[Bug 1664390] [NEW] Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities

Launchpad Bug Tracker 1664390 at bugs.launchpad.net
Sat May 6 21:18:28 UTC 2017


*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Andrei Coada (raziel.kernel):

The Trusty Redis package version is still 2.8.4. There seem to have been
a number of incremental 2.8.x redis versions that have been released
since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24
released in Dec 2015.

A number of the versions > 2.8.4 address "Critical" security issues;
2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed
here http://t.co/LpGTyZmfS7

I am wondering if the Trusty packages will be updated? If shown how I
could likely take a stab at this myself.

** Affects: redis (Ubuntu)
     Importance: Undecided
         Status: Incomplete

-- 
Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities
https://bugs.launchpad.net/bugs/1664390
You received this bug notification because you are a member of MOTU, which is subscribed to the bug report.



More information about the universe-bugs mailing list