[Git][security-tracker-team/security-tracker][master] Add src:lua5.3 for CVE-2019-6706

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98a91d75 by Salvatore Bonaccorso at 2019-01-24T06:00:22Z
Add src:lua5.3 for CVE-2019-6706

It is possible that only the 5.3.x series is affected by the
use-after-free vulnerability itself thus expand the TODO comment for
further checking the issue.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,10 +5,12 @@ CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state ..
 CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state ...)
 	NOT-FOR-US: PHPSHE
 CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For ...)
-	- lua5.1 <unfixed>
+	- lua5.3 <unfixed>
 	- lua5.2 <unfixed>
+	- lua5.1 <unfixed>
+	- lua50 <undetermined>
 	NOTE: http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
-	TODO: check
+	TODO: check, possibly only series 5.3 affected
 CVE-2019-6705
 	RESERVED
 CVE-2019-6704



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a91d7569099f8c18a85e74a88033fb163d1a36

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a91d7569099f8c18a85e74a88033fb163d1a36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190124/f5253961/attachment-0001.html>