AVG-1207 log

Package lua
Status Fixed
Severity High
Type arbitrary code execution
Affected 5.4.0-2
Fixed 5.4.1-1
Current 5.4.1-1 [extra]
Ticket None
Created Wed Jul 29 20:44:06 2020
Issue Severity Remote Type Description
CVE-2020-15889 High Yes Arbitrary code execution
Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
CVE-2020-15888 High Yes Arbitrary code execution
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap- based buffer...
Date Advisory Package Description
18 Oct 2020 ASA-202010-5 lua arbitrary code execution