Re: CVE-2020-15889

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: CVE-2020-15889
From: Andrew Gierth <andrew@...>
Date: Thu, 17 Dec 2020 20:25:33 +0000

>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes:

 Bruno> My simple question would be:

 Bruno> If CVE-2020-15889 affects up to including 5.4.0, then where can
 Bruno> I find a patch to backport to previous versions like 5.3.5 ?

As we told you repeatedly on IRC, the bug only affects 5.4.0. No other
version is affected. No backport is therefore required.

Note that the description in the CVE appears to be conflating two
different bugs, one described at https://www.lua.org/bugs.html#5.4.0-6
and the other at http://lua-users.org/lists/lua-l/2020-07/msg00071.html

(both are fixed in 5.4.1)

-- 
Andrew.

Follow-Ups:
- Re: CVE-2020-15889, Bruno Vernay

References:
- CVE-2020-15889, Bruno Vernay
- Re: CVE-2020-15889, Bruno Vernay

Prev by Date: Re: CVE-2020-15889
Next by Date: Re: CVE-2020-15888
Previous by thread: Re: CVE-2020-15889
Next by thread: Re: CVE-2020-15889
Index(es):
- Date
- Thread