lua: fix CVE-2022-28805 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-05-09 13:10:09 +0530
committer	Armin Kuster <akuster808@gmail.com>	2022-05-25 19:34:39 -0700
commit	abd7cf838d51900ad445a26e501baeb51b4ef1e8 (patch)
tree	8d701103394fc1038c56b1d28973bff0a59be752 /meta-python/recipes-devtools/python/python3-cryptography/0003-correct-buffer-overflows-cause-by-integer-overflow-i.patch
parent	a8d82c80a11b90805b992e1963108af8b3a257ca (diff)
download	meta-openembedded-abd7cf838d51900ad445a26e501baeb51b4ef1e8.tar.gz

lua: fix CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Sana Kazi <sana.kazi@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 91e14d3a8e6e67267047473f5c449f266b44f354) Signed-off-by: Omkar Patil <omkar.patil@kpit.com> Signed-off-by: Omkar Patil <omkarpatil10.93@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-cryptography/0003-correct-buffer-overflows-cause-by-integer-overflow-i.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: