lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Thanks for the clear statement.

Please understand that I cannot leverage discussions on IRC to contradict the NIST and the security tools that are used to scan the application. I cannot either impose to the development team to upgrade.
Anyway I am thankful to all who took time to help me with my issue.


On Thu, Dec 17, 2020, 21:26 Andrew Gierth <> wrote:
>>>>> "Bruno" == Bruno Vernay <> writes:

 Bruno> My simple question would be:

 Bruno> If CVE-2020-15889 affects up to including 5.4.0, then where can
 Bruno> I find a patch to backport to previous versions like 5.3.5 ?

As we told you repeatedly on IRC, the bug only affects 5.4.0. No other
version is affected. No backport is therefore required.

Note that the description in the CVE appears to be conflating two
different bugs, one described at
and the other at

(both are fixed in 5.4.1)