lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes:

 Bruno> Hi
 Bruno> If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888
 Bruno> only impacts "Lua through 5.4.0 ..."
 Bruno> Why is there a patch for the 5.3.5 version
 Bruno>  http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master
 Bruno>  ?

What that bug fixes might be a performance issue (reallocating the stack
too often) but it doesn't look to me like a security issue; the commit
seems to have been attached to the CVE spuriously.

-- 
Andrew.