Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
232c3114 by Guilhem Moulin at 2025-08-25T03:42:41+02:00
CVE-2020-24372/luajit: Add link to fixing commits and fixed version
Upstream reports this was fixed on 2020-08-09 and indeed the 20220320
git snapshot used in bookworm is not affected.
The fixing commits were confirmed via bisecting.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -414645,8 +414645,10 @@ CVE-2020-24374 (A DNS rebinding vulnerability in
Freebox v5 before 1.5.29.)
CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in
Freebox ...)
NOT-FOR-US: Freebox
CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in
lj_err_run in ...)
- - luajit <unfixed> (unimportant)
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
+ NOTE: Fixed by:
https://github.com/LuaJIT/LuaJIT/commit/12ab596997b9cb27846a5b254d11230c3f9c50c8
(v2.1)
+ NOTE: Fixed by:
https://github.com/LuaJIT/LuaJIT/commit/e296f56b825c688c3530a981dc6b495d972f3d01
(v2.1)
NOTE: No security impact, only "exploitable" with untrusted Lua code
CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers
and the ...)
- lua5.4 5.4.1-1 (bug #971010)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232c3114e87e6fe63bc6013a27321fe39d770432
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232c3114e87e6fe63bc6013a27321fe39d770432
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
