Your message dated Sun, 24 Jun 2018 16:20:13 +0000 with message-id <e1fx7kl-0000vd...@fasolo.debian.org> and subject line Bug#901495: fixed in redis 3:3.2.6-3+deb9u2 has caused the Debian Bug report #901495, regarding redis: multiple security issues in Lua scripting (CVE-2018-11218 CVE-2018-11219) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 3:3.2.6-1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security >From https://github.com/antirez/redis/issues/5017: > The Apple Security Team, together with Alibaba and myself, > identified several security issues in the Lua script engine. The full > report is here: <http://antirez.com/news/119> No CVE has (yet) been assigned: https://github.com/antirez/redis/issues/5017#issuecomment-397038992 Version tagged >= 3:3.2.6-1 due to stretch having Lua support but wheezy (2.8.17) does not. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 3:3.2.6-3+deb9u2 We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jun 2018 19:12:58 +0200 Source: redis Binary: redis-server redis-tools redis-sentinel Built-For-Profiles: nocheck Architecture: source amd64 Version: 3:3.2.6-3+deb9u2 Distribution: stretch Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 850534 880474 901495 Changes: redis (3:3.2.6-3+deb9u2) stretch; urgency=medium . * Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service files. (Closes: #850534, #880474) . redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high . * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap corruption and integer overflow vulnerabilities. (Closes: #901495) Checksums-Sha1: f2ff97c5aca201e7121e045467346703e22578ad 2013 redis_3.2.6-3+deb9u2.dsc 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b 1544806 redis_3.2.6.orig.tar.gz 05dc32ad1687b5cbf63f6991c87dac0617c5bcea 38952 redis_3.2.6-3+deb9u2.debian.tar.xz a7f99638c2153d735413c1881ddb22e38ef95a20 18520 redis-sentinel_3.2.6-3+deb9u2_amd64.deb 924866e7270d9124ac0cd4915cd9394e933c657e 1038240 redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 2be0ad58c1f791fd4478e1db04a96e3e5d4ca878 412640 redis-server_3.2.6-3+deb9u2_amd64.deb 016c4fe02b025c8cc42751e7f9f7c2865d05f3a0 1255814 redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb db5c19e572a644779772f4e749c947024aa2b152 462686 redis-tools_3.2.6-3+deb9u2_amd64.deb af8e619f6a4b507f27efef23ac4f2835edfeed25 7210 redis_3.2.6-3+deb9u2_amd64.buildinfo Checksums-Sha256: 4edd6de71bdb0c409723ef6d4d808dc84f5615ce897e4cc958527280d1f8174b 2013 redis_3.2.6-3+deb9u2.dsc 2e1831c5a315e400d72bda4beaa98c0cfbe3f4eb8b20c269371634390cf729fa 1544806 redis_3.2.6.orig.tar.gz f1f9a05c90e72a7c0f8e343ebec93ce43cc0fafae54379d78941f1b2e13487f5 38952 redis_3.2.6-3+deb9u2.debian.tar.xz d7f29e2f0b6c11ea9ff663070a5f4c1e62d89a2be67885913bc9351d1da738bc 18520 redis-sentinel_3.2.6-3+deb9u2_amd64.deb 5adbdfd9e1514f2f428121bf5e9de11bf3090a1e6efa2213e5c1390ff1b42b47 1038240 redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 097ecb62420b47deb78629cf00b15ebba6216078006f3a88a21bf55a5d1e9154 412640 redis-server_3.2.6-3+deb9u2_amd64.deb 467a4f69f9258aba1b487955a3c507ad788a23140be1d2a4856911026a608244 1255814 redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb 061da861c506626b54ab648f6120e96818ff423faa08c469ee8e44aaca87d2e5 462686 redis-tools_3.2.6-3+deb9u2_amd64.deb b9b073e8ead040ebdb7bb7d2529c0800ecbb2fdfd5d7d2bbacbf770ac6c3cc0c 7210 redis_3.2.6-3+deb9u2_amd64.buildinfo Files: 2fa9e1c426d6be642f9dba8a09cdd2a3 2013 database optional redis_3.2.6-3+deb9u2.dsc d0e81d1e19f673fd84d01784bf9fb5f0 1544806 database optional redis_3.2.6.orig.tar.gz 026fbbd264a21b6734dc88b3a43daf4d 38952 database optional redis_3.2.6-3+deb9u2.debian.tar.xz 4d9ff924f466a21f1e8c56fe4dd83fc9 18520 database optional redis-sentinel_3.2.6-3+deb9u2_amd64.deb c3950ce82c25c032ffef0b1a83840df0 1038240 debug extra redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 354a98f70238bc81d9a32651379acf93 412640 database optional redis-server_3.2.6-3+deb9u2_amd64.deb d1797a2541cf12277fa62129a3b55e17 1255814 debug extra redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb f261e29b2e318f68bedd0331ecdb349f 462686 database optional redis-tools_3.2.6-3+deb9u2_amd64.deb 6896f714444576ba71906b8528b2fa87 7210 database optional redis_3.2.6-3+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsn6p8ACgkQHpU+J9Qx HljYCg/+NFlpDA5q52Ha0QVA2BpbBH+dkS34Ez3U+pA1DpHFth+gzGUQmh8GH+d7 xxA1nnUphZMEJs9P71sSMTeGfGNHrdz6t3cEEmCAqTXw43zCB6FPET8VsU64cG2r DOLISKw2ozfkqu11hUQUX02mVrCCqJyyFfJs79vVE7HBeviCSoTTlPSCALtToRjg ESHjfJ3wbZEDlofw+/yxAN0mF9MfkLALHbTGH0vaeIBu/DH/G2MxJtRWB6yTWyNH do0WBVvWQDf+XzGdNkmDGu4CRzO7AyQpq62TZHQjsR8MfQRwcJTpVNht8XvacDTU OipbhV24B9d5RTASXqTQDyBfd8dSCsEKKhrDg6x17cK0+Gknm0kmr51PYLO2WU4b RG9xj4iEetKOCkgNSlOz5413Ot+thdSgMIs0zLcXgxHaom+DRqwo42mHIXvze7FQ udzlFOXJ/f/jhrDgupeiAfbdaii1VZNE8wMZl8fWKF3P7LCDfq2s92oaWwyLrShr iMSYF3araLSBf9BhVQm0L/+BQNQIO6z1WnZVHSY91Sri50nYhr/47rbrobWL4v2b kFrDm3+no/3wCIRoJR2RyyIOBwdlkxT8mDzuH4lPv7usX+y9X6IoYtP3+vj/YO49 r8mUrtV5noBzn3mFdT9YNE3ZdPiUx2GtTM5cxyIMR70XbtRn59E= =FLcX -----END PGP SIGNATURE-----
--- End Message ---
