[pkg-lua-devel] Lua security vulnerabilities in bullseye - plan for resolving?
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 29 06:43:04 BST 2022
Hi,
On Wed, Sep 28, 2022 at 11:57:33PM +0200, Jérémy Lal wrote:
> Le mer. 28 sept. 2022 à 23:46, David W. Kennedy <dave_k at reasoned.us> a
> écrit :
>
> > On 2022-09-26 00:36, David W. Kennedy wrote:
> > > Debian Tracker indicates that Lua5.1, 5.2, 5.3 and 5.4 have unresolved
> > > security vulnerabilities in bullseye.
> > >
> > > Is there a plan for resolving these vulnerabilities? I looked through
> > > the security and security-announce mailing list archives, and I don't
> > > see discussion of lua in the past 2 years.
> >
> > Can you please send a minimal reply so I know whether you're taking
> > action on this, and what the ETA is? Are more volunteers needed to help
> > with this issue?
>
>
> Yes, I can't speak for the others, but the absence of answers indicates
> the last maintainers of lua are busy doing something else right now.
> Assessing and classifying those vulnerabilities would be a good start to
> help.
Just something additional to what Jérémy already stated above. The
issues are as well not warranting a DSA and so a security-update. But
given times available from contributors they can be fixed in any
upcoming bullseye point release.
Regards,
Salvatore
More information about the pkg-lua-devel
mailing list