[Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2020-15890/luajit
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 22 09:27:53 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd36f5d1 by Salvatore Bonaccorso at 2020-08-22T10:27:06+02:00
Reference commit for CVE-2020-15890/luajit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17638,6 +17638,7 @@ CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __g
{DLA-2296-1}
- luajit <unfixed> (unimportant; bug #966148)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
+ NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
NOTE: No security impact, only "exploitable" with untrusted Lua code
CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...)
- lua5.4 5.4.0-2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd36f5d1c833ba153ab3152bd1be470c8ebff058
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd36f5d1c833ba153ab3152bd1be470c8ebff058
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/632b4f94/attachment.html>
More information about the debian-security-tracker-commits
mailing list