[wesnoth-commits] [wesnoth/wesnoth] cc57f9: Lua: implement our own load() instead of monkey-pa...
GitHub
noreply at github.com
Fri Jul 27 12:30:35 UTC 2018
Branch: refs/heads/1.14
Home: https://github.com/wesnoth/wesnoth
Commit: cc57f98cb6cd2553150432ad343e9e20e7e3691a
https://github.com/wesnoth/wesnoth/commit/cc57f98cb6cd2553150432ad343e9e20e7e3691a
Author: Jyrki Vesterinen <sandgtx at gmail.com>
Date: 2018-07-27 (Fri, 27 Jul 2018)
Changed paths:
M src/lua/lbaselib.cpp
M src/scripting/lua_kernel_base.cpp
Log Message:
-----------
Lua: implement our own load() instead of monkey-patching Lua code
Monkey-patching has multiple problems. The biggest problem for a security
fix like this is that it's way too easy to forget to re-apply when we
update Lua to a newer version.
Instead, we now have the implementation of load() under our control and can
update Lua without risk of reintroducing CVE-2018-1999023.
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Commits
mailing list