Bug#901495: redis: multiple security issues in Lua scripting

2018-06-17 Thread Moritz Mühlenhoff
On Sat, Jun 16, 2018 at 04:09:04PM +0100, Chris Lamb wrote: > Hi Moritz, > > > For future updates please include the git commit IDs to debian/patches > > Sure. I've added commit IDs to the files in debian/patches and > uploaded redis_3.2.6-3+deb9u1_amd64.changes with those — and no > other! — cha

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-16 Thread Chris Lamb
Hi Moritz, > For future updates please include the git commit IDs to debian/patches Sure. I've added commit IDs to the files in debian/patches and uploaded redis_3.2.6-3+deb9u1_amd64.changes with those — and no other! — changes. > E.g. compared to the fix from the upstream 3.2 branch, > 0012-Sec

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-16 Thread Moritz Mühlenhoff
On Thu, Jun 14, 2018 at 02:10:27PM +0100, Chris Lamb wrote: > Chris Lamb wrote: > > > > redis: multiple security issues in Lua scripting > > > > This has now been assigned CVE-2018-11219 & CVE-2018-11218. > > Security team, oermission to upload the attached to > stretch-security? > > redis (3

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-16 Thread Moritz Muehlenhoff
On Sat, Jun 16, 2018 at 08:14:08AM +0100, Chris Lamb wrote: > Chris Lamb wrote: > > > Security team, oermission to upload the attached to > > stretch-security? > > > > redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high > > > > * CVE-2018-11218, CVE-2018-11219: Backport patches to fix

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-16 Thread Chris Lamb
Chris Lamb wrote: > Security team, oermission to upload the attached to > stretch-security? > > redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high > > * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap > corruption and integer overflow vulnerabilities. (Clos

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-14 Thread Chris Lamb
Chris Lamb wrote: > > redis: multiple security issues in Lua scripting > > This has now been assigned CVE-2018-11219 & CVE-2018-11218. Security team, oermission to upload the attached to stretch-security? redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high * CVE-2018-11218, CVE-2018-

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-14 Thread Chris Lamb
Hi, > redis: multiple security issues in Lua scripting This has now been assigned CVE-2018-11219 & CVE-2018-11218. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Bug#901495: redis: multiple security issues in Lua scripting

2018-06-13 Thread Chris Lamb
Package: redis Version: 3:3.2.6-1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security >From https://github.com/antirez/redis/issues/5017: > The Apple Security Team, together with Alibaba and myself, > identified several security issues in the Lua script engine. The full > report