OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw

待辦事項 #44467
待辦事項列表 新增待辦事項 RSS

Lua-5.4.4 CVE-2022-28805

啟用日期: 2022-04-26 04:13 最後更新: 2022-04-28 02:54

回報者:
cazfi
負責人:
cazfi
類型:
問題回報
狀態:
關閉
元件:
General
里程碑:
3.0.2 (closed)
優先權:
7
嚴重程度:
5 - 中
處理結果:
修正
檔案:
2

細節

CVE-2022-28805 affects our included lua, at least in branches using lua-5.4. Need to check if lua-5.3 (-> S3_0) is affected. Upstream fix is in https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa

Ticket History (3/9 Histories)

2022-04-26 04:13 Updated by: cazfi
  • New Ticket "Lua-5.4.4 CVE-2022-28805" created
2022-04-26 04:21 Updated by: cazfi
  • 里程碑 Update from (無) to 3.0.2 (closed)
  • 優先權 Update from 5 - 中 to 7
評語

Reply To cazfi

Need to check if lua-5.3 (-> S3_0) is affected.

At least code there is identical, and no advisory gives lower bound for affected versions.

2022-04-26 04:51 Updated by: cazfi
  • 負責人 Update from (無) to cazfi
  • 處理結果 Update from to Accepted
評語

Going to apply to S2_6 too.

2022-04-26 22:05 Updated by: cazfi
評語

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules

Esp. Maintainers should check it, and comment if there's anything more to correct it.

2022-04-28 02:53 Updated by: cazfi
  • 狀態 Update from 開啟 to 關閉
  • 處理結果 Update from Accepted to 修正
2022-04-28 02:54 Updated by: alienvalkyrie
  • 狀態 Update from 關閉 to 開啟
  • 處理結果 Update from 修正 to Accepted
評語

Reply To cazfi

This got me to draft an clarification to our commit rules concerning vulnerability fixes. http://www.freeciv.org/wiki/Commit_rules Esp. Maintainers should check it, and comment if there's anything more to correct it.

Looks sensible to me.

2022-04-28 02:54 Updated by: alienvalkyrie
  • 狀態 Update from 開啟 to 關閉
  • 處理結果 Update from Accepted to 修正

編輯

Please login to add comment to this ticket » 登入