Your message dated Wed, 19 Jan 2022 19:04:03 +0000
with message-id <[email protected]>
and subject line Bug#946053: fixed in luajit 2.1.0~beta3+git20210112+dfsg-2
has caused the Debian Bug report #946053,
regarding luajit: CVE-2019-19391
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
946053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946053
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: luajit
Version: 2.1.0~beta3+dfsg-5.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/LuaJIT/LuaJIT/pull/526
Hi,
The following vulnerability was published for luajit.
CVE-2019-19391[0]:
| In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other
| products, debug.getinfo has a type confusion issue that leads to
| arbitrary memory write or read operations, because certain cases
| involving valid stack levels and > options are mishandled.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19391
[1] https://github.com/LuaJIT/LuaJIT/pull/526
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: luajit
Source-Version: 2.1.0~beta3+git20210112+dfsg-2
Done: Mo Zhou <[email protected]>
We believe that the bug you reported is fixed in the latest version of
luajit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mo Zhou <[email protected]> (supplier of updated luajit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Jan 2022 13:38:42 -0500
Source: luajit
Architecture: source
Version: 2.1.0~beta3+git20210112+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Lua Team <[email protected]>
Changed-By: Mo Zhou <[email protected]>
Closes: 905592 933752 946053 966148 995534
Changes:
luajit (2.1.0~beta3+git20210112+dfsg-2) unstable; urgency=medium
.
[ Mo Zhou ]
* Change maintainer to Debian Lua Team. (Closes: #995534)
* Add myself to Uploaders.
* Deprecate d/compat in favor of B-D debhelper-compat.
* Bump debhlper compat level to 13.
* Override Q and E for Makefile for verbose buildlog.
.
[ Helmut Grohne ]
* Fix FTCBFS: Pass toolchain prefix for the other tools. (Closes: #905592)
.
[ Yunqiang Su ]
* New upstream snapshot 2.1.0~beta3+git20210112+dfsg
(Closes: #966148, #946053)
(Fixes CVE-2020-15890, CVE-2019-19391)
* Patch to add ppc64/ppc64el support breaks powerpc (Closes: #933752)
(fixed in 2.1.0~beta3+git20210112+dfsg-1~exp1)
Checksums-Sha1:
9580ca744d94ac589b7b5c9911d09d290d31974c 2941
luajit_2.1.0~beta3+git20210112+dfsg-2.dsc
0ce76b8872f4736175b5146f51c8af5ba57a57fb 30752
luajit_2.1.0~beta3+git20210112+dfsg-2.debian.tar.xz
2eebe0fefc022204a53db450c979bfa348fd84e5 5682
luajit_2.1.0~beta3+git20210112+dfsg-2_source.buildinfo
Checksums-Sha256:
98e69ae3f3d1ce18a18f848614fa252f473f760d583be848ad2d5f9bae19191b 2941
luajit_2.1.0~beta3+git20210112+dfsg-2.dsc
3ee654a3b6fb436dcdc867440824d74d1fa374cf3c7d9d9dd865564d9a762cf1 30752
luajit_2.1.0~beta3+git20210112+dfsg-2.debian.tar.xz
3b44fd5269c7cb765a5619576448a2fc59eeec31634e33c07c317ee751813f4f 5682
luajit_2.1.0~beta3+git20210112+dfsg-2_source.buildinfo
Files:
5f30d826d5cee20aa7d644ed5b014961 2941 interpreters optional
luajit_2.1.0~beta3+git20210112+dfsg-2.dsc
fcb192dc00df48ed268f0656cf968102 30752 interpreters optional
luajit_2.1.0~beta3+git20210112+dfsg-2.debian.tar.xz
7f9974261f597d28c82aa082bb8fb3f9 5682 interpreters optional
luajit_2.1.0~beta3+git20210112+dfsg-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEY4vHXsHlxYkGfjXeYmRes19oaooFAmHoWtQRHGx1bWluQGRl
Ymlhbi5vcmcACgkQYmRes19oaoqm/g/+L5sK7ps93SkH73OtIuPy3wcFwpH7Go8T
YLt0w6Qd2OhjNKG5uisFOruDfDlJr+5H2h8QQ0sGYN1J/rjkA+HiuPVGSR7WAIWs
gJa2ZACGF4FksKVhAe+Lh2BHc8RNnfTlQoRIlnnkqfd3uR4BWegdDBm5+nt8JWEZ
AvDd6Fd9LfL+98WorWiKWCdWhMhw6BMJkeM7DRkUCVCRb8N8ZazcL6HcwoIN/2vf
iCwAlhQRUslRy494K+Oz8tGdJSxNjJxypPb5eN0EmdDHXAjmLvhi3dcxRNRxwzNi
3klmEdJ8NKdsIR4iNE245Uqd8FYvQ8xNDX0z1HrTzLyAdtAtoTdQztbSwq0YZ5qa
XqVM6dq8So8AjZ9OOAaWt5mbbN2pyOfSuKAA54FG38rg+3GWJHTqlqFYrRhb7AJr
gc2fuvqvR5o7lLEE3WOlnTdNUOu6fYOJUJmUDh37EKCEJ4CzQ2+tBGAolPpAwCFy
z67hk4822nrl09jQIxT5ph5Uj4tFqE4BrflF1cKK7SS7uFvT84ybtYAsNyZ38q1n
Ei8W4p4kNRHROsnmkT73vJRrQJBnxbSAufExbdbqpugNDywSk135tsxMb3OZ6EFu
nkw6bh9gQ/GHDQzOfcIYjCjHKiUlCNcrKI6TFsJR4hihGrtmFm5a2rPW9GncaXB1
/TKYR3VukXE=
=eWzs
-----END PGP SIGNATURE-----
--- End Message ---
