Binary package hint: liblua5.1-expat0
Name: liblua5.1-expat0 Latest version: 1.1.0-3ubuntu1 Release: natty (11.04)
Anything below LuaExpat 1.1.1 is vulnarable to the "billion laughs" attack. Version 1.2.0 has been released.
http://article.gmane.org/gmane.comp.lang.lua.general/79336
Is the Ubuntu supplied version vulnerable?
The Jabber Server "Prosody" ( http://prosody.im/doc/depends#luaexpat ) is using luaexpat.
---
Description: Ubuntu 11.04 Release: 11.04
liblua5.1-expat0: Installed: 1.1.0-3ubuntu1 Candidate: 1.1.0-3ubuntu1 Version table: *** 1.1.0-3ubuntu1 0 500 http://de.archive.ubuntu.com/ubuntu/ natty/universe i386 Packages 100 /var/lib/dpkg/status
Binary package hint: liblua5.1-expat0
Name: liblua5.1-expat0
Latest version: 1.1.0-3ubuntu1
Release: natty (11.04)
Anything below LuaExpat 1.1.1 is vulnarable to the "billion laughs" attack.
Version 1.2.0 has been released.
http:// article. gmane.org/ gmane.comp. lang.lua. general/ 79336
Is the Ubuntu supplied version vulnerable?
The Jabber Server "Prosody" ( http:// prosody. im/doc/ depends# luaexpat ) is using luaexpat.
---
Description: Ubuntu 11.04
Release: 11.04
liblua5.1-expat0: de.archive. ubuntu. com/ubuntu/ natty/universe i386 Packages dpkg/status
Installed: 1.1.0-3ubuntu1
Candidate: 1.1.0-3ubuntu1
Version table:
*** 1.1.0-3ubuntu1 0
500 http://
100 /var/lib/