Your message dated Sat, 21 Nov 2015 15:37:15 +0000 with message-id <e1a0adz-0007y7...@franck.debian.org> and subject line Bug#804419: fixed in redis 2:3.0.5-4 has caused the Debian Bug report #804419, regarding redis: CVE-2015-8080: Integer wraparound in lua_struct.c causing stack-based buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 804419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804419 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: redis Version: 2:2.8.17-1 Severity: grave Tags: security upstream Forwarded: https://github.com/antirez/redis/issues/2855 Hi, the following vulnerability was published for redis. CVE-2015-8080[0]: Integer wraparound in lua_struct.c causing stack-based buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8080 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 2:3.0.5-4 We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 804...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 21 Nov 2015 16:22:45 +0200 Source: redis Binary: redis-server redis-tools redis-sentinel Architecture: source amd64 Version: 2:3.0.5-4 Distribution: unstable Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 804419 Changes: redis (2:3.0.5-4) unstable; urgency=high . * CVE-2015-8080: Integer wraparound in lua_struct.c causing stack-based buffer overflow (Closes: #804419) * Correct call to /bin/kill in redis-{server,sentinel}.service to avoid "kill: invalid argument T" messages when $MAINPID is not set. Checksums-Sha1: 97b132adb8fe49e4b4b55ebd0ef4cb64daa88457 1961 redis_3.0.5-4.dsc 0a378179e4dad73cc49db478178a56396f3aafc3 31012 redis_3.0.5-4.debian.tar.xz 0fcbc1df7323e79702e567567e8e56bc1c704e1e 16668 redis-sentinel_3.0.5-4_amd64.deb 8116194d8ca9712642d0facc65e4afedeab452f2 349868 redis-server_3.0.5-4_amd64.deb 2ff651acf388c36dcd7b49f25830f82d142c9253 98374 redis-tools_3.0.5-4_amd64.deb Checksums-Sha256: db52f3bba0e7edec7ee2714d2491eb255f27d44983e40b63f6abff85aebeead5 1961 redis_3.0.5-4.dsc 9436319502d0a2e2ad612e42eb83d71eef9ee524f6014dbe8a252e1291b14eba 31012 redis_3.0.5-4.debian.tar.xz 276e5616d9d7795d5c4fb9058b422d5ef033a7c5a9b235258fdcd0ad34cd6785 16668 redis-sentinel_3.0.5-4_amd64.deb 87ad19d06a0dabb7e1ec2f2980acb31684345a761e1417197484288955e795d0 349868 redis-server_3.0.5-4_amd64.deb 382ea6ce3ddb6e6b55e07f9533d1e2f99105b361db1e5b36bc1cca5b47f9d4f5 98374 redis-tools_3.0.5-4_amd64.deb Files: 91964144e8ed33c68823c2da97ef36d2 1961 database optional redis_3.0.5-4.dsc d085a538870db69926fa2b4ba882e2ce 31012 database optional redis_3.0.5-4.debian.tar.xz 1511de4d08874840cd1f39adb4a80b83 16668 database optional redis-sentinel_3.0.5-4_amd64.deb 22c81dde07daeaafebe2f02e8fcbe31a 349868 database optional redis-server_3.0.5-4_amd64.deb 30aad5deaa7f0e9b21b0bd0633ba49d3 98374 database optional redis-tools_3.0.5-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWUH5oAAoJEB6VPifUMR5Y3mYP/iEXl1aAPJDyhMO0S0NFd7Pn EaG3z5h8fRbPvAsY/zHEGGbusSf5XqCsti1ScfWioYASusCCPpG5s4NTekhTJb5W z5vAzLuDUurVuwAbxjlo+9YhdFUUxtUvOPOErndqfplNx96fVgDUggK1T9DOHCKV +6z2DBQCHvC1BvbtYyD055T4e/3oBQia0y2EIVwgwqszKe7/eH4JTv6eUQfhpvUB d00Sca2g5REkBymIivk0Ds93fWBFhX8wrQjZtm0pqL1e7YlDrxtAAaJy/5BXeilq q2tyUzI9UU0pH14ydMUsQRj4PN5jNjXJwFjkKqkxOtg9PcKHMuNhWtHnLtMBk4tw oJMsrJIzUbnR1+eKSUiPSW+WZyrVMh8goHbZaYpYy5KJDPwjUXMCXLoLStRLIxTO +ROVzxT9vl0zXWztmjV797eHhMXdB/xaxcx1TjoVgxiiTXK9PeNGj03eTtEwutqH RLPgEKV1YoW/LrdUwuZpe4Z84Tx7MmLxQXBTt7vChIXHxhq8+UEOsuQG/bvQKzZB ElxESLgO3DvII0LanEHtrRAWISbRnLcrXMiDcfMxB0SVXCJ9GbnAG6GVNKkbiEuZ WFjXxFi/NVasfvURVpKN0Lox2FUCWKYNVuLKSzQdR2uaP5Bb41ExVGXRqEbwITNN 9I5ilrJ+b6WGTs4uhYvo =oiHi -----END PGP SIGNATURE-----
--- End Message ---
