| Release | Version |
|---|---|
| bullseye | 5.4.2-2 |
| bookworm | 5.4.4-3 |
| trixie | 5.4.6-3 |
| sid | 5.4.6-3 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2022-33099 | vulnerable (no DSA) | fixed | fixed | fixed | An issue in the component luaG_runerror of Lua v5.4.4 and below leads ... |
| CVE-2022-28805 | vulnerable (no DSA) | fixed | fixed | fixed | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) ... |
| CVE-2021-45985 | vulnerable (no DSA) | fixed | fixed | fixed | In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ... |
| CVE-2021-44964 | vulnerable (no DSA) | fixed | fixed | fixed | Use after free in garbage collector and finalizer of lgc.c in Lua inte ... |
| CVE-2021-44647 | vulnerable (no DSA) | fixed | fixed | fixed | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ... |
| CVE-2021-43519 | vulnerable (no DSA) | fixed | fixed | fixed | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ... |
| Bug | Description |
|---|---|
| CVE-2020-24371 | lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ... |
| CVE-2020-24370 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ... |
| CVE-2020-24369 | ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ... |
| CVE-2020-24342 | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ... |
| CVE-2020-15945 | Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ... |
| CVE-2020-15889 | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ... |
| CVE-2020-15888 | Lua through 5.4.0 mishandles the interaction between stack resizes and ... |