Bug#991689: I vote "notabug", but the fix is going into the next version of moarvm anyway
Timo Paulssen
timonator at perpetuum-immobile.de
Fri Sep 6 21:54:11 BST 2024
Hi Movses, hi Dominique,
only the minilua binary is potentially vulnerable. It is used during
compilation of MoarVM and not installed as part of the moarvm package,
so it should not be possible to put a user's machine at risk.
I would say this bug can be closed for that reason.
Nevertheless, since the change required to fix the problem in minilua is
so small, I went ahead and applied it to the version of minilua that is
part of moarvm's source tree.
Thanks for your vigilance
- Timo
More information about the Pkg-rakudo-devel
mailing list