[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: CVE-2020-15889
- From: Andrew Gierth <andrew@...>
- Date: Thu, 17 Dec 2020 20:25:33 +0000
>>>>> "Bruno" == Bruno Vernay <email@example.com> writes:
Bruno> My simple question would be:
Bruno> If CVE-2020-15889 affects up to including 5.4.0, then where can
Bruno> I find a patch to backport to previous versions like 5.3.5 ?
As we told you repeatedly on IRC, the bug only affects 5.4.0. No other
version is affected. No backport is therefore required.
Note that the description in the CVE appears to be conflating two
different bugs, one described at https://www.lua.org/bugs.html#5.4.0-6
and the other at http://lua-users.org/lists/lua-l/2020-07/msg00071.html
(both are fixed in 5.4.1)