CVE-2020-15890: LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. Maintainer, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2a054ce465da2fd25ff354c875024011b9fd2c9 commit a2a054ce465da2fd25ff354c875024011b9fd2c9 Author: Rafael Martins <rafaelmartins@gentoo.org> AuthorDate: 2020-07-22 19:38:50 +0000 Commit: Rafael Martins <rafaelmartins@gentoo.org> CommitDate: 2020-07-22 19:40:24 +0000 dev-lang/luajit: apply fix for CVE-2020-15890 Bug: https://bugs.gentoo.org/733466 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Rafael Martins <rafaelmartins@gentoo.org> dev-lang/luajit/files/CVE-2020-15890.patch | 22 +++++++++ dev-lang/luajit/luajit-2.0.5-r2.ebuild | 67 ++++++++++++++++++++++++++++ dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild | 56 +++++++++++++++++++++++ 3 files changed, 145 insertions(+)
bumped
Thanks. Let's stable 2.0.5-r2 when ready?
yes, please stabilize
amd64 stable
x86 stable
ppc stable
arm stable. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1d37420e54b9cbe771e1ad21a11ea1dd06a6be3 commit a1d37420e54b9cbe771e1ad21a11ea1dd06a6be3 Author: Rafael Martins <rafaelmartins@gentoo.org> AuthorDate: 2020-07-25 15:14:30 +0000 Commit: Rafael Martins <rafaelmartins@gentoo.org> CommitDate: 2020-07-25 15:14:41 +0000 dev-lang/luajit: remove vulnerable ebuilds Bug: https://bugs.gentoo.org/733466 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Rafael Martins <rafaelmartins@gentoo.org> dev-lang/luajit/luajit-2.0.5-r1.ebuild | 64 ------------------------------- dev-lang/luajit/luajit-2.1.0_beta3.ebuild | 53 ------------------------- 2 files changed, 117 deletions(-)
Thanks.