Bug 1175339 (CVE-2020-24342)

Summary: VUL-1: CVE-2020-24342: lua,lua51,lua53,lua54: a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row
Product: [openSUSE] openSUSE Distribution Reporter: Robert Frohl <rfrohl>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: atoptsoglou, gmbr3
Version: Leap 15.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/265279/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Robert Frohl 2020-08-17 09:09:00 UTC
Only affects Tumbleweed, the older versions do not yet carry the affected code.
Comment 2 Callum Farmer 2020-08-17 09:33:46 UTC
OK will be fixed.

CF
Comment 3 OBSbugzilla Bot 2020-08-17 10:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1175339) was mentioned in
https://build.opensuse.org/request/show/827296 Factory / lua54
Comment 4 OBSbugzilla Bot 2020-08-18 14:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1175339) was mentioned in
https://build.opensuse.org/request/show/827610 Factory / lua54
Comment 5 OBSbugzilla Bot 2020-08-18 15:30:12 UTC
This is an autogenerated message for OBS integration:
This bug (1175339) was mentioned in
https://build.opensuse.org/request/show/827619 Factory / lua54
Comment 6 Callum Farmer 2020-08-21 09:21:04 UTC
COMPLETED
Comment 7 Callum Farmer 2020-09-23 12:38:03 UTC
COMPLETED
Comment 8 Alexandros Toptsoglou 2020-10-27 16:19:25 UTC
Done