE-2018-12248[0]: > | An issue was discovered in mruby 1.4.1. There is a heap-based buffer > | over-read associated with OP_ENTER because > | mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of > | many arguments to fiber. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2018-12248 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12248 > [1] https://github.com/mruby/mruby/issues/4038 > [2] > https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore -- Nobuhiro Iwamatsu iwamatsu at {nigauri.org / debian.org} GPG ID: 40AD1FA6
