Please add warning to download page if tarball isn't patched up with all latest security fixes

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Please add warning to download page if tarball isn't patched up with all latest security fixes
From: Jonas Thiem <jonasthiem@...>
Date: Thu, 21 Aug 2014 15:26:38 +0200

Hi *,

I suggest adding a warning to download page if the tarball isn't
patched up with all latest security fixes (e.g. like #1 bug in Lua
5.2.2 published in April 2013 on lua.org/bugs.html, which wasn't fixed
in the tarball up to the release of 5.2.3 in Nov 2013).

I am asking because Red Hat/Fedora appeared to be totally unaware the
tarballs aren't patched up, and in conclusion I assume other
distributions and packagers might possibly also not be aware unless
there is a very obvious note on the download page that this is common
practise for Lua releases.

The response to this bug in 5.2.2 which leads to a crash and possibly
memory corruption I just got from Red Hat Security Alert was "As
Fedora would have rebased to upstream version 5.2.2, I do not know why
the fix is not in there." which indicates they missed how Lua doesn't
update released tarballs.

Regards,
Jonas Thiem

Follow-Ups:
- Re: Please add warning to download page if tarball isn't patched up with all latest security fixes, Jonas Thiem
- Re: Please add warning to download page if tarball isn't patched up with all latest security fixes, Thomas Harning

Prev by Date: Re: Feature request: plain option for gsub
Next by Date: Re: Please add warning to download page if tarball isn't patched up with all latest security fixes
Previous by thread: Looking for high-res videos of previous workshops
Next by thread: Re: Please add warning to download page if tarball isn't patched up with all latest security fixes
Index(es):
- Date
- Thread