GHSA SYNC: 1 brand new advisory#970
Conversation
Removed a non-functional link from the CVE YAML file.
Updated notes to clarify that mruby 3.5.0 has not been released as of 1/23/2026.
jasnow
changed the title
|
Now deleted. |
|
GitHub is saying |
|
All green - now try it again. |
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Need clarification on something. The advisory description mentions that the vulnerability was found in versions "up to 3.4.0-rc2". However, version 3.4.0 was tagged after 3.4.0-rc2. Is this a mistake and should it say "up to and including 3.4.0", or was the vulnerability actually fixed in 3.4.0?
|
back online - will check |
Clarify that ISS#6509 is going into 3.5.0 (yet to be released)
|
I expect the patch to be part of 3.5.0 when it is released. |
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Wording changes requested, if you agree.
rubies/mruby/CVE-2025-7207.yml
Outdated
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2025-7207 | ||
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md |
There was a problem hiding this comment.
There was a problem hiding this comment.
The fix is only in master.
There was a problem hiding this comment.
We already link to https://github.com/mruby/mruby/blob/6f321251785c2396cb7e6a576ac2080c1adb4491/NEWS.md above which is a commit in the master branch, so linking directly to the NEWS.md in the master branch is a duplicate URL. We shouldn't link to the same file twice.
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Noticed some YAML issues. Also, the old NEWS.md URL is still listed. Also, not sure why the mruby 3.4.0 and 3.3.0 blog posts are listed as well?
rubies/mruby/CVE-2025-7207.yml
Outdated
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2025-7207 | ||
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md |
postmodern
added
linting
Added related URLs for CVE-2025-7207 in the YAML file.
rubies/mruby/CVE-2025-7207.yml
Outdated
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2025-7207 | ||
| - https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch | ||
| - https://github.com/mruby/mruby/blob/master/NEWS.md |
There was a problem hiding this comment.
We already link to https://github.com/mruby/mruby/blob/6f321251785c2396cb7e6a576ac2080c1adb4491/NEWS.md above which is a commit in the master branch, so linking directly to the NEWS.md in the master branch is a duplicate URL. We shouldn't link to the same file twice.
Removed outdated release links for mruby.
|
Removed the duplicate |
Thanks |
2 participants
GHSA SYNC: 1 brand new advisory