Conversation
Removed a non-functional link from the CVE YAML file.
Updated notes to clarify that mruby 3.5.0 has not been released as of 1/23/2026.
jasnow
changed the title
|
Now deleted. |
|
GitHub is saying |
|
All green - now try it again. |
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Need clarification on something. The advisory description mentions that the vulnerability was found in versions "up to 3.4.0-rc2". However, version 3.4.0 was tagged after 3.4.0-rc2. Is this a mistake and should it say "up to and including 3.4.0", or was the vulnerability actually fixed in 3.4.0?
|
back online - will check |
Clarify that ISS#6509 is going into 3.5.0 (yet to be released)
|
I expect the patch to be part of 3.5.0 when it is released. |
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Wording changes requested, if you agree.
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2025-7207 | ||
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md |
There was a problem hiding this comment.
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Noticed some YAML issues. Also, the old NEWS.md URL is still listed. Also, not sure why the mruby 3.4.0 and 3.3.0 blog posts are listed as well?
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2025-7207 | ||
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md |
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md | ||
| - https://mruby.org/releases/2025/04/20/mruby-3.4.0-released.html | ||
| - https://mruby.org/releases/2024/02/14/mruby-3.3.0-released.html |
There was a problem hiding this comment.
Just curious why the 3.4.0 and 3.3.0 blog posts are listed as they do not fix issue 6509 or even mention it?
| notes: | | ||
| - Not patched - mruby 3.5.0 has not been released as of 2026/02/07. | ||
| - Found Issue #6509 listed in **unreleased** mruby 3.5 file listed below. | ||
| url: |
There was a problem hiding this comment.
Appears that related: disappeared? This causes url: to be consumed by notes: | above.
postmodern
added
linting
2 participants
GHSA SYNC: 1 brand new advisory