lua5.2: stack overflow in vararg functions (CVE-2014-5461)
Stack overflow in vararg functions with many fixed parameters called with few arguments has been fixed upstream.
Vulnerable versions since 5.1, fixed in 5.2.3. So only Alpine Linux v2.7 is affected at the moment.
References:
CONFIRM, PATCH: http://www.lua.org/bugs.html\#5.2.2-1
CONFIRM: http://seclists.org/oss-sec/2014/q3/453
(from redmine: issue id 3334, created on 2014-08-27, closed on 2014-09-05)
- Changesets:
- Revision 7e0f66ac by Natanael Copa on 2014-09-03T11:57:32Z:
main/lua5.2: security upgrade to 5.2.3 (CVE-2014-5461)
fixes #3334