[pkg-lua-devel] luajit: CVE-2024-25176, CVE-2024-25177 and CVE-2024-25178
Santiago Ruano Rincón
santiagorr at riseup.net
Tue Jul 29 22:59:30 BST 2025
Hello Yang,
Em 29 de julho de 2025 21:02:12 GMT+02:00, Yang Wang <yang.wang at windriver.com> escreveu:
>Hi Debian Lua Team,
>
>I'm working on Debian contributions.
>
>I noticed that you're the maintainer of luajit in Debian.
>
> * https://security-tracker.debian.org/tracker/CVE-2024-25176
> * https://security-tracker.debian.org/tracker/CVE-2024-25177
> * https://security-tracker.debian.org/tracker/CVE-2024-25178
>
>Seems they have been fixed in Trixie/Sid.
>
>Do you think these HIGH CVE issues worth back-porting the fixes into Bookworm and Bullseye? And if I provide the back-port patches, would you merge them?
>
>
>Thanks,
>-Yang
...
Actually, it is up to the security team (in CC) to determine if a package requires a security update via a DSA, or if a point update would be a more suitable approach. It's their call.
Thanks,
Santiago
More information about the pkg-lua-devel
mailing list