Re: patch for CVE-2020-15888

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: patch for CVE-2020-15888
From: Andrew Gierth <andrew@...>
Date: Tue, 27 Jul 2021 23:03:14 +0100

>>>>> "aman" == aman agrawal <aman.161089@gmail.com> writes:

 aman> Hi,
 aman> Can you please tell me what are the changes required if we want
 aman> to apply the patch for CVE-2020-15888 in Lua-5.2.2

That CVE is a mess; it links to a bunch of unrelated bugs and commits
and has incorrect version information and a useless description.

As far as I can see, nothing in it is applicable to any version other
than 5.4.0 exactly. So the answer to your question is "nothing".

(That said, 5.2.2 clearly has numerous other bugs, some of them serious;
why are you using it?)

-- 
Andrew.

Follow-Ups:
- Re: patch for CVE-2020-15888, aman agrawal

References:
- patch for CVE-2020-15888, aman agrawal

Prev by Date: Re: Distributing self contained lua app
Next by Date: Re: patch for CVE-2020-15888
Previous by thread: patch for CVE-2020-15888
Next by thread: Re: patch for CVE-2020-15888
Index(es):
- Date
- Thread