lua5.4 (5.4.4-3) unstable; urgency=medium * Add a patch from upstream which fixes CVE-2022-33099, double free in a situation when error occurs while handling an error (closes: #1014935). -- Sergei Golovan Sun, 17 Jul 2022 14:56:01 +0300 lua5.4 (5.4.4-2) unstable; urgency=medium * Add a patch from upstream which fixes CVE-2022-28805, segmentation fault due to a heap overflow when parsing ENV with (closes: #1010265). -- Sergei Golovan Sat, 30 Apr 2022 07:38:29 +0300 lua5.4 (5.4.4-1) unstable; urgency=medium * New upstream release. This release fixes the following security bugs: - CVE-2021-43519, stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file (closes: #1000228). - CVE-2021-44647, Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service (closes: #1004189). -- Sergei Golovan Mon, 07 Feb 2022 10:34:34 +0300 lua5.4 (5.4.3-1) unstable; urgency=medium * New upstream release. * Refresh patches. -- Sergei Golovan Tue, 17 Aug 2021 10:50:26 +0300 lua5.4 (5.4.2-2) unstable; urgency=medium * Enable readline support (thanks to Widianto Nur F). -- Sergei Golovan Tue, 12 Jan 2021 23:02:10 +0300 lua5.4 (5.4.2-1) unstable; urgency=medium * New upstream release. * Refresh patches. -- Sergei Golovan Sun, 06 Dec 2020 14:05:10 +0300 lua5.4 (5.4.1-1) unstable; urgency=medium * New upstream release. This release fixes the following security bugs: - CVE-2020-15888, mishandling the interaction between stack resizes and garbage collection (closes: #972101) - CVE-2020-24342 allowing a stack redzone cross (closes: #971012) - CVE-2020-24369 attempting to access debug information via the line hook of a stripped function (closes: #971013) - CVE-2020-24370 allowing a negation overflow and segmentation fault in getlocal and setlocal (closes: #971613) - CVE-2020-24371 active barriers during sweep phase (closes: #971010) * Remove no longer necessary patches. -- Sergei Golovan Sat, 21 Nov 2020 17:58:27 +0300 lua5.4 (5.4.0-2) unstable; urgency=medium * Add patches by upstream, which fix a few freshly introduced bugs. -- Sergei Golovan Sat, 18 Jul 2020 18:10:14 +0300 lua5.4 (5.4.0-1) unstable; urgency=medium * The first upstream release. -- Sergei Golovan Tue, 30 Jun 2020 16:51:40 +0300 lua5.4 (5.4.0~rc5-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Wed, 17 Jun 2020 12:49:10 +0300 lua5.4 (5.4.0~rc4-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Tue, 02 Jun 2020 23:46:53 +0300 lua5.4 (5.4.0~rc3-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Wed, 20 May 2020 10:12:52 +0300 lua5.4 (5.4.0~rc2-1) experimental; urgency=medium * New upstream release candidate. * Refresh patches. * Bump the standards version to 4.5.0. * Bump the debhelper compatibility level to 12. -- Sergei Golovan Wed, 06 May 2020 10:33:50 +0300 lua5.4 (5.4.0~beta-1) experimental; urgency=medium * New upstream preliminary release. * Refresh patches. -- Sergei Golovan Tue, 29 Oct 2019 10:23:48 +0300 lua5.4 (5.4.0~alpha-2) experimental; urgency=medium * Fix symbols in the linker version script. * Adapt a patch for lua5.3 by Helmut Grohne to fix FTCBFS. The patch libtoolizes during build to avoid a dependency on libtool-bin, and uses triplet-prefixed build tools (closes: #941649). * Fix the Lua version release number in pkgconfig scripts. * Add an alternatives for the lua.pc and lua-c++.pc pkgconfig scripts. -- Sergei Golovan Sun, 13 Oct 2019 10:33:54 +0300 lua5.4 (5.4.0~alpha-1) experimental; urgency=medium * Initial release (closes: #932316). -- Sergei Golovan Wed, 17 Jul 2019 18:28:48 +0300