[Bug 1664390] [NEW] Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities
Launchpad Bug Tracker
1664390 at bugs.launchpad.net
Sat May 6 21:18:28 UTC 2017
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Andrei Coada (raziel.kernel):
The Trusty Redis package version is still 2.8.4. There seem to have been
a number of incremental 2.8.x redis versions that have been released
since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24
released in Dec 2015.
A number of the versions > 2.8.4 address "Critical" security issues;
2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed
here http://t.co/LpGTyZmfS7
I am wondering if the Trusty packages will be updated? If shown how I
could likely take a stab at this myself.
** Affects: redis (Ubuntu)
Importance: Undecided
Status: Incomplete
--
Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities
https://bugs.launchpad.net/bugs/1664390
You received this bug notification because you are a member of MOTU, which is subscribed to the bug report.
More information about the universe-bugs
mailing list