Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: lua5.3

lua5.3 (5.3.3-1.1ubuntu1) disco; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2019-6706.patch: fix in src/lapi.c. - CVE-2019-6706 -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 08 Apr 2019 15:15:14 -0300 lua5.3 (5.3.3-1.1build1) disco; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:01:44 +0000

Modifications :
  1. Download patch debian/control

    --- 5.3.3-1.1/debian/control 2018-12-01 03:40:31.000000000 +0000 +++ 5.3.3-1.1ubuntu1/debian/control 2019-04-08 18:15:14.000000000 +0000 @@ -1,7 +1,8 @@ Source: lua5.3 Section: interpreters Priority: optional -Maintainer: Enrico Tassi <gareuselesinge@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Enrico Tassi <gareuselesinge@debian.org> Uploaders: Ondřej Surý <ondrej@debian.org> Build-Depends: debhelper (>= 9), quilt (>= 0.40), libtool-bin, libreadline-dev Standards-Version: 3.9.8
  2. Download patch debian/patches/CVE-2019-6706.patch

    --- 5.3.3-1.1/debian/patches/CVE-2019-6706.patch 1970-01-01 00:00:00.000000000 +0000 +++ 5.3.3-1.1ubuntu1/debian/patches/CVE-2019-6706.patch 2019-04-08 18:15:14.000000000 +0000 @@ -0,0 +1,22 @@ +--- a/src/lapi.c ++++ b/src/lapi.c +@@ -1285,14 +1285,14 @@ LUA_API void *lua_upvalueid (lua_State * + + LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1, + int fidx2, int n2) { +- LClosure *f1; +- UpVal **up1 = getupvalref(L, fidx1, n1, &f1); ++ UpVal **up1 = getupvalref(L, fidx1, n1, NULL); /* the last parameter not needed */ + UpVal **up2 = getupvalref(L, fidx2, n2, NULL); ++ if (*up1 == *up2) return; /* Already joined */ ++ (*up2)->refcount++; ++ if (upisopen(*up2)) (*up2)->u.open.touched = 1; ++ luaC_upvalbarrier(L, *up2); + luaC_upvdeccount(L, *up1); + *up1 = *up2; +- (*up1)->refcount++; +- if (upisopen(*up1)) (*up1)->u.open.touched = 1; +- luaC_upvalbarrier(L, *up1); + } + +
  3. Download patch debian/patches/series

    --- 5.3.3-1.1/debian/patches/series 2018-12-01 03:39:23.000000000 +0000 +++ 5.3.3-1.1ubuntu1/debian/patches/series 2019-04-08 18:15:14.000000000 +0000 @@ -2,3 +2,4 @@ 0002-lua-modules-paths.patch 0003-extern_C.patch 0004-Fix-invalid-pointer-conversions.patch +CVE-2019-6706.patch
  1. lua5.3