lua5.2 -- security update

2014-09-01T00:00:00
ID DSA-3016
Type debian
Reporter Debian
Modified 2014-09-01T00:00:00

Description

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

For the stable distribution (wheezy), this problem has been fixed in version 5.2.1-3+deb7u1.

For the testing distribution (jessie), this problem has been fixed in version 5.2.3-1.

For the unstable distribution (sid), this problem has been fixed in version 5.2.3-1.

We recommend that you upgrade your lua5.2 packages.