Incidencia #44467

Lua-5.4.4 CVE-2022-28805

Abrir Fecha: 2022-04-26 04:13 Última actualización: 2022-04-28 02:54

Informador:
Propietario:
Tipo:
Estado:
Cerrado
Componente:
Prioridad:
7
Gravedad:
5 - Medium
Resolución:
Fixed
Fichero:
2

Details

CVE-2022-28805 affects our included lua, at least in branches using lua-5.4. Need to check if lua-5.3 (-> S3_0) is affected. Upstream fix is in https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa

Ticket History (3/9 Histories)

2022-04-26 04:13 Updated by: cazfi
  • New Ticket "Lua-5.4.4 CVE-2022-28805" created
2022-04-26 04:21 Updated by: cazfi
  • Hito Update from (Ninguno) to 3.0.2 (cerrado)
  • Prioridad Update from 5 - Medium to 7
Comentario

Reply To cazfi

Need to check if lua-5.3 (-> S3_0) is affected.

At least code there is identical, and no advisory gives lower bound for affected versions.

2022-04-26 04:51 Updated by: cazfi
  • Propietario Update from (Ninguno) to cazfi
  • Resolución Update from Ninguno to Accepted
Comentario

Going to apply to S2_6 too.

2022-04-26 22:05 Updated by: cazfi
Comentario

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules

Esp. Maintainers should check it, and comment if there's anything more to correct it.

2022-04-28 02:53 Updated by: cazfi
  • Estado Update from Open to Cerrado
  • Resolución Update from Accepted to Fixed
2022-04-28 02:54 Updated by: alienvalkyrie
  • Estado Update from Cerrado to Open
  • Resolución Update from Fixed to Accepted
Comentario

Reply To cazfi

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules Esp. Maintainers should check it, and comment if there's anything more to correct it.

Looks sensible to me.

2022-04-28 02:54 Updated by: alienvalkyrie
  • Estado Update from Open to Cerrado
  • Resolución Update from Accepted to Fixed

Editar

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Entrar