Hi Reginaldo, I am taking a look at this now for Ubuntu (note as redis is in universe it is community maintained but since this is a relatively trivial fix and you are planning to release a PoC exploit I have taken this on myself).
Thanks, Alex On Thu, 2022-03-03 at 16:21:19 -0300, Reginaldo Silva wrote: > Sure thing > > Debian bug: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787 > > Debian DSA: > https://www.debian.org/security/2022/dsa-5081 > > Cheers, > > Reginaldo > On Thu, Mar 3, 2022 at 15:00 Thomas Ward <[email protected]> wrote: > >> Is there a Debian or Ununtu bug for this? For tracking purposes for a fix >> and such. >> >> >> >> Sent from my Galaxy >> >> >> >> -------- Original message -------- >> From: Reginaldo Silva <[email protected]> >> Date: 3/3/22 11:59 (GMT-05:00) >> To: [email protected] >> Subject: CVE-2022-0543 also applies to Ubuntu >> >> Hi, Ubuntu team. >> >> Back in January I discovered that there's a redis sandbox escape on Debian >> and Debian-derived distributions. It also affects Ubuntu. Please update >> from the Debian sources (it's a one-line patch to debian/rules). I plan to >> publish a blog post with a Proof of Concept exploit, but will give time for >> Ubuntu to release a fix first. >> >> https://lists.debian.org/debian-security-announce/2022/msg00048.html >> >> Best regards, >> >> Reginaldo >> > -- > Ubuntu-devel-discuss mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
