Debian Package Tracker
Register | Log in
Subscribe

lua5.3

Simple, extensible, embeddable programming language

Choose email to subscribe with

general
  • source: lua5.3 (main)
  • version: 5.3.6-2
  • maintainer: Debian Lua Team (archive) (DMD)
  • uploaders: Ondřej Surý [DMD]
  • arch: any
  • std-ver: 3.9.8
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 5.3.3-1
  • o-o-sec: 5.3.3-1+deb9u1
  • oldstable: 5.3.3-1.1
  • stable: 5.3.3-1.1
  • testing: 5.3.6-2
  • unstable: 5.3.6-2
versioned links
  • 5.3.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.3.3-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.3.3-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.3.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • liblua5.3-0
  • liblua5.3-0-dbg
  • liblua5.3-dev
  • lua5.3 (2 bugs: 0, 2, 0, 0)
action needed
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2021-43519: Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Created: 2022-07-04 Last update: 2023-03-27 11:06
Standards version of the package is outdated. high
The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 3.9.8).
Created: 2017-07-14 Last update: 2022-12-17 19:17
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2022-07-27 Last update: 2023-03-31 20:02
lintian reports 2 warnings normal
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2022-09-22 Last update: 2023-02-04 09:34
3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

2 issues left for the package maintainer to handle:
  • CVE-2019-6706: (postponed; to be fixed through a stable update) Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
  • CVE-2020-24370: (needs triaging) ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:
  • CVE-2021-43519: Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Created: 2022-07-04 Last update: 2023-03-27 11:06
debian/patches: 2 patches to forward upstream low

Among the 3 debian patches available in version 5.3.6-2 of the package, we noticed the following issues:

  • 2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2023-02-26 15:54
news
[rss feed]
  • [2022-12-16] lua5.3 5.3.6-2 MIGRATED to testing (Debian testing watch)
  • [2022-12-16] lua5.3 5.3.6-2 MIGRATED to testing (Debian testing watch)
  • [2022-12-10] Accepted lua5.3 5.3.6-2 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2021-10-18] lua5.3 5.3.6-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-12] Accepted lua5.3 5.3.6-1 (source) into unstable (Bastian Germann)
  • [2020-09-26] Accepted lua5.3 5.3.3-1+deb9u1 (source) into oldstable (Roberto C. Sanchez)
  • [2019-01-03] lua5.3 5.3.3-1.1 MIGRATED to testing (Debian testing watch)
  • [2018-12-28] Accepted lua5.3 5.3.3-1.1 (source amd64) into unstable (Dima Kogan)
  • [2017-07-14] Accepted lua5.3 5.3.3-1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports (Vincent Bernat)
  • [2016-12-31] lua5.3 5.3.3-1 MIGRATED to testing (Debian testing watch)
  • [2016-12-19] Accepted lua5.3 5.3.3-1 (source amd64) into unstable (Ondřej Surý)
  • [2016-08-11] lua5.3 5.3.1-1.1 MIGRATED to testing (Debian testing watch)
  • [2016-08-05] Accepted lua5.3 5.3.1-1.1 (source) into unstable (Aurelien Jarno)
  • [2016-01-10] Accepted lua5.3 5.3.1-1~bpo7+1 (source amd64) into wheezy-backports-sloppy, wheezy-backports-sloppy (Vincent Bernat)
  • [2016-01-01] Accepted lua5.3 5.3.1-1~bpo8+1 (source amd64) into jessie-backports, jessie-backports (Vincent Bernat)
  • [2015-08-21] lua5.3 5.3.1-1 MIGRATED to testing (Britney)
  • [2015-08-15] Accepted lua5.3 5.3.1-1 (source amd64) into unstable, unstable (Enrico Tassi)
bugs [bug history graph]
  • all: 5
  • RC: 0
  • I&N: 4
  • M&W: 1
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 5.3.6-2
  • 1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing