[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: CVE-2020-15888
- From: Andrew Gierth <andrew@...>
- Date: Thu, 17 Dec 2020 20:59:06 +0000
>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes:
Bruno> Hi
Bruno> If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888
Bruno> only impacts "Lua through 5.4.0 ..."
Bruno> Why is there a patch for the 5.3.5 version
Bruno> http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master
Bruno> ?
What that bug fixes might be a performance issue (reallocating the stack
too often) but it doesn't look to me like a security issue; the commit
seems to have been attached to the CVE spuriously.
--
Andrew.