]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e17df4) | patch
lua: fix CVE-2022-28805
authorSteve Sakoman <steve@sakoman.com>
Mon, 18 Apr 2022 19:04:08 +0000 (09:04 -1000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 19 Apr 2022 13:02:08 +0000 (14:02 +0100)
commitd2ba3b8850d461bc7b773240cdf15b22b31a3f9e
tree54b5a5be25016eac9eebe7cfaeebad363da53afetree
parent3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4commit | diff
lua: fix CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.

https://nvd.nist.gov/vuln/detail/CVE-2022-28805

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/lua/lua/CVE-2022-28805.patch [new file with mode: 0644] blob
meta/recipes-devtools/lua/lua_5.4.4.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib