Re: Lua [in]security and the distributors

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua [in]security and the distributors
From: Florian Weimer <fw@...>
Date: Tue, 26 Aug 2014 21:34:30 +0200

* Enrico Tassi:

> On Tue, Aug 26, 2014 at 04:37:19PM +0200, Enrico Tassi wrote:
>> help is welcome.  In particular, the attached patch changes the
>> argument
>
> Here it is,

I think the release team would accept this change for a point release:

<https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable>

Unless we ship existing Lua code which exposes this (i.e., not just
via loadstring), Debian won't issue a separate security advisory for
this bug.

References:
- Lua [in]security and the distributors, Jonas Thiem
- Re: Lua [in]security and the distributors, Enrico Tassi
- Re: Lua [in]security and the distributors, Enrico Tassi

Prev by Date: Re: Lua [in]security and the distributors
Next by Date: Re: Lua [in]security and the distributors
Previous by thread: Re: Lua [in]security and the distributors
Next by thread: Re: Lua [in]security and the distributors
Index(es):
- Date
- Thread