Bug#991689: Possible CVE-2014-5461 in moarvm-dev

Dominique Dumont dod at debian.org
Sat Aug 7 16:27:01 BST 2021

Next message (by thread): Processed: bug 991689 is forwarded to https://github.com/MoarVM/MoarVM/issues/1517
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

On vendredi 30 juillet 2021 12:22:59 CEST you wrote:
> moarvm-dev uses the obsolete version of minilua
> (single-file port of Lua) which has CVE-2014-5461

Exploiting this CVE requires feeding arbitrary lua code to moarvm. I don't 
think this is possible. So I won't patch directly moarvm.

Nevertheless, I'll forward this bug upstream.

All the best

Next message (by thread): Processed: bug 991689 is forwarded to https://github.com/MoarVM/MoarVM/issues/1517
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pkg-rakudo-devel mailing list