[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-44964/lua5.4
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 26 15:40:15 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc621615 by Salvatore Bonaccorso at 2022-05-26T16:39:29+02:00
Update information for CVE-2021-44964/lua5.4
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32799,12 +32799,18 @@ CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL
CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
NOT-FOR-US: PHPGURUKUL Employee Record Management System
CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lua inte ...)
- - lua5.4 <unfixed>
+ - lua5.4 5.4.4-1
+ [bullseye] - lua5.4 <no-dsa> (Minor issue, GC/finalizer changes intrusive to backport)
NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00186.html
NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00007.html
NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00015.html
NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00030.html
NOTE: https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability
+ NOTE: https://github.com/lua/lua/commit/0bfc572e51d9035a615ef6e9523f736c9ffa8e57
+ NOTE: https://github.com/lua/lua/commit/066e0f93c4901e601d93e31fb700f8f66f95feb8
+ NOTE: https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5
+ NOTE: https://github.com/lua/lua/commit/86ec152433baf8daf39f03a59c6842cbe33a179d
+ NOTE: https://github.com/lua/lua/commit/597a53bbc681089d85b082b46c2e2428dec43b86
CVE-2021-44963
RESERVED
CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc621615eb8c94e2c9772240a1e6d61826bddb89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc621615eb8c94e2c9772240a1e6d61826bddb89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/e7c09b65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list