-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 07 Feb 2022 10:34:34 +0300 Source: lua5.4 Architecture: source Version: 5.4.4-1 Distribution: unstable Urgency: medium Maintainer: Debian Lua Team <pkg-lua-devel@lists.alioth.debian.org> Changed-By: Sergei Golovan <sgolovan@debian.org> Closes: 1000228 1004189 Changes: lua5.4 (5.4.4-1) unstable; urgency=medium . * New upstream release. This release fixes the following security bugs: - CVE-2021-43519, stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file (closes: #1000228). - CVE-2021-44647, Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service (closes: #1004189). Checksums-Sha1: 6e8dfdd8b67da78258b98b98768dbef1c84c815e 2088 lua5.4_5.4.4-1.dsc 03c27684b9d5d9783fb79a7c836ba1cdc5f309cd 360876 lua5.4_5.4.4.orig.tar.gz 501f28c3b1506bfe327773d38548689c10ae8d46 8496 lua5.4_5.4.4-1.debian.tar.xz 24fbf1721a789f13aeb4fab800b4eefb2589244f 6714 lua5.4_5.4.4-1_amd64.buildinfo Checksums-Sha256: 30f63e07e0c33d8bf805b90f11e942d6339d6576f5bffba0f152a7ac678b7764 2088 lua5.4_5.4.4-1.dsc 164c7849653b80ae67bec4b7473b884bf5cc8d2dca05653475ec2ed27b9ebf61 360876 lua5.4_5.4.4.orig.tar.gz feca767028dd67f34d240d5e0cdc3cdd1a6efbb616b771f6c379933ebaef437b 8496 lua5.4_5.4.4-1.debian.tar.xz 182c800514460c5e1a139404a950ebe5faddb56a536bf581ad733a0c5b58e893 6714 lua5.4_5.4.4-1_amd64.buildinfo Files: 6583b4635c8c2e3f814205ff68b85cf0 2088 interpreters optional lua5.4_5.4.4-1.dsc bd8ce7069ff99a400efd14cf339a727b 360876 interpreters optional lua5.4_5.4.4.orig.tar.gz 4266da600ac605856a271591193cd4cb 8496 interpreters optional lua5.4_5.4.4-1.debian.tar.xz e48d68728218ac891d28a57e0f6070a5 6714 interpreters optional lua5.4_5.4.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmIAzXQACgkQTyrk60tj 54fM7BAAsdpCv35daAOpKcIsRzoCcDRMX9FFVC9tspCU67IJ6nKE4VJT555Cu4TZ YDNAQGIOMaPCo0ERziKyn+vVXjMX46UQ7DFX+xw58Fty+Hhs7+5yAiQKjEJby2YD EtvxUJZsMclrnwRYSydazDn19RdABMGP02AF1Jdberjbq1EYKEsdSzLaRTn2xx2c FLTiI6wsyduUFtbr4e3f8672S0/C3YfacwG0L00+iBqkzHq1he3tJteX9ArkVtxC D86BIG6s0jIHNju/NYPJgso2g+sHvaWOYWeTRhkRCfd3D0v1DgaFxaLXVqFXHffh KRkuj5eygIw0p9MJeTJ8bnI9I1KVtFxTBynm8zWKzLDkMqi6wRFy1G1dOjt10bTv 5tf6DtkrXkoURPJQkAn9Yhw5hxmn9CrBPpmm0IQM+SZRAaFLsugL6bexeml+5nQm A064/LgyPiU+GrciY7ZpQl9+/QjhqmHvbnfItEnOqdeqA76WBnprJyOmq8bNj0Ba /V9f5f8Be+cCpYmQ3lJHegnzX943WGkUUqNNgkGdhZa6s4EV8tVl2ewZwXJ3iDB6 aOWqKRYWNnABlYClXyQu00M8oSEkNYaFJ09TN1LxsFALL7MXG8GYJlUIYkxgkt+u Vwr0fD6ctudwsrwJ6j1dvlUnfSwKsfyngfab/7gq0leMUgwE65U= =s+XE -----END PGP SIGNATURE-----