oss-sec mailing list archives
Lua 5.1.4
From: Kees Cook <kees () ubuntu com>
Date: Tue, 24 Mar 2009 14:37:13 -0700
Has anyone looked at the Lua fixes[1] in 5.1.4? I'm not familiar with the codebase, but it seems that several may have security implications: 2: stack overflow (this is the Lua stack? so... heap overflow?) 3: integer overflow 4: integer overflow 6: stack overflow (this is the Lua stack? so... heap overflow?) 8: memory writing? 9: memory reading 10: CPU DoS I haven't had a chance to examine it closely yet. Has anyone looked at these changes? -Kees [1] http://www.lua.org/bugs.html -- Kees Cook Ubuntu Security Team
Current thread:
- Lua 5.1.4 Kees Cook (Mar 24)
- Re: Lua 5.1.4 Steven M. Christey (Mar 24)
- Re: Lua 5.1.4 Florian Weimer (Mar 25)