[pkg-lua-devel] Bug#1010265: Bug#1010265: CVE-2022-28805
Sergei Golovan
sgolovan at gmail.com
Fri Apr 29 05:49:15 BST 2022
found 1010265 5.4.2-1
thanks
Hi Moritz,
On Wed, Apr 27, 2022 at 2:57 PM Moritz Muehlenhoff <jmm at debian.org> wrote:
>
> This was assigned CVE-2022-28805:
> https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
> http://lua-users.org/lists/lua-l/2022-02/msg00001.html
> http://lua-users.org/lists/lua-l/2022-02/msg00070.html
>
> Can you please check whether this also affects the older Lua versions
> in the archive?
This bug is related to the <const> variables which have been introduced in
Lua 5.4, so it doesn't affect the earlier versions.
It does affect Lua 5.4.2 in stable though.
I'll fix it in unstable shortly. Do I need to prepare a fix for stable?
Cheers!
--
Sergei Golovan
More information about the pkg-lua-devel
mailing list