mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-06 16:56:37 +01:00

Commit Graph

Author	SHA1	Message	Date
Steve Sakoman	91e14d3a8e	lua: fix CVE-2022-28805 singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-19 14:02:13 +01:00
Alexander Kanavin	02a8a2c621	lua: upgrade 5.4.3 -> 5.4.4 (From OE-Core rev: 734cdfddd2d2a0a0e3be2b577bd4175a2abd73e5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-05 17:46:05 +00:00

Author

SHA1

Message

Date

Steve Sakoman

91e14d3a8e

lua: fix CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup
call, leading to a heap-based buffer over-read that might affect a system that
compiles untrusted Lua code.

https://nvd.nist.gov/vuln/detail/CVE-2022-28805

(From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-04-19 14:02:13 +01:00

Alexander Kanavin

02a8a2c621

lua: upgrade 5.4.3 -> 5.4.4

(From OE-Core rev: 734cdfddd2d2a0a0e3be2b577bd4175a2abd73e5)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-02-05 17:46:05 +00:00

2 Commits