Cool. TIL that I should really be testing these against sid.
Cheers, Reginaldo On Mon, Jul 17, 2023 at 1:40 PM Chris Lamb <[email protected]> wrote: > > Hi Reginaldo, > > > I'm sending this as a heads up for you folks to pick up last-week's > > Redis bugfix if you haven't already, especially > > https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 > > Thanks for the heads-up. As I understand it, this is CVE-2022-24834 > which has been fixed in sid (in version 5:7.0.12-1) and experimental > (in 5:7.2-rc3-1). > > However, given that it requires a) authenticated access to the Redis > instance; and then b) the ability to execute arbitrary EVAL commands, > we will not be issuing a DSA for this particular CVE: > > https://security-tracker.debian.org/tracker/CVE-2022-24834 > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` [email protected] 🍥 chris-lamb.co.uk > `- -- Ubuntu-devel-discuss mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
