Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Date: Tue, 31 Jul 2018 11:29:16 +0900
Message-id: <[🔎] CABMQnVLV+_zuJDnW+ObGsfDnR7T1T-soGOJv9yGsmpPcf6MgQA@mail.gmail.com>
Reply-to: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>, 905061@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear stable release manager,

I hereby propose an update for stretch of mruby. It contains a patch
fixing CVE-2017-9527 [1]. The security issue was marked as being
no-DSA [2].

The changelog entry is:

  mruby (1.2.0+20161228+git30d5424a-1+deb9u1) stretch; urgency=high

    * Backport patches from 1.3.0. (Closes: #865778)
      - CVE-2017-9527: heap-based use-after-free

   -- Nobuhiro Iwamatsu <iwamatsu@debian.org>  Tue, 14 Nov 2017 12:40:35 +0900

Please see the attached debdiff for details.

Best regards,
  Nobuhiro

[1] https://bugs.debian.org/865778
[2] https://security-tracker.debian.org/tracker/CVE-2017-9527

-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6

Attachment: mruby_1.2.0+20161228+git30d5424a-1+deb9u1.debdiff
Description: Binary data

Reply to:

Follow-Ups:
- Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Processed: block 904777 with 905035
Next by Date: Bug#905079: nmu: dose3_5.0.1-11
Previous by thread: Processed: block 904777 with 905035
Next by thread: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
Index(es):
- Date
- Thread