Lua Lua-l

CVE-2020-15888

classic Classic list List threaded Threaded
2 messages Options
Bruno Vernay
Reply | Threaded
Open this post in threaded view
|

CVE-2020-15888

Bruno Vernay
Hi

If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888
only impacts "Lua through 5.4.0 ..."
Why is there a patch for the 5.3.5 version
 http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master
 ?

Thanks
Bruno
Andrew Gierth
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2020-15888

Andrew Gierth
>>>>> "Bruno" == Bruno Vernay <[hidden email]> writes:

 Bruno> Hi
 Bruno> If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888
 Bruno> only impacts "Lua through 5.4.0 ..."
 Bruno> Why is there a patch for the 5.3.5 version
 Bruno>  http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master
 Bruno>  ?

What that bug fixes might be a performance issue (reallocating the stack
too often) but it doesn't look to me like a security issue; the commit
seems to have been attached to the CVE spuriously.

--
Andrew.
Free forum by Nabble Edit this page