>>>>> "Bruno" == Bruno Vernay <brunovern.a@gmail.com> writes: Bruno> Hi Bruno> If https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15888 Bruno> only impacts "Lua through 5.4.0 ..." Bruno> Why is there a patch for the 5.3.5 version Bruno> http://cgit.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/lua/lua_5.3.5.bb?h=master Bruno> ? What that bug fixes might be a performance issue (reallocating the stack too often) but it doesn't look to me like a security issue; the commit seems to have been attached to the CVE spuriously. -- Andrew.