Register | Log in

lua5.4

Simple, extensible, embeddable programming language

Choose email to subscribe with

general

source: lua5.4 (main)
version: 5.4.4-2
maintainer: Debian Lua Team (archive) (DMD)
uploaders: Sergei Golovan [DMD]
arch: any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 5.4.2-2
testing: 5.4.4-2
unstable: 5.4.4-2

versioned links

5.4.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.4.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liblua5.4-0
liblua5.4-0-dbg
liblua5.4-dev
lua5.4

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-44964: Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Created: 2022-03-18 Last update: 2022-05-05 06:30

4 security issues in bullseye high

There are 4 open security issues in bullseye.

2 important issues:

CVE-2021-44647: Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
CVE-2021-44964: Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

2 issues left for the package maintainer to handle:

CVE-2021-43519: (needs triaging) Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
CVE-2022-28805: (needs triaging) singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-11-10 Last update: 2022-05-05 06:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2021-44964: Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Created: 2022-03-18 Last update: 2022-05-05 06:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2022-05-11 23:25

news

[2022-05-05] lua5.4 5.4.4-2 MIGRATED to testing (Debian testing watch)
[2022-04-30] Accepted lua5.4 5.4.4-2 (source) into unstable (Sergei Golovan)
[2022-02-12] lua5.4 5.4.4-1 MIGRATED to testing (Debian testing watch)
[2022-02-07] Accepted lua5.4 5.4.4-1 (source) into unstable (Sergei Golovan)
[2021-08-23] lua5.4 5.4.3-1 MIGRATED to testing (Debian testing watch)
[2021-08-17] Accepted lua5.4 5.4.3-1 (source) into unstable (Sergei Golovan)
[2021-01-18] lua5.4 5.4.2-2 MIGRATED to testing (Debian testing watch)
[2021-01-12] Accepted lua5.4 5.4.2-2 (source) into unstable (Sergei Golovan)
[2020-12-12] lua5.4 5.4.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-06] Accepted lua5.4 5.4.2-1 (source) into unstable (Sergei Golovan)
[2020-11-27] lua5.4 5.4.1-1 MIGRATED to testing (Debian testing watch)
[2020-11-21] Accepted lua5.4 5.4.1-1 (source) into unstable (Sergei Golovan)
[2020-07-24] lua5.4 5.4.0-2 MIGRATED to testing (Debian testing watch)
[2020-07-18] Accepted lua5.4 5.4.0-2 (source) into unstable (Sergei Golovan)
[2020-07-06] lua5.4 5.4.0-1 MIGRATED to testing (Debian testing watch)
[2020-06-30] Accepted lua5.4 5.4.0-1 (source) into unstable (Sergei Golovan)
[2020-06-19] Accepted lua5.4 5.4.0~rc6-1 (source) into experimental (Sergei Golovan)
[2020-06-17] Accepted lua5.4 5.4.0~rc5-1 (source amd64) into experimental (Sergei Golovan)
[2020-06-02] Accepted lua5.4 5.4.0~rc4-1 (source) into experimental (Sergei Golovan)
[2020-05-20] Accepted lua5.4 5.4.0~rc3-1 (source) into experimental (Sergei Golovan)
[2020-05-06] Accepted lua5.4 5.4.0~rc2-1 (source) into experimental (Sergei Golovan)
[2019-10-29] Accepted lua5.4 5.4.0~beta-1 (source) into experimental (Sergei Golovan)
[2019-10-13] Accepted lua5.4 5.4.0~alpha-2 (source) into experimental (Sergei Golovan)
[2019-07-18] Accepted lua5.4 5.4.0~alpha-1 (source amd64) into experimental, experimental (Sergei Golovan)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.4.4-2
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing