CVE-2020-15945: imprecise package information #9206
Labels
bug
Something isn't working
Comments
xnox
changed the title
|
Lol impressive => imprecise |
|
In a conversation with MITRE and the upstream author, Roberto confirmed that the affected range of CVE-2020-15945 is since 5.4.0 and until 5.4.1 and referenced this bug/range as: https://www.lua.org/bugs.html#5.4.0-8 The MITRE CNA updated their CVE: https://github.com/CVEProject/cvelistV5/blame/21ba742890907c4ebbf76ed45c9c1f4d8832d73d/cves/2020/15xxx/CVE-2020-15945.json#L19 \o/ Many thanks Roberto and MITRE. As the underlying CVE metadata in no longer incorrect, this should no longer be an issue. CVE scanners may be slow to update. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
https://images.chainguard.dev/security/CVE-2020-15945
Expand references, and navigate to debian tracker at https://security-tracker.debian.org/tracker/CVE-2020-15945
lua5.3 is not-affected, as the bug is specific to 5.4.0
Thus status should be package lua5.4 not affected, code not present as Wolfi has never shipped v5.4.0
The text was updated successfully, but these errors were encountered: