Hi, thanks for the report. Unfortunately, as the issue is public, we can not issue a CVE for it. I have submitted a CVE request to https://cveform.mitre.org/ and will report back when MITRE has assigned a CVE for this issue.
Also, since the package referred to in this bug is in universe, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures . Thanks! ** Changed in: mruby (Ubuntu) Status: New => Confirmed ** Changed in: mruby (Ubuntu) Importance: Undecided => Medium ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1763905 Title: mruby contained a security bug that was fixed upstream To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-cve-tracker/+bug/1763905/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
