Your message dated Mon, 07 Feb 2022 08:35:23 +0000
with message-id <[email protected]>
and subject line Bug#1004189: fixed in lua5.4 5.4.4-1
has caused the Debian Bug report #1004189,
regarding lua5.4: CVE-2021-44647
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004189
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lua5.4
Version: 5.4.3-1
Severity: important
Tags: security upstream
Forwarded: http://lua-users.org/lists/lua-l/2021-11/msg00195.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for lua5.4.
CVE-2021-44647[0]:
| Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in
| funcnamefromcode function in ldebug.c which can cause a local denial
| of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-44647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44647
[1] http://lua-users.org/lists/lua-l/2021-11/msg00195.html
[2] http://lua-users.org/lists/lua-l/2021-11/msg00204.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lua5.4
Source-Version: 5.4.4-1
Done: Sergei Golovan <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lua5.4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[email protected]> (supplier of updated lua5.4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Feb 2022 10:34:34 +0300
Source: lua5.4
Architecture: source
Version: 5.4.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Lua Team <[email protected]>
Changed-By: Sergei Golovan <[email protected]>
Closes: 1000228 1004189
Changes:
lua5.4 (5.4.4-1) unstable; urgency=medium
.
* New upstream release. This release fixes the following security bugs:
- CVE-2021-43519, stack overflow in lua_resume of ldo.c in Lua
Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of
Service via a crafted script file (closes: #1000228).
- CVE-2021-44647, Lua 5.4.4 and 5.4.2 are affected by SEGV by type
confusion in funcnamefromcode function in ldebug.c which can cause
a local denial of service (closes: #1004189).
Checksums-Sha1:
6e8dfdd8b67da78258b98b98768dbef1c84c815e 2088 lua5.4_5.4.4-1.dsc
03c27684b9d5d9783fb79a7c836ba1cdc5f309cd 360876 lua5.4_5.4.4.orig.tar.gz
501f28c3b1506bfe327773d38548689c10ae8d46 8496 lua5.4_5.4.4-1.debian.tar.xz
24fbf1721a789f13aeb4fab800b4eefb2589244f 6714 lua5.4_5.4.4-1_amd64.buildinfo
Checksums-Sha256:
30f63e07e0c33d8bf805b90f11e942d6339d6576f5bffba0f152a7ac678b7764 2088
lua5.4_5.4.4-1.dsc
164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61 360876
lua5.4_5.4.4.orig.tar.gz
feca767028dd67f34d240d5e0cdc3cdd1a6efbb616b771f6c379933ebaef437b 8496
lua5.4_5.4.4-1.debian.tar.xz
182c800514460c5e1a139404a950ebe5faddb56a536bf581ad733a0c5b58e893 6714
lua5.4_5.4.4-1_amd64.buildinfo
Files:
6583b4635c8c2e3f814205ff68b85cf0 2088 interpreters optional lua5.4_5.4.4-1.dsc
bd8ce7069ff99a400efd14cf339a727b 360876 interpreters optional
lua5.4_5.4.4.orig.tar.gz
4266da600ac605856a271591193cd4cb 8496 interpreters optional
lua5.4_5.4.4-1.debian.tar.xz
e48d68728218ac891d28a57e0f6070a5 6714 interpreters optional
lua5.4_5.4.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmIAzXQACgkQTyrk60tj
54fM7BAAsdpCv35daAOpKcIsRzoCcDRMX9FFVC9tspCU67IJ6nKE4VJT555Cu4TZ
YDNAQGIOMaPCo0ERziKyn+vVXjMX46UQ7DFX+xw58Fty+Hhs7+5yAiQKjEJby2YD
EtvxUJZsMclrnwRYSydazDn19RdABMGP02AF1Jdberjbq1EYKEsdSzLaRTn2xx2c
FLTiI6wsyduUFtbr4e3f8672S0/C3YfacwG0L00+iBqkzHq1he3tJteX9ArkVtxC
D86BIG6s0jIHNju/NYPJgso2g+sHvaWOYWeTRhkRCfd3D0v1DgaFxaLXVqFXHffh
KRkuj5eygIw0p9MJeTJ8bnI9I1KVtFxTBynm8zWKzLDkMqi6wRFy1G1dOjt10bTv
5tf6DtkrXkoURPJQkAn9Yhw5hxmn9CrBPpmm0IQM+SZRAaFLsugL6bexeml+5nQm
A064/LgyPiU+GrciY7ZpQl9+/QjhqmHvbnfItEnOqdeqA76WBnprJyOmq8bNj0Ba
/V9f5f8Be+cCpYmQ3lJHegnzX943WGkUUqNNgkGdhZa6s4EV8tVl2ewZwXJ3iDB6
aOWqKRYWNnABlYClXyQu00M8oSEkNYaFJ09TN1LxsFALL7MXG8GYJlUIYkxgkt+u
Vwr0fD6ctudwsrwJ6j1dvlUnfSwKsfyngfab/7gq0leMUgwE65U=
=s+XE
-----END PGP SIGNATURE-----
--- End Message ---
