[pkg-lua-devel] luajit: CVE-2024-25176, CVE-2024-25177 and CVE-2024-25178
Yang Wang
yang.wang at windriver.com
Tue Jul 29 20:02:12 BST 2025
Hi Debian Lua Team,
I'm working on Debian contributions.
I noticed that you're the maintainer of luajit in Debian.
* https://security-tracker.debian.org/tracker/CVE-2024-25176
* https://security-tracker.debian.org/tracker/CVE-2024-25177
* https://security-tracker.debian.org/tracker/CVE-2024-25178
Seems they have been fixed in Trixie/Sid.
Do you think these HIGH CVE issues worth back-porting the fixes into
Bookworm and Bullseye? And if I provide the back-port patches, would you
merge them?
Thanks,
-Yang
More information about the pkg-lua-devel
mailing list