Security update for lua53
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Matej Cepl (mcepl)
Fixed bugs
bnc#1175449
VUL-1: CVE-2020-24371: lua,lua51,lua53,lua54: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
bnc#1175448
VUL-1: CVE-2020-24370: lua,lua51,lua53,lua54: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
