[Git][security-tracker-team/security-tracker][master] CVE-2020-24372/luajit: Add link to fixing commits and fixed version
Guilhem Moulin (@guilhem)
guilhem at debian.org
Mon Aug 25 02:42:58 BST 2025
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
232c3114 by Guilhem Moulin at 2025-08-25T03:42:41+02:00
CVE-2020-24372/luajit: Add link to fixing commits and fixed version
Upstream reports this was fixed on 2020-08-09 and indeed the 20220320
git snapshot used in bookworm is not affected.
The fixing commits were confirmed via bisecting.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -414645,8 +414645,10 @@ CVE-2020-24374 (A DNS rebinding vulnerability in Freebox v5 before 1.5.29.)
CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
NOT-FOR-US: Freebox
CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...)
- - luajit <unfixed> (unimportant)
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
+ NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/12ab596997b9cb27846a5b254d11230c3f9c50c8 (v2.1)
+ NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/e296f56b825c688c3530a981dc6b495d972f3d01 (v2.1)
NOTE: No security impact, only "exploitable" with untrusted Lua code
CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...)
- lua5.4 5.4.1-1 (bug #971010)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232c3114e87e6fe63bc6013a27321fe39d770432
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232c3114e87e6fe63bc6013a27321fe39d770432
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250825/95579c61/attachment.htm>
More information about the debian-security-tracker-commits
mailing list