Hi Chris, as well as Debian and Ubuntu security teams
I'm sending this as a heads up for you folks to pick up last-week's
Redis bugfix if you haven't already, especially
https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6
eval 'return cjson.encode(string.rep("a", 357913941))' 0
would be a crasher for this. I have no plans to release any PoCs
publicly this time, at least not until the vast majority of people are
patched.
Best regards,
Reginaldo
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
