Re: CVE-2020-15888

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: CVE-2020-15888
From: Andrew Gierth <andrew@...>
Date: Thu, 17 Dec 2020 20:59:06 +0000

>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes:

 Bruno> Hi
 Bruno> If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888
 Bruno> only impacts "Lua through 5.4.0 ..."
 Bruno> Why is there a patch for the 5.3.5 version
 Bruno>  http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master
 Bruno>  ?

What that bug fixes might be a performance issue (reallocating the stack
too often) but it doesn't look to me like a security issue; the commit
seems to have been attached to the CVE spuriously.

-- 
Andrew.

References:
- CVE-2020-15888, Bruno Vernay

Prev by Date: Re: CVE-2020-15889
Next by Date: Re: CVE-2020-15889
Previous by thread: CVE-2020-15888
Next by thread: [ANN] LuaRocks 3.5.0
Index(es):
- Date
- Thread