Your message dated Sat, 30 Apr 2022 05:03:55 +0000
with message-id <[email protected]>
and subject line Bug#1010265: fixed in lua5.4 5.4.4-2
has caused the Debian Bug report #1010265,
regarding CVE-2022-28805
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lua5.4
Version: 5.4.4-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
This was assigned CVE-2022-28805:
https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
http://lua-users.org/lists/lua-l/2022-02/msg00001.html
http://lua-users.org/lists/lua-l/2022-02/msg00070.html
Can you please check whether this also affects the older Lua versions
in the archive?
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: lua5.4
Source-Version: 5.4.4-2
Done: Sergei Golovan <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lua5.4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[email protected]> (supplier of updated lua5.4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 30 Apr 2022 07:38:29 +0300
Source: lua5.4
Architecture: source
Version: 5.4.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Lua Team <[email protected]>
Changed-By: Sergei Golovan <[email protected]>
Closes: 1010265
Changes:
lua5.4 (5.4.4-2) unstable; urgency=medium
.
* Add a patch from upstream which fixes CVE-2022-28805, segmentation fault
due to a heap overflow when parsing ENV with <const> (closes: 1010265).
Checksums-Sha1:
5bbb2345930a36ee6090d542bcddf4a14526a1bf 2088 lua5.4_5.4.4-2.dsc
76b09d743fdba3b9a2b8cc5a216f9f6faf89c87d 8888 lua5.4_5.4.4-2.debian.tar.xz
fc3fc023d486ead1d02e5677fe55cb7b2bcbae52 6774 lua5.4_5.4.4-2_amd64.buildinfo
Checksums-Sha256:
74fd5c9d45347b425e80e489ef3f435852ffe7ce8d0ca741cdccb6d5c06dfe6b 2088
lua5.4_5.4.4-2.dsc
0f5a9b76817951368c3fb2eac54d11b2f68bc9863b66024e63504f4ae73af0d9 8888
lua5.4_5.4.4-2.debian.tar.xz
8ad01640d2ae7dbe51d0e3fc41ef6ff61b4bbcdd172962ab73d20bf97b36ccff 6774
lua5.4_5.4.4-2_amd64.buildinfo
Files:
72fd526c988f5d432fb196a76fe696a3 2088 interpreters optional lua5.4_5.4.4-2.dsc
530217617a5d5446fe6b1d24f6f7b585 8888 interpreters optional
lua5.4_5.4.4-2.debian.tar.xz
2ca9a9f2879acd7b1a5322f6ee911ac0 6774 interpreters optional
lua5.4_5.4.4-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmJsvrUACgkQTyrk60tj
54fzjQ/+KSxxlK+LFCgDSNDNp7mAiE+zGa703+NijL8/SR5DN/n1apNtw1SRuwP2
0wTRV87SsBqzGxbIHaLOCj2kO7NFB4phVdqhGnZdmBSehGdwYcbKNZQIGzzRYxCu
Yu3AMYqNwGXL5Fi+zjbvsGxRmB2ToYejoAlBAFE4NKYm9ussAI7NOAmp2gAq2PD7
rLq2C8+EELiNsY6nHr7BJsigK0rdZkaI7PRYvfhL1i+cIKIBmkQyE6cellEKdPJp
sUDLNi2WzCTCqK+NGulLhnLy1nw7w8lMiUypBP3RZNKrq8+CvinfV1xEh079/Fn/
Y7eFy9erk4kkT3+aHo7G5eY8sHiwh4BZC+R/ZKy97oqHtpuYRbkS/vc1w7RQ7/my
khRRmnkKFBrgPDNIX4UqQdlyTdCQJBfqm10Ktdlt6nxPZtqd7g9LxDFUGn+ahTm8
AkfTmlUGGwAArGxlZzRtg2apLWTleRtKaJilOp6JIQdSzT8pvrtRtLl35aGEMUG7
GDCFTc8y5EScs2daBokF71MFCGIaFxHo5xauRGTFabBA/RLJdTGtrgjWv78jHN5u
rbv5iXF2h6uAx+uGs64Zx4j9vnAcS899mLGYKacAFOxIax4ByGLmDUBsMnl5KBte
uiYMLe+qqFU1BURtKOzLlvQVvxsEmiQvdsEXmwf03GSqdN6PHww=
=4Ut2
-----END PGP SIGNATURE-----
--- End Message ---
