lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Here it read that versions up to 5.4 are affected which is plain wrong, misleading and
should be corrected.
Here that versions from 5.4 are affected which is right I

Now I have a hard time finding a patch too.
NIST references a "Patch" very simple one line.
I really doubt it fixes the CVE.  Either NIST should be alerted, or
the commit should contain an explicit info about the CVE.

On IRC, I have been referred to ""it's bug #6 on here: "
and that the correct commit would be " correct commit:";
But there is no reference to the CVE in any of the commits.

It would help to clarify the situation with NIST, VulDB and reference
the CVE in the commits (I understand there are no pull -request) or
create an explicit patch like this