OSDN -- Develop and Download Open Source Software

Ticket #44467
Ticket List Submit New Ticket RSS

Lua-5.4.4 CVE-2022-28805

Open Date: 2022-04-26 04:13 Last Update: 2022-04-28 02:54

Reporter:
cazfi
Owner:
cazfi
Type:
Bugs
Status:
Closed
Component:
General
MileStone:
3.0.2 (closed)
Priority:
7
Severity:
5 - Medium
Resolution:
Fixed
File:
2

Details

CVE-2022-28805 affects our included lua, at least in branches using lua-5.4. Need to check if lua-5.3 (-> S3_0) is affected. Upstream fix is in https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa

Ticket History (3/9 Histories)

2022-04-26 04:13 Updated by: cazfi
  • New Ticket "Lua-5.4.4 CVE-2022-28805" created
2022-04-26 04:21 Updated by: cazfi
  • Milestone Update from (None) to 3.0.2 (closed)
  • Priority Update from 5 - Medium to 7
Comment

Reply To cazfi

Need to check if lua-5.3 (-> S3_0) is affected.

At least code there is identical, and no advisory gives lower bound for affected versions.

2022-04-26 04:51 Updated by: cazfi
  • Owner Update from (None) to cazfi
  • Resolution Update from None to Accepted
Comment

Going to apply to S2_6 too.

2022-04-26 22:05 Updated by: cazfi
Comment

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules

Esp. Maintainers should check it, and comment if there's anything more to correct it.

2022-04-28 02:53 Updated by: cazfi
  • Status Update from Open to Closed
  • Resolution Update from Accepted to Fixed
2022-04-28 02:54 Updated by: alienvalkyrie
  • Status Update from Closed to Open
  • Resolution Update from Fixed to Accepted
Comment

Reply To cazfi

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules Esp. Maintainers should check it, and comment if there's anything more to correct it.

Looks sensible to me.

2022-04-28 02:54 Updated by: alienvalkyrie
  • Status Update from Open to Closed
  • Resolution Update from Accepted to Fixed

Edit

Please login to add comment to this ticket » Login