Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69323ef6 by Emilio Pozuelo Monfort at 2019-01-28T15:50:49Z
CVE-2019-6706: update affected versions of lua
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -575,11 +575,12 @@ CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the
admin.php?mod=product&ac
NOT-FOR-US: PHPSHE
CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c.
For ...)
- lua5.3 <unfixed> (bug #920321)
- - lua5.2 <unfixed>
- - lua5.1 <unfixed>
- - lua50 <undetermined>
+ - lua5.2 <not-affected> (Vulnerable code introduced later)
+ - lua5.1 <not-affected> (Vulnerable code introduced later)
+ - lua50 <not-affected> (Vulnerable code introduced later)
NOTE:
http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
- TODO: check, possibly only series 5.3 affected
+ NOTE: lua50 and lua5.1 don't have the affected code.
+ NOTE: lua5.2 is not vulnerable as it doesn't free the value before
using it.
CVE-2019-6705
RESERVED
CVE-2019-6704
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69323ef65cfbe4a5a3532d9141f8e18be97fd2fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69323ef65cfbe4a5a3532d9141f8e18be97fd2fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
