Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted lua5.4 5.4.1-1 (source) into unstable
Date: Sat, 21 Nov 2020 15:48:58 +0000
Signed by: Sergei Golovan <sgolovan@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 21 Nov 2020 17:58:27 +0300
Source: lua5.4
Architecture: source
Version: 5.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Lua Team <pkg-lua-devel@lists.alioth.debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Closes: 971010 971012 971013 971613 972101
Changes:
 lua5.4 (5.4.1-1) unstable; urgency=medium
 .
   * New upstream release. This release fixes the following security bugs:
     - CVE-2020-15888, mishandling the interaction between stack resizes
       and garbage collection (closes: #972101)
     - CVE-2020-24342 allowing a stack redzone cross (closes: #971012)
     - CVE-2020-24369 attempting to access debug information via the line
       hook of a stripped function (closes: #971013)
     - CVE-2020-24370 allowing a negation overflow and segmentation fault
       in getlocal and setlocal (closes: #971613)
     - CVE-2020-24371 active barriers during sweep phase (closes: #971010)
   * Remove no longer necessary patches.
Checksums-Sha1:
 49064b17c5d71005d642c165d4cf2ca903b797fd 2088 lua5.4_5.4.1-1.dsc
 88961e7d4fda58ca2c6163938fd48db8880e803d 353965 lua5.4_5.4.1.orig.tar.gz
 a6f70f8ab3d118406db35c08fb936f3ac3045dce 8248 lua5.4_5.4.1-1.debian.tar.xz
 9c49dd9e43371804fcb09cde05997dfbf0a0d673 6789 lua5.4_5.4.1-1_amd64.buildinfo
Checksums-Sha256:
 bd1f396dd5335027829dd9206c38477b76f025b4b7d371555cc67f9334d35e30 2088 lua5.4_5.4.1-1.dsc
 4ba786c3705eb9db6567af29c91a01b81f1c0ac3124fdbf6cd94bdd9e53cca7d 353965 lua5.4_5.4.1.orig.tar.gz
 61cc3ecbc9f004c0fca50970d57f8df1aec3fb5d7bdbe8b59ce35ad4b92e15ae 8248 lua5.4_5.4.1-1.debian.tar.xz
 4183f8c8ae863ccea43e5bd1152e3941df2b55c40b4540f480e0d6ef0a743ca8 6789 lua5.4_5.4.1-1_amd64.buildinfo
Files:
 b57f656ebe2c3ab58f8d9c8f91af4db8 2088 interpreters optional lua5.4_5.4.1-1.dsc
 1d575faef1c907292edd79e7a2784d30 353965 interpreters optional lua5.4_5.4.1.orig.tar.gz
 ab29f259225618ade314b4c57d1bac45 8248 interpreters optional lua5.4_5.4.1-1.debian.tar.xz
 eabf7198d6c0c50bddd03ce00d6385ac 6789 interpreters optional lua5.4_5.4.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAl+5M8UACgkQTyrk60tj
54cjgw//UAR860sK/5BiSGXB4z7NIGxzF7rxZTODMfKD7fUkVpIfUU2aFKUV+mkr
qX7aHmFcg4c2rpB5Fc/nI+y9YlEvIqRmm2+ho4uy1rYWcZ5+QeQmbXHxBUhGyPdp
I+/F9Hpyi4p3HAQGH+m+Sryoz4LT/Agwzz9upP9OnN+xzB8dl6u2GZbSTV3NKYas
+aSDlyuunLPmDERtuA4m9H72J16bQVeLB2zTm6a1XRgwVegQwi8sOrr6pCIous9c
m555vrclrAMXx5O1jL0XOLSdhU6pwI0v/pIxwZ+hNFqBM4hSOUX1Yex9S8mc0mB6
YgU8xT9rEC8r7HokOvfgmRk2RyRh4HUSlnA8bGRIV5a0a6J2YFopR6tA/U651bvs
zGQB5DhPZ1t1J4McmpVtQ6c2CsRJ/442FVJjDo/YOZiCXRw/aewvLaGPouMW7do1
Q5WOxhYUIu00hCAqPPU73k/yJs5bckiylWZgw5FU4hJr5M+iTPg5XJroX27iYz+P
eL902wQCYeiapHuWLLtDRSN54xhJd0PoPdcxsexVUnx/GIjASiGEzZNziNGi2Lnc
KME0tDc9RfZkTTwZgFrlJ0pAcy6AmJ2va34o8aHRRz/eocXmawoxN0OLl6mOvEgH
y+Al5+aseiP2vCcJnC7M8RuZuxWachaxecmgKjky1kfhyAhXJMI=
=7xP3
-----END PGP SIGNATURE-----
News for package lua5.4
