AVG-1207 log
| Package | lua |
| Status | Fixed |
| Severity | High |
| Type | arbitrary code execution |
| Affected | 5.4.0-2 |
| Fixed | 5.4.1-1 |
| Current | 5.4.6-3 [extra] |
| Ticket | None |
| Created | Wed Jul 29 20:44:06 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-15889 | High | Yes | Arbitrary code execution | Lua through 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. |
| CVE-2020-15888 | High | Yes | Arbitrary code execution | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap- based buffer... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 18 Oct 2020 | ASA-202010-5 | lua | arbitrary code execution |