Your message dated Thu, 14 Jun 2018 06:50:29 +0000 with message-id <e1ftm5v-000j67...@fasolo.debian.org> and subject line Bug#901495: fixed in redis 5:4.0.10-1 has caused the Debian Bug report #901495, regarding redis: multiple security issues in Lua scripting to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901495 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 3:3.2.6-1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security >From https://github.com/antirez/redis/issues/5017: > The Apple Security Team, together with Alibaba and myself, > identified several security issues in the Lua script engine. The full > report is here: <http://antirez.com/news/119> No CVE has (yet) been assigned: https://github.com/antirez/redis/issues/5017#issuecomment-397038992 Version tagged >= 3:3.2.6-1 due to stretch having Lua support but wheezy (2.8.17) does not. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:4.0.10-1 We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jun 2018 08:37:09 +0200 Source: redis Binary: redis redis-sentinel redis-server redis-tools Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:4.0.10-1 Distribution: unstable Urgency: medium Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 901495 Changes: redis (5:4.0.10-1) unstable; urgency=medium . * New upstream security release. See: <https://github.com/antirez/redis/issues/5017> for more information. (Closes: #901495) Checksums-Sha1: d8110559a87910bee534101489ddf79c16e0e873 2080 redis_4.0.10-1.dsc d2738d9b93a3220eecc83e89a7c28593b58e4909 1738465 redis_4.0.10.orig.tar.gz 9d06c0885ba15566e8423f86a9cff85c540219b1 23892 redis_4.0.10-1.debian.tar.xz deb31140353533f7797c861838c7ffb675117255 68276 redis-sentinel_4.0.10-1_amd64.deb a15d82e2fc54f63f2fb56c34fa1f297d63c44f6e 93924 redis-server_4.0.10-1_amd64.deb 0f82b577bc37b17874b82f30b3eb9e4aee434f97 1429828 redis-tools-dbgsym_4.0.10-1_amd64.deb 612cbfa48827bad995337734efecae75293ae7d6 573484 redis-tools_4.0.10-1_amd64.deb 5314fe35132fda6684a9dab8ab71eccfb68844ca 61548 redis_4.0.10-1_all.deb 719fbf8afd10a58aa98468be258435ecf485ec15 6513 redis_4.0.10-1_amd64.buildinfo Checksums-Sha256: 5a9f25b65306822094d16e8471f0b8721a547360d1eab3a3cab1f60e0e0bbf0a 2080 redis_4.0.10-1.dsc 1db67435a704f8d18aec9b9637b373c34aa233d65b6e174bdac4c1b161f38ca4 1738465 redis_4.0.10.orig.tar.gz 694abc852c501f46af606f78fcef97a9e2baf42271e173f4c44fbf8f1670dcd4 23892 redis_4.0.10-1.debian.tar.xz c76762a57dee5b1775b1d26e877b85469756fc6d55953bd915a6be24333747e2 68276 redis-sentinel_4.0.10-1_amd64.deb d690725d3e2421782c28c677349f10b300cc30c823693c6a7c5faa8dbfbf8a98 93924 redis-server_4.0.10-1_amd64.deb 8ce4784a0074ecda14a22e8f5ba8d53649e0e95d8ff3331329866534771658b9 1429828 redis-tools-dbgsym_4.0.10-1_amd64.deb 008ef02f83ad0a5b03ffa9651eddf577087bcb73b3c69350c559fa85964ef2b5 573484 redis-tools_4.0.10-1_amd64.deb 51b2dc4092924cffbe58c4d0b8875300969260d1ecff3da27a447a9a44f6c3b5 61548 redis_4.0.10-1_all.deb 938806b605d53d4f90102deff8d8955bd9dccb76b405c8a613d8b71792dfa57a 6513 redis_4.0.10-1_amd64.buildinfo Files: e02bf96f568d3e528da197fbbaf40df0 2080 database optional redis_4.0.10-1.dsc 115b82ea07cb4a6f37c5fd86ab5a6d45 1738465 database optional redis_4.0.10.orig.tar.gz dd389d665908182c1b5b23b6d85aa8d9 23892 database optional redis_4.0.10-1.debian.tar.xz 08be9353f31826e9ca5be7f37ce6cf89 68276 database optional redis-sentinel_4.0.10-1_amd64.deb 89b28a47bb95f08ce85eba0c073e95e3 93924 database optional redis-server_4.0.10-1_amd64.deb c03faa7e814ab073f98098ef71420f54 1429828 debug optional redis-tools-dbgsym_4.0.10-1_amd64.deb b5f37bf4182b5fa1c882a5e8e78ee715 573484 database optional redis-tools_4.0.10-1_amd64.deb e2b39b7605a5157d792fac4d82848ba2 61548 database optional redis_4.0.10-1_all.deb 49878358877b4b441f159303e24b5a23 6513 database optional redis_4.0.10-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsiDagACgkQHpU+J9Qx HlhKghAAvLZQqw7usrCRAov4iXQdvsqZc8+nF7Gv3ru2EEh45de8EZYPasts0LKz FJ+B3i9rWnZp70coag2eLGWI6rQ3/wiwvLjZHkYHSWQlWIpbDR1pcSLH2sJrkQNb ZwXUEm8ui3ASt+YrNxKjEz3/LyuIvGGBUnhtXkhZZBN9jTqz2BTvDWTOBs3LUHBd NmQQSFRv+UrJeSeVED1PSsqgQZMnkjruFTR01MKxbm38NFPkCbdOFNkWN9wjyAp7 vQKCIC01CJTwYx524B6tqcwwmCGwR7dI7i8Rd6ypXEAr2/mFT917h++XzmgM0zaY OlxpnL9yQb2/mipZN+xhThFvpOXXNsxBWM6f3jqJI/SjRCGZCX4l54jApox41mk1 VeZ7h4U19ePCnQhzrUmo13jhVmgqN+cOuI4lGgtnKCPQywHvih0YVrmnOK00/9+W 9hIGu0mYqP6u+vdcWN7nEXhQpImeZzh6EhIqjsR7oFt2sTdAzvVofNNOjMNA25Gz ShbkuaiCOy6BaC0YQxDfajQyqw7HgVwASha4aRJj9obb5ZeVU+1Z4AIGWxF56Jtq 6J8dORTiT/YPolugaOgZ+SbnEBLx5v1rIDCAESHj/XzRnit8WQGjhnydZmYUteU0 wQsBXQK2yWa5OBBe78eCzS5/uMTqeBWeIigw/LLG0k0AZ7AXWzw= =mMW7 -----END PGP SIGNATURE-----
--- End Message ---
