Re: CVE-2021-44964 Patch

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: CVE-2021-44964 Patch
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 11 Oct 2023 17:53:01 -0300

> According to https://www.lua.org/bugs.html#5.4.3-10 the fix is:
> 
> https://github.com/lua/lua/commit/0bfc572e51d9035a615ef6e9523f736c9ffa8e57
> 
> Which appears to be fixed in 5.4.4. Slightly confusingly the original report was made against "5.4.4" but looking at the commits it must have been tested against a prerelease version of 5.4.4, and the official release contained a fix.

Indeed; the chronology is like this:

- Nov 16, 2021: 5.4.4 rc1.
- Nov 29, 2021: bug reported.
- Dec 13, 2021: bug fixed on git.
- Dec 21, 2021: 5.4.4 rc2.
- Jan 13, 2022: 5.4.4 rc3.
- Jan 26, 2022: rc3 frozen as 5.4.4.

-- Roberto

References:
- CVE-2021-44964 Patch, aman agrawal
- Re: CVE-2021-44964 Patch, Tom Sutcliffe

Prev by Date: Re: CVE-2021-44964 Patch
Next by Date: Re: Is there complete IUP class diagram in a parsable format?
Previous by thread: Re: CVE-2021-44964 Patch
Next by thread: Re: CVE-2021-44964 Patch
Index(es):
- Date
- Thread