Your message dated Fri, 04 Dec 2015 21:32:26 +0000 with message-id <e1a4xxq-00021t...@franck.debian.org> and subject line Bug#804419: fixed in redis 2:2.8.17-1+deb8u3 has caused the Debian Bug report #804419, regarding redis: CVE-2015-8080: Integer wraparound in lua_struct.c causing stack-based buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 804419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804419 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: redis Version: 2:2.8.17-1 Severity: grave Tags: security upstream Forwarded: https://github.com/antirez/redis/issues/2855 Hi, the following vulnerability was published for redis. CVE-2015-8080[0]: Integer wraparound in lua_struct.c causing stack-based buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8080 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 2:2.8.17-1+deb8u3 We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 804...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Nov 2015 16:12:05 +0100 Source: redis Binary: redis-server redis-tools Architecture: source Version: 2:2.8.17-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 804419 Description: redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Changes: redis (2:2.8.17-1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 06-CVE-2015-8080-Integer-wraparound-in-lua_struct.c-cau.patch patch. CVE-2015-8080: Integer wraparound in lua_struct.c causing stack-based buffer overflow. (Closes: #804419) Checksums-Sha1: 719277d0bb505ae7fbca70718b6c0932eb39d278 1910 redis_2.8.17-1+deb8u3.dsc bf5c1eaecc7363a32ea1284c3b9ec70ff1bea106 23040 redis_2.8.17-1+deb8u3.debian.tar.xz Checksums-Sha256: 53ea37343ce5daa22aa086311116fff53b3df3d6ed3fdb71406438f3ce2ed9a3 1910 redis_2.8.17-1+deb8u3.dsc aa0219318b983087ecef85ac5bdb9fbac11f62c806f820fc7f338e8d82fb700e 23040 redis_2.8.17-1+deb8u3.debian.tar.xz Files: 930c471a470b21318f6ed01164eb2ed2 1910 database optional redis_2.8.17-1+deb8u3.dsc 26582a104bbaf934b0bdd6c2c774c0a7 23040 database optional redis_2.8.17-1+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWXI+JAAoJEAVMuPMTQ89ETD0P/2G1Rd5nmbzOtCkKid4fOmm6 bGyO1i6NjxhYORWhXCo/xrBvISqxaB1E/SagyqQpmSwpe73gtEoYKEpAl3+I+nab n53ESK1tgoaF53vLkbTaJhw5DbEX1a+r2adRAhEw5gqtIQcnuPrcO9V1MQqmVNlk 5v3tJSs6yxw2zPD9SfGuyaDuLVJq8CTYAJc1H+vZ7gdwFDmz1JATe875XIVpxeP4 uIdlNokp9NYyCSd9H4jvY0mPztNYfiu7Q+MiNjSQHNp6lFQV0UWjWY0oBDrAcs8K virfqjK6eZEbif4DvcqfTkpO/beY+fgZbFcVgr7NJPDK8O8vNAWsV5ZL2f5CggSg FiQlmjNQFF5B2wv+7WAXGY7Z8YMi79FjcOFOOtduGeeLtb0bbnbMAnHPRi7Pf6cG MBuw4YvC4FLDicaScS0mR1FF7ejGM0qFZ7aAGZyWm2dZMuBDT78NM7yLGpML4kdo ikkeynVom+dYzGXU16bAWLxtkdtJ/uty2lqPtsTBsvW1Up89W7TZf+gMuYzsCVYu xEdv7ftBkex4JbRvF2Hqq+NrBQboiJxMecMsOsPjZ97vR0/07jpLxa2z0xbMcene Gzg/PkdRsrZqjfKXe19a1CF4z0uUJd4y8uHvKNUkSzBJf45HOP2UDB6VmkKs0iRD m89mVonkO7JLumUoNou5 =9JLf -----END PGP SIGNATURE-----
--- End Message ---
