Hi Movses, hi Dominique,

only the minilua binary is potentially vulnerable. It is used during compilation of MoarVM and not installed as part of the moarvm package, so it should not be possible to put a user's machine at risk.

I would say this bug can be closed for that reason.

Nevertheless, since the change required to fix the problem in minilua is so small, I went ahead and applied it to the version of minilua that is part of moarvm's source tree.

Thanks for your vigilance
  - Timo

Reply via email to