singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
{ "binaries": [ { "binary_name": "liblua5.4-0", "binary_version": "5.4.4-1ubuntu0.1~esm1" }, { "binary_name": "liblua5.4-0-dbg", "binary_version": "5.4.4-1ubuntu0.1~esm1" }, { "binary_name": "liblua5.4-dev", "binary_version": "5.4.4-1ubuntu0.1~esm1" }, { "binary_name": "lua5.4", "binary_version": "5.4.4-1ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }