[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: patch for CVE-2020-15888
- From: Andrew Gierth <andrew@...>
- Date: Tue, 27 Jul 2021 23:03:14 +0100
>>>>> "aman" == aman agrawal <firstname.lastname@example.org> writes:
aman> Can you please tell me what are the changes required if we want
aman> to apply the patch for CVE-2020-15888 in Lua-5.2.2
That CVE is a mess; it links to a bunch of unrelated bugs and commits
and has incorrect version information and a useless description.
As far as I can see, nothing in it is applicable to any version other
than 5.4.0 exactly. So the answer to your question is "nothing".
(That said, 5.2.2 clearly has numerous other bugs, some of them serious;
why are you using it?)