** Description changed: - Tracking bug + Ubuntu is currently carrying patch CVE-2025-49844.patch: + + --- redict-7.3.5+ds.orig/deps/lua/src/lparser.c + +++ redict-7.3.5+ds/deps/lua/src/lparser.c + @@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z + struct LexState lexstate; + struct FuncState funcstate; + lexstate.buff = buff; + - luaX_setinput(L, &lexstate, z, luaS_new(L, name)); + + TString *tname = luaS_new(L, name); + + setsvalue2s(L, L->top, tname); + + incr_top(L); + + luaX_setinput(L, &lexstate, z, tname); + open_func(&lexstate, &funcstate); + funcstate.f->is_vararg = VARARG_ISVARARG; /* main func. is always vararg */ + luaX_next(&lexstate); /* read first token */ + chunk(&lexstate); + check(&lexstate, TK_EOS); + close_func(&lexstate); + + --L->top; + lua_assert(funcstate.prev == NULL); + lua_assert(funcstate.f->nups == 0); + lua_assert(lexstate.fs == NULL); + + This patch is the only Ubuntu-specific change: + + $ git diff old/debian..ubuntu/devel --stat + debian/changelog | 9 +++++++++ + debian/control | 3 ++- + debian/patches/CVE-2025-49844.patch | 32 ++++++++++++++++++++++++++++++++ + debian/patches/series | 1 + + 4 files changed, 44 insertions(+), 1 deletion(-) + + This patch was adopted upstream in version 7.3.6 here: + https://codeberg.org/redict/redict/commit/ad4afad16312dfc2972a661c64dd8f0d0dc126ca#diff-844e9e5e3a9e92e0811ce2237484eaff046d9b28 + + Since this was the only change, we should sync redict 7.3.6 from Debian + unstable rather than merging.
** Description changed: Ubuntu is currently carrying patch CVE-2025-49844.patch: --- redict-7.3.5+ds.orig/deps/lua/src/lparser.c +++ redict-7.3.5+ds/deps/lua/src/lparser.c @@ -384,13 +384,17 @@ Proto *luaY_parser (lua_State *L, ZIO *z - struct LexState lexstate; - struct FuncState funcstate; - lexstate.buff = buff; + struct LexState lexstate; + struct FuncState funcstate; + lexstate.buff = buff; - luaX_setinput(L, &lexstate, z, luaS_new(L, name)); + TString *tname = luaS_new(L, name); + setsvalue2s(L, L->top, tname); + incr_top(L); + luaX_setinput(L, &lexstate, z, tname); - open_func(&lexstate, &funcstate); - funcstate.f->is_vararg = VARARG_ISVARARG; /* main func. is always vararg */ - luaX_next(&lexstate); /* read first token */ - chunk(&lexstate); - check(&lexstate, TK_EOS); - close_func(&lexstate); + open_func(&lexstate, &funcstate); + funcstate.f->is_vararg = VARARG_ISVARARG; /* main func. is always vararg */ + luaX_next(&lexstate); /* read first token */ + chunk(&lexstate); + check(&lexstate, TK_EOS); + close_func(&lexstate); + --L->top; - lua_assert(funcstate.prev == NULL); - lua_assert(funcstate.f->nups == 0); - lua_assert(lexstate.fs == NULL); + lua_assert(funcstate.prev == NULL); + lua_assert(funcstate.f->nups == 0); + lua_assert(lexstate.fs == NULL); This patch is the only Ubuntu-specific change: $ git diff old/debian..ubuntu/devel --stat - debian/changelog | 9 +++++++++ - debian/control | 3 ++- - debian/patches/CVE-2025-49844.patch | 32 ++++++++++++++++++++++++++++++++ - debian/patches/series | 1 + - 4 files changed, 44 insertions(+), 1 deletion(-) + debian/changelog | 9 +++++++++ + debian/control | 3 ++- + debian/patches/CVE-2025-49844.patch | 32 ++++++++++++++++++++++++++++++++ + debian/patches/series | 1 + + 4 files changed, 44 insertions(+), 1 deletion(-) This patch was adopted upstream in version 7.3.6 here: https://codeberg.org/redict/redict/commit/ad4afad16312dfc2972a661c64dd8f0d0dc126ca#diff-844e9e5e3a9e92e0811ce2237484eaff046d9b28 - Since this was the only change, we should sync redict 7.3.6 from Debian - unstable rather than merging. + Since this was the only change, we should sync redict 7.3.6+ds-1 from + Debian unstable rather than merging. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131093 Title: Sync redict 7.3.6+ds-1 from Debian unstable for Resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redict/+bug/2131093/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
