[pkg-lua-devel] Bug#1010265: Bug#1010265: CVE-2022-28805
Moritz Mühlenhoff
jmm at inutil.org
Fri Apr 29 16:23:05 BST 2022
Am Fri, Apr 29, 2022 at 07:49:15AM +0300 schrieb Sergei Golovan:
> > This was assigned CVE-2022-28805:
> > https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
> > http://lua-users.org/lists/lua-l/2022-02/msg00001.html
> > http://lua-users.org/lists/lua-l/2022-02/msg00070.html
> >
> > Can you please check whether this also affects the older Lua versions
> > in the archive?
>
> This bug is related to the <const> variables which have been introduced in
> Lua 5.4, so it doesn't affect the earlier versions.
Thanks, I've updated the Debian security tracker.
> It does affect Lua 5.4.2 in stable though.
>
> I'll fix it in unstable shortly. Do I need to prepare a fix for stable?
It doesn't need a DSA IMO. Could be fixed via a point release or we fix
it along when there's a more severe Lua issue in the future?
Cheers,
Moritz
More information about the pkg-lua-devel
mailing list