[Git][security-tracker-team/security-tracker][master] Add three "new" luajit issues

Wed, 09 Jul 2025 13:38:04 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c39e8672 by Salvatore Bonaccorso at 2025-07-09T22:37:15+02:00
Add three "new" luajit issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1485,11 +1485,17 @@ CVE-2024-37657 (An open redirect vulnerability in 
gnuboard5 v.5.5.16 allows a re
 CVE-2024-37656 (An open redirect vulnerability in gnuboard5 v.5.5.16 allows a 
remote a ...)
        NOT-FOR-US: Gnuboard
 CVE-2024-25178 (LuaJIT through 2.1 has an out-of-bounds read in the 
stack-overflow han ...)
-       TODO: check
+       - luajit 2.1.0+openresty20240314-1
+       NOTE: https://github.com/LuaJIT/LuaJIT/issues/1152
+       NOTE: Fixed by: 
https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8
 (v2.1)
 CVE-2024-25177 (LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL 
metatable, w ...)
-       TODO: check
+       - luajit 2.1.0+openresty20240314-1
+       NOTE: https://github.com/LuaJIT/LuaJIT/issues/1147
+       NOTE: Fixed by: 
https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f
 (v2.1)
 CVE-2024-25176 (LuaJIT through 2.1 has a stack-buffer-overflow in 
lj_strfmt_wfnum in l ...)
-       TODO: check
+       - luajit 2.1.0+openresty20240314-1
+       NOTE: https://github.com/LuaJIT/LuaJIT/issues/1149
+       NOTE: Fixed by: 
https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc
 (v2.1)
 CVE-2023-51232 (Directory Traversal vulnerability in dagster-webserver Dagster 
thru 1. ...)
        NOT-FOR-US: dagster-webserver Dagster
 CVE-2025-XXXX [RSS/SEARCH: Prevent opening local files if web page is expected]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39e867205f835bf8c2b822e2417efaa4cd49949

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c39e867205f835bf8c2b822e2417efaa4cd49949
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to