Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98a91d75 by Salvatore Bonaccorso at 2019-01-24T06:00:22Z
Add src:lua5.3 for CVE-2019-6706
It is possible that only the 5.3.x series is affected by the
use-after-free vulnerability itself thus expand the TODO comment for
further checking the issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,10 +5,12 @@ CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the
admin.php?mod=order state ..
CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the
admin.php?mod=product&act=state ...)
NOT-FOR-US: PHPSHE
CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c.
For ...)
- - lua5.1 <unfixed>
+ - lua5.3 <unfixed>
- lua5.2 <unfixed>
+ - lua5.1 <unfixed>
+ - lua50 <undetermined>
NOTE:
http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
- TODO: check
+ TODO: check, possibly only series 5.3 affected
CVE-2019-6705
RESERVED
CVE-2019-6704
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a91d7569099f8c18a85e74a88033fb163d1a36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/98a91d7569099f8c18a85e74a88033fb163d1a36
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
