[Git][security-tracker-team/security-tracker][master] Add three "new" luajit issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 9 21:37:50 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c39e8672 by Salvatore Bonaccorso at 2025-07-09T22:37:15+02:00
Add three "new" luajit issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1485,11 +1485,17 @@ CVE-2024-37657 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a re
CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote a ...)
NOT-FOR-US: Gnuboard
CVE-2024-25178 (LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow han ...)
- TODO: check
+ - luajit 2.1.0+openresty20240314-1
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/1152
+ NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 (v2.1)
CVE-2024-25177 (LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, w ...)
- TODO: check
+ - luajit 2.1.0+openresty20240314-1
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/1147
+ NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f (v2.1)
CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in l ...)
- TODO: check
+ - luajit 2.1.0+openresty20240314-1
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/1149
+ NOTE: Fixed by: https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc (v2.1)
CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster thru 1. ...)
NOT-FOR-US: dagster-webserver Dagster
CVE-2025-XXXX [RSS/SEARCH: Prevent opening local files if web page is expected]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39e867205f835bf8c2b822e2417efaa4cd49949
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39e867205f835bf8c2b822e2417efaa4cd49949
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/33b4edc3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list