Package: redis Version: 2:2.8.17-1+deb8u5 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for redis. CVE-2018-12326[0]: | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 | RC3 allows an attacker to achieve code execution and escalate to higher | privileges via a crafted command line. NOTE: It is unclear whether | there are any common situations in which redis-cli is used with, for | example, a -h (aka hostname) argument from an untrusted source. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12326 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-