Ubuntu
lua5.4 package

lua5.4 update missing on Jammy

Bug #2105494 reported by Elfranne
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lua5.4 (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

lua5.4 has been updated to 5.4.6-3build2 but Jammy seems to have been missed. Jammy is currently at version 5.4.4-1, which contains 2 CVE (CVE-2022-33099 and CVE-2022-28805)

https://launchpad.net/ubuntu/+source/lua5.4

CVE References

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Both CVEs are already patched and released through Ubuntu Pro, for more information see:
https://ubuntu.com/security/notices/USN-6916-1

You can have free access to Ubuntu Pro up to 5 machines, see https://ubuntu.com/pro

information type: Private Security → Public Security
Revision history for this message
Elfranne (elfranne) wrote :

Thanks, I am aware of that.
Oracular and Noble have been kept updated so I am curious why Noble has not?

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

I believe you mean "why jammy has not?"

lua5.4 in jammy is in universe, and therefore it is community maintained. In oracular and noble lua5.4 is in main, and therefore officially supported.
Therefore in jammy if the Ubuntu Security Team proactively fixes it, we then publish this update into Ubuntu Pro.

Revision history for this message
Elfranne (elfranne) wrote :

oh that makes much more sense now.

Revision history for this message
Renan Rodrigo (renanrodrigo) wrote :

@elfranne I am marking this bug as wishlisted. If you can't use the version in Ubuntu Pro with ESM-Apps for some reason, feel free to propose a patch/backport and the security team will be happy to review and sponsor it. Thanks again for reaching out.

Changed in lua5.4 (Ubuntu):
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.