lua: fix CVE-2022-28805 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Steve Sakoman <steve@sakoman.com>	2022-04-18 09:04:08 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-19 14:02:13 +0100
commit	91e14d3a8e6e67267047473f5c449f266b44f354 (patch)
tree	9b71398acd7db67d151bc643d60fc74419c13200 /meta/recipes-core/zlib
parent	8f48f1014f90c3ceacd8be367c209f941a3622ba (diff)
download	poky-91e14d3a8e6e67267047473f5c449f266b44f354.tar.gz

lua: fix CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. https://nvd.nist.gov/vuln/detail/CVE-2022-28805 (From OE-Core rev: d2ba3b8850d461bc7b773240cdf15b22b31a3f9e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-core/zlib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: