[Buildroot] [PATCH 1/1] package/lua/5.1.5: add patch for CVE-2014-5461
Julien Olivain
ju.o at free.fr
Wed Sep 17 19:38:38 UTC 2025
On 17/09/2025 20:53, Thomas Perale via buildroot wrote:
> This CVE is specific for the version 5.1.5 still present in Buildroot.
> It has been fixed in 5.2.3 and thereby doesn't affects the other
> versions available in Buildroot.
>
> - CVE-2014-5461
>
> Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through
> 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial
> of service (crash) via a small number of arguments to a function with a
> large number of fixed arguments.
>
> For more information see:
> - https://security-tracker.debian.org/tracker/CVE-2014-5461
> - https://udd.debian.org/patches.cgi?src=lua5.1&version=5.1.5-11
>
> A patch present in Debian is used to address this vulnerability.
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Applied to master, thanks.
More information about the buildroot
mailing list