[Git][security-tracker-team/security-tracker][master] new lua issue
Moritz Muehlenhoff
jmm at debian.org
Thu Aug 20 22:58:02 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0536a96 by Moritz Muehlenhoff at 2020-08-20T23:57:26+02:00
new lua issue
new luajit issue (probably bogus)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -369,9 +369,14 @@ CVE-2020-24374
CVE-2020-24373
RESERVED
CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...)
- TODO: check
+ - luajit <unfixed>
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
+ TODO: Needs to be checked with upstream, unclear whether that's really a security issue
CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...)
- TODO: check
+ - lua5.4 <unfixed>
+ - lua5.3 <unfixed>
+ NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
+ NOTE: https://www.lua.org/bugs.html#5.4.0-9
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
TODO: check
CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0536a96db19e88703ec601fabd50afe54a55f94
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0536a96db19e88703ec601fabd50afe54a55f94
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200820/41e2238d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list