Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#67583 - [lua] [security] CVE-2020-15945

Attached to Project: Arch Linux
Opened by loqs (loqs) - Friday, 14 August 2020, 17:48 GMT
Last edited by freswa (frederik) - Saturday, 15 August 2020, 22:18 GMT
Task Type Bug Report
Category Packages: Extra
Status Assigned
Assigned To Anatol Pomozov (anatolik)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.

Additional info:
* lua 5.4.0-2
* lua-patches.txt contains table of CVEs and commits ordered by commit on the master branch.
This task depends upon