The official CVE description (<a href="https://nvd.nist.gov/vuln/detail/CVE-2018-21232" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2018-21232</a>) only highlights a stack consumption in "find_fixed_tags" (and this is actually fixed and is one of the included patches) but as stated in the github issue (<a href="https://github.com/skvadrik/re2c/issues/219" target="_blank" rel="noopener">https://github.com/skvadrik/re2c/issues/219</a> that is still open) there are also other recursion with the same problem and not all have been fixed by upstream. So we could say the CVE is "officially" fixed.<br />Tell me if I can remove the "partially" and add the CVE in the description, thanks.