Date: Tue, 24 Mar 2009 18:10:02 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: Lua 5.1.4 Note that the typical CVE criterion for flagging language-interpreter bugs is that they should be exploitable/reachable through the language API in reasonable scenarios for the application. Otherwise, it's the application developer attacking himself/herself. I know nothing about Lua so can't interpret items like #6 and #8, whereas you could imagine malicious input being processed by unpack(). - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.