Debian Security Advisory
DSA-3016-1 lua5.2 -- security update
- Date Reported:
- 01 Sep 2014
- Affected Packages:
- lua5.2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5461.
- More information:
-
A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.
For the stable distribution (wheezy), this problem has been fixed in version 5.2.1-3+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 5.2.3-1.
For the unstable distribution (sid), this problem has been fixed in version 5.2.3-1.
We recommend that you upgrade your lua5.2 packages.