Overview

File _patchinfo of Package patchinfo.19987

<patchinfo incident="19987">
  <issue tracker="bnc" id="1175449">VUL-1: CVE-2020-24371: lua,lua51,lua53,lua54: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.</issue>
  <issue tracker="bnc" id="1175448">VUL-1: CVE-2020-24370: lua,lua51,lua53,lua54: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).</issue>
  <issue tracker="cve" id="2020-24370"/>
  <issue tracker="cve" id="2020-24371"/>
  <packager>mcepl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for lua53</summary>
  <description>This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places