liblua5.1-expat0 vulnerable to "billion laughs" attack?
Bug #793582 reported by
Patrick G.
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lua-expat (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Binary package hint: liblua5.1-expat0
Name: liblua5.1-expat0
Latest version: 1.1.0-3ubuntu1
Release: natty (11.04)
Anything below LuaExpat 1.1.1 is vulnerable to the "billion laughs" attack.
Version 1.2.0 has been released.
http://
Is the Ubuntu supplied version vulnerable?
The Jabber Server "Prosody" ( http://
---
Description: Ubuntu 11.04
Release: 11.04
liblua5.1-expat0:
Installed: 1.1.0-3ubuntu1
Candidate: 1.1.0-3ubuntu1
Version table:
*** 1.1.0-3ubuntu1 0
500 http://
100 /var/lib/
Debian Wheezy offers 1.2.0-1
Ubuntu Oneiric does not :(
http:// packages. debian. org/wheezy/ liblua5. 1-expat0