Bug#991689: I vote "notabug", but the fix is going into the next version of moarvm anyway

Timo Paulssen timonator at perpetuum-immobile.de
Fri Sep 6 21:54:11 BST 2024


Hi Movses, hi Dominique,

only the minilua binary is potentially vulnerable. It is used during 
compilation of MoarVM and not installed as part of the moarvm package, 
so it should not be possible to put a user's machine at risk.

I would say this bug can be closed for that reason.

Nevertheless, since the change required to fix the problem in minilua is 
so small, I went ahead and applied it to the version of minilua that is 
part of moarvm's source tree.

Thanks for your vigilance
   - Timo



More information about the Pkg-rakudo-devel mailing list