Your message dated Sun, 24 Jun 2018 16:20:06 +0000 with message-id <e1fx7ke-0000so...@fasolo.debian.org> and subject line Bug#901495: fixed in redis 3:3.2.6-3+deb9u1 has caused the Debian Bug report #901495, regarding redis: multiple security issues in Lua scripting (CVE-2018-11218 CVE-2018-11219) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 3:3.2.6-1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security >From https://github.com/antirez/redis/issues/5017: > The Apple Security Team, together with Alibaba and myself, > identified several security issues in the Lua script engine. The full > report is here: <http://antirez.com/news/119> No CVE has (yet) been assigned: https://github.com/antirez/redis/issues/5017#issuecomment-397038992 Version tagged >= 3:3.2.6-1 due to stretch having Lua support but wheezy (2.8.17) does not. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 3:3.2.6-3+deb9u1 We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jun 2018 15:08:27 +0200 Source: redis Binary: redis-server redis-tools redis-sentinel Architecture: source amd64 Version: 3:3.2.6-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 901495 Changes: redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high . * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap corruption and integer overflow vulnerabilities. (Closes: #901495) Checksums-Sha1: 2c6d029f541e0f6eb15491f9d3c3566b1f37522f 2013 redis_3.2.6-3+deb9u1.dsc 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b 1544806 redis_3.2.6.orig.tar.gz 5ca7378156cac0d842c80fc76c86a1f0c62d39e7 38904 redis_3.2.6-3+deb9u1.debian.tar.xz 96a8f2ee6ab578c5eef69f85eb1e9b732a10fcb1 18476 redis-sentinel_3.2.6-3+deb9u1_amd64.deb 24275d0221edce2baa1529ac28e55972caf0209b 1038238 redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb eb69917194d7263b91f27f69e51c450a78f43205 412890 redis-server_3.2.6-3+deb9u1_amd64.deb f3c7d7700e6c40222bf4d1046b66eb03139aa0cf 1255818 redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb 08fa7f1fa66f554370f9f044e780fdeb26043b34 462498 redis-tools_3.2.6-3+deb9u1_amd64.deb f4209192b39afc65d17775bc9a5241d1e28b6ab9 7195 redis_3.2.6-3+deb9u1_amd64.buildinfo Checksums-Sha256: 80da262658515878816bc54a91025a19dc908e19e900c20edc05105a5a082762 2013 redis_3.2.6-3+deb9u1.dsc 2e1831c5a315e400d72bda4beaa98c0cfbe3f4eb8b20c269371634390cf729fa 1544806 redis_3.2.6.orig.tar.gz 4dd8b850f189a14f506ab2dbd9ec9825ed1d125390281cd4e51dd3a23047a239 38904 redis_3.2.6-3+deb9u1.debian.tar.xz bdc22af158b230cd4766f73f227eda22a1cfbc0cdcbce370e6e2bca35a68c264 18476 redis-sentinel_3.2.6-3+deb9u1_amd64.deb 1bd65e89e6af090127f8046b5628d7bf174d5a02b1a0c2b24877353072bc7583 1038238 redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb 6e698e1511719caa5c868e04d7b84f6bb0478c5d79d5660935feace484f123cb 412890 redis-server_3.2.6-3+deb9u1_amd64.deb 366b7b25147ef54a91f379444b9d55030999f747bd02c66d493ecb1f33d77c62 1255818 redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb e836f6c21a7d0c9285fd6f6eb5c04cd4f9242ce36370a3665009cf6ccd114fe0 462498 redis-tools_3.2.6-3+deb9u1_amd64.deb 1be8c36b74ed80ac3dabb5c940dcba0be77c84e7bffa84adc23deb7e9f51116d 7195 redis_3.2.6-3+deb9u1_amd64.buildinfo Files: 46211e7014c90c56ef19a874429c73c6 2013 database optional redis_3.2.6-3+deb9u1.dsc d0e81d1e19f673fd84d01784bf9fb5f0 1544806 database optional redis_3.2.6.orig.tar.gz ac6e30e29dafd9f1065112fc1280dcf1 38904 database optional redis_3.2.6-3+deb9u1.debian.tar.xz da7637a773f146ecb621c92223016bfc 18476 database optional redis-sentinel_3.2.6-3+deb9u1_amd64.deb 350d1395fb7603697cbc406b6a655564 1038238 debug extra redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb 9a904651fa902b8c03b3377db76d02d6 412890 database optional redis-server_3.2.6-3+deb9u1_amd64.deb 57733c799dacbc72b57d971745ff97ad 1255818 debug extra redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb f5b835645f9f213c6ab026a428870c7c 462498 database optional redis-tools_3.2.6-3+deb9u1_amd64.deb 367712223162b170b21999718c75f2c5 7195 database optional redis_3.2.6-3+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlslJ7cACgkQHpU+J9Qx HlhDGQ/9FgaVOid3YEi60DqUTprZlsiNoAOfs0TdvqZ24p3zokZ7oOWUO3Aty3Fn 6GEGsDiao8ZSttgeRXF3k13S8loBRY6ORhKdeIzOv9TQ2tY6zJAIui2XtDx0krF8 Nb4IITgSSTQCLCI6Gu5wZBHly/0Wno8Y6fBozLaZAREkug8BM8i4PwceG5ETN9uM JVdJmhIRAtmctBaQV5y47ajYdbCrYqJ+P/MR3BYx7I5VyahiCcB82sDHcYXsH7Ji iMsEo4/oa9T7XxC32p/hdGnNvUTQXeEJ/MhNqy03YfJ9xEFUE79ixp3x7ka4c0Gp Vulp/QNBbtWkNHodGKtDafoijqST8on6TELtQiUyWIJI9o+JmDkv/MPDjzdkY8hY nQGIXK71ZmAQku/fWglVSyswEF9Ms9Auc67J/mc0nfzRJYEklLeF0fRpLdjlZwD9 T/BdGIH0B5SnZCYFpflDVHGVaF5diU+8ojPeU+sDpi2QBp5ej9tJ4HGQpedxbKgn g22u9tpRjzuWfA54BqedPig0FJ4WZBjXxVrU7d0b+XvL7oSGaXqtx5kfWy5yy98P WwPX0uT13iZZ8smKVB0lqu97AMu4SDQEv/iOdpDeNfYrN1m2aNbP8RmdX4SjPuQQ 0ONy20bnjQc5qojfzhBuw3GowCfoRiL+Y0EnqCEoMkAHQAEd2L0= =pdQL -----END PGP SIGNATURE-----
--- End Message ---
