Description of problem: During today's (2015-10-01) FPC meeting, the version of lua bundled with texlive was identified to be potentially subject to CVE-2014-5461 [1]. [1] http://www.cvedetails.com/cve/CVE-2014-5461/
Not vulnerable. Texlive 2014 (oldest in current Fedora) ships with lua 5.2.3, which has this patched.