lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes:

 Bruno> My simple question would be:

 Bruno> If CVE-2020-15889 affects up to including 5.4.0, then where can
 Bruno> I find a patch to backport to previous versions like 5.3.5 ?

As we told you repeatedly on IRC, the bug only affects 5.4.0. No other
version is affected. No backport is therefore required.

Note that the description in the CVE appears to be conflating two
different bugs, one described at https://www.lua.org/bugs.html#5.4.0-6
and the other at http://lua-users.org/lists/lua-l/2020-07/msg00071.html

(both are fixed in 5.4.1)

-- 
Andrew.