#44467: Lua-5.4.4 CVE-2022-28805
Open Date: 2022-04-25 22:13
Last Update: 2022-04-25 22:21
URL for this Ticket:
https://osdn.net//projects/freeciv/ticket/44467
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=44467
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2022-04-25 22:21 Updated by: cazfi
* Milestone Update from (None) to 3.0.2
* Priority Update from 5 - Medium to 7
Comment:
Reply To cazfi
Need to check if lua-5.3 (-> S3_0) is affected.
At least code there is identical, and no advisory gives lower bound for affected versions.
---------------------------------------------------------------------
Ticket Status:
Reporter: cazfi
Owner: (None)
Type: Bugs
Status: Open
Priority: 7
MileStone: 3.0.2
Component: General
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
CVE-2022-28805 affects our included lua, at least in branches using lua-5.4. Need to check if lua-5.3 (-> S3_0) is affected. Upstream fix is in https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa
--
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN
Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net/projects/freeciv/ticket/44467
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=44467