Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8d170b5 by Salvatore Bonaccorso at 2020-09-26T09:15:40+02:00
Adjust reference for CVE-2020-24371
- - - - -
a58a26a3 by Salvatore Bonaccorso at 2020-09-26T09:26:30+02:00
Update information on CVE-2020-24371
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3798,11 +3798,9 @@ CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an
out-of-bounds read in lj_err_r
NOTE: No security impact, only "exploitable" with untrusted Lua code
CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers
and the ...)
- lua5.4 <unfixed>
- - lua5.3 <unfixed>
- [buster] - lua5.3 <not-affected> (Vulnerable code not present)
- [stretch] - lua5.3 <not-affected> (Vulnerable code not present)
+ - lua5.3 <not-affected> (Vulnerable code introduced in 5.4.0)
NOTE:
https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
- NOTE: https://www.lua.org/bugs.html#5.4.0-9
+ NOTE: https://www.lua.org/bugs.html#5.4.0-10
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and
segmentation faul ...)
- lua5.4 <unfixed>
- lua5.3 <unfixed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/839b69a545324c10daf95ba9062fa2a191963850...a58a26a32061288f2fed1a9e2bec0e37adedb790
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/839b69a545324c10daf95ba9062fa2a191963850...a58a26a32061288f2fed1a9e2bec0e37adedb790
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
