Permalink
4 comments
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Keep minimum size when shrinking a stack
When shrinking a stack (during GC), do not make it smaller than the initial stack size.
- Loading branch information
1 parent
b57574d
commit 6298903
Showing
1 changed file
with
2 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6298903There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wonder if lua 5.3.5 has the same issue?
6298903There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At least the CVE https://nvd.nist.gov/vuln/detail/CVE-2020-15888 says all versions are impacted up to (including) 5.4.0.
What is more concerning is whether this commit alone fixes the CVE or if the other commit referenced in the CVE: eb41999 is also required ???
Because only this commit has been backported to 5.3.6, not the other one. Since there is no 5.3.7 to clearly fix this vulnerability, the security status is uncertain
6298903There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
6298903There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to https://ubuntu.com/security/CVE-2020-15888 this only affects Lua 5.4. If that assessment is in error, could someone please link to patches for earlier versions of Lua.