Comment 0 for bug 793582

Binary package hint: liblua5.1-expat0

Name: liblua5.1-expat0
Latest version: 1.1.0-3ubuntu1
Release: natty (11.04)

Anything below LuaExpat 1.1.1 is vulnarable to the "billion laughs" attack.
Version 1.2.0 has been released.

http://article.gmane.org/gmane.comp.lang.lua.general/79336

Is the Ubuntu supplied version vulnerable?

The Jabber Server "Prosody" ( http://prosody.im/doc/depends#luaexpat ) is using luaexpat.

---

Description: Ubuntu 11.04
Release: 11.04

liblua5.1-expat0:
  Installed: 1.1.0-3ubuntu1
  Candidate: 1.1.0-3ubuntu1
  Version table:
 *** 1.1.0-3ubuntu1 0
        500 http://de.archive.ubuntu.com/ubuntu/ natty/universe i386 Packages
        100 /var/lib/dpkg/status