Debian Package Tracker
Register | Log in
Subscribe

lua5.3

Simple, extensible, embeddable programming language

Choose email to subscribe with

general
  • source: lua5.3 (main)
  • version: 5.3.3-1.1
  • maintainer: Enrico Tassi (DMD) (LowNMU)
  • uploaders: Ondřej Surý [DMD]
  • arch: any
  • std-ver: 3.9.8
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 5.3.3-1
  • old-sec: 5.3.3-1+deb9u1
  • stable: 5.3.3-1.1
  • testing: 5.3.3-1.1
  • unstable: 5.3.3-1.1
versioned links
  • 5.3.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.3.3-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.3.3-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • liblua5.3-0
  • liblua5.3-0-dbg
  • liblua5.3-dev
  • lua5.3 (3 bugs: 0, 3, 0, 0)
action needed
A new upstream version is available: 5.3.6 high
A new upstream version 5.3.6 is available, you should consider packaging it.
Created: 2020-06-29 Last update: 2021-01-16 07:32
Standards version of the package is outdated. high
The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 3.9.8).
Created: 2017-07-14 Last update: 2020-11-17 05:41
2 security issues in stretch high
There are 2 open security issues in stretch.
1 important issue:
  • CVE-2020-15945: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
1 issue skipped by the security teams:
  • CVE-2019-6706: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
Please fix them.
Created: 2019-01-24 Last update: 2020-10-03 08:37
3 security issues in sid high
There are 3 open security issues in sid.
3 important issues:
  • CVE-2019-6706: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
  • CVE-2020-15945: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
  • CVE-2020-24370: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Please fix them.
Created: 2019-01-24 Last update: 2020-10-03 08:37
3 security issues in buster high
There are 3 open security issues in buster.
1 important issue:
  • CVE-2020-15945: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
2 issues skipped by the security teams:
  • CVE-2019-6706: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
  • CVE-2020-24370: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Please fix them.
Created: 2019-01-24 Last update: 2020-10-03 08:37
3 security issues in bullseye high
There are 3 open security issues in bullseye.
3 important issues:
  • CVE-2019-6706: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
  • CVE-2020-15945: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.
  • CVE-2020-24370: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Please fix them.
Created: 2019-07-07 Last update: 2020-10-03 08:37
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2020-10-19 Last update: 2021-01-16 08:31
4 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit a1ef1cf01f5ea7bcc79e1e32adc7d38f9e4f9008
Author: Dima Kogan <dima@secretsauce.net>
Date:   Fri Dec 28 11:10:28 2018 -0800

    changelog bump: nmu

commit 2504f45ca9679e30aa5d2975d2674ac18ad4ec23
Author: Dima Kogan <dima@secretsauce.net>
Date:   Fri Nov 30 19:55:53 2018 -0800

    changelog bump

commit eaf205e379f8d7e02e7d1383a01c12fd8c2da4e0
Author: Dima Kogan <dima@secretsauce.net>
Date:   Fri Nov 30 19:44:10 2018 -0800

    added postinst/prerm for the alternatives

commit 6535ab189228dbaaaf2c1918b26a4c652c7f5081
Author: Dima Kogan <dima@secretsauce.net>
Date:   Fri Nov 30 19:40:46 2018 -0800

    Vcs-... tags point to salsa
Created: 2018-12-28 Last update: 2021-01-08 13:08
lintian reports 3 warnings normal
Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-07-29 Last update: 2020-07-29 12:32
news
[rss feed]
  • [2020-09-26] Accepted lua5.3 5.3.3-1+deb9u1 (source) into oldstable (Roberto C. Sanchez)
  • [2019-01-03] lua5.3 5.3.3-1.1 MIGRATED to testing (Debian testing watch)
  • [2018-12-28] Accepted lua5.3 5.3.3-1.1 (source amd64) into unstable (Dima Kogan)
  • [2017-07-14] Accepted lua5.3 5.3.3-1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports (Vincent Bernat)
  • [2016-12-31] lua5.3 5.3.3-1 MIGRATED to testing (Debian testing watch)
  • [2016-12-19] Accepted lua5.3 5.3.3-1 (source amd64) into unstable (Ondřej Surý)
  • [2016-08-11] lua5.3 5.3.1-1.1 MIGRATED to testing (Debian testing watch)
  • [2016-08-05] Accepted lua5.3 5.3.1-1.1 (source) into unstable (Aurelien Jarno)
  • [2016-01-10] Accepted lua5.3 5.3.1-1~bpo7+1 (source amd64) into wheezy-backports-sloppy, wheezy-backports-sloppy (Vincent Bernat)
  • [2016-01-01] Accepted lua5.3 5.3.1-1~bpo8+1 (source amd64) into jessie-backports, jessie-backports (Vincent Bernat)
  • [2015-08-21] lua5.3 5.3.1-1 MIGRATED to testing (Britney)
  • [2015-08-15] Accepted lua5.3 5.3.1-1 (source amd64) into unstable, unstable (Enrico Tassi)
bugs [bug history graph]
  • all: 8
  • RC: 0
  • I&N: 7
  • M&W: 1
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 3)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 5.3.3-1.1ubuntu2
  • 1 bug
  • patches for 5.3.3-1.1ubuntu2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing