:00 2001
From: astian
Date: Mon, 11 Feb 2020 21:08:51 +
Subject: [PATCH] lua: fix unintended code execution vulnerability
Backport of upstream commit cce7062a8a6b6a3b3666aea3ff86db879cba67b6
("lua: fix highly security relevant arbitrary code execution") to
release 0.32.0.
Note: B
astian:
> If Lua scripts are enabled (they are by default) and configured for use
> (Debian doesn't seem to have any active by default)
Correction: mpv as shipped by Debian does have some active Lua scripts
embedded in the ELF binary, but, as the author says in the quoted commit, they
Package: mpv
Version: 0.32.0-1
Severity: grave
Tags: security fixed-upstream
Justification: user security hole
Dear Maintainer,
If Lua scripts are enabled (they are by default) and configured for use
(Debian doesn't seem to have any active by default) mpv could end up
loading unintended code
Package: minetest-mod-pipeworks
Version: 20190430-1
Severity: serious
Justification: Policy 3.5. Dependencies
Dear Maintainer,
Package lacks a dependency on "basic_materials" (minetest-mod-basic-materials).
-- System Information:
Debian Release: 10.0
APT prefers unstable-debug
APT policy:
Package: python3-flask-socketio
Version: 2.9.0-1
Severity: serious
Dear Maintainer,
This package lacks a dependency on the upstream "python-socketio" [0],
which provides a "socketio" module. Please do not confuse it with the
Debian package of the same name, which also provides a "socketio":
Control: affects -1 ibus-anthy
Control: found -1 ibus-anthy/1.5.9-2
Control: found -1 anthy/1:0.3-5
Hi,
Packaging is still broken on sid. (Interesting how 2 years of forewarning
were still not sufficient to prevent this.)
$ sudo apt install ibus-anthy
Reading package lists... Done
6 matches
Mail list logo
