Bug#931625: marked as done (redis: CVE-2019-10192 CVE-2019-10193)

[Debian Bug Tracking System]

Your message dated Tue, 16 Jul 2019 21:06:59 +0000
with message-id <e1hnuf5-0007bj...@fasolo.debian.org>
and subject line Bug#931625: fixed in redis 5:5.0.3-4+deb10u1
has caused the Debian Bug report #931625,
regarding redis: CVE-2019-10192 CVE-2019-10193
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
931625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931625
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: redis
Version: 2:2.8.17-1+deb8u6
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for redis.

CVE-2019-10192[0]:
Heap buffer overflow

CVE-2019-10193[1]:
Stack buffer overflow

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10192
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10192
[1] https://security-tracker.debian.org/tracker/CVE-2019-10193
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10193


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- End Message ---

--- Begin Message ---

Source: redis
Source-Version: 5:5.0.3-4+deb10u1

We believe that the bug you reported is fixed in the latest version of
redis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 931...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated redis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Jul 2019 14:50:30 -0300
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:5.0.3-4+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface 
(monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 931625
Changes:
 redis (5:5.0.3-4+deb10u1) buster-security; urgency=high
 .
   * CVE-2019-10192: Fix two heap buffer overflows in the Hyperloglog
     functionality. (Closes: #931625)
   * CVE-2019-10193: Fix a stack buffer overflow vulnerability in the
     Hyperloglog functionality. (Closes: #931625)
Checksums-Sha1:
 bb41c0e6c44e4d69140b52a2ec532fb44d947e16 2183 redis_5.0.3-4+deb10u1.dsc
 f38800839cb85492da9bc5299507299dd54f726c 1977218 redis_5.0.3.orig.tar.gz
 7b069bd22e1a18b5ed4137b6839f694dc1b4ebe3 26880 
redis_5.0.3-4+deb10u1.debian.tar.xz
 d408d10efdef0709934e332a797a3a9a225eca08 52500 
redis-sentinel_5.0.3-4+deb10u1_amd64.deb
 5d1301e116e67714843c37dfed014e29d84299d7 78384 
redis-server_5.0.3-4+deb10u1_amd64.deb
 11331512d81877198facbe45278cd88c4f1196f8 1234576 
redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb
 c23cf4683d7028b9753d144eb5f1fd43d2a1892e 522784 
redis-tools_5.0.3-4+deb10u1_amd64.deb
 9c55ff61510cfc3446f5403738cd978e7e74ece1 45108 redis_5.0.3-4+deb10u1_all.deb
 c4128edeefa70ef18654faa500482b6eb9e13643 6871 
redis_5.0.3-4+deb10u1_amd64.buildinfo
Checksums-Sha256:
 04a72e191d4c35f52608f67a49b78b3e58d2316e617194c946f37e706f37bda3 2183 
redis_5.0.3-4+deb10u1.dsc
 7084e8bd9e5dedf2dbb2a1e1d862d0c46e66cc0872654bdc677f4470d28d84c5 1977218 
redis_5.0.3.orig.tar.gz
 f7c6d3b84b2d59f217dd5f9dcd4301fa126abf9332a57c68471ec16d780af126 26880 
redis_5.0.3-4+deb10u1.debian.tar.xz
 437dd70865dee8296b48c1d9869ee20d832379d37b37f6d5e4deef0a0af70331 52500 
redis-sentinel_5.0.3-4+deb10u1_amd64.deb
 d9ef0d43d3c13c0e8dc50c286d857110e72c8da7af71e9e23d605a6358139fb6 78384 
redis-server_5.0.3-4+deb10u1_amd64.deb
 4f400bf7841b8fba691dbd1b8e5e15b0508086b781a2db8d3f08734714607108 1234576 
redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb
 b77006d5f476178e7195612ad64dfe03850b4248b500efc4f3dfac907c1ec03a 522784 
redis-tools_5.0.3-4+deb10u1_amd64.deb
 aadc942605364f582d00b839edf8573a6a2c4e9e7842b84759f296d1c846cb1b 45108 
redis_5.0.3-4+deb10u1_all.deb
 83d1874491e0d992e4a4e3b5d204005d4b4dc11632a23e58ae4346c146ed07ec 6871 
redis_5.0.3-4+deb10u1_amd64.buildinfo
Files:
 37ad23471f10b027ab4034d7a779640d 2183 database optional 
redis_5.0.3-4+deb10u1.dsc
 f2a79cdec792e7c58dd5cad3b6ce47ad 1977218 database optional 
redis_5.0.3.orig.tar.gz
 5653bed5aa01392730118309044acd0c 26880 database optional 
redis_5.0.3-4+deb10u1.debian.tar.xz
 dacf00c18595cc2d1b9b64f3ffd2fd6d 52500 database optional 
redis-sentinel_5.0.3-4+deb10u1_amd64.deb
 0a206c58007cf247239b3d6d07361083 78384 database optional 
redis-server_5.0.3-4+deb10u1_amd64.deb
 a4b5073950facc801e14581d7bfa889d 1234576 debug optional 
redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb
 9d93ec54e58d67e945a46d237dc6af71 522784 database optional 
redis-tools_5.0.3-4+deb10u1_amd64.deb
 e91716bf61e1f18384e0f2c5deeafd8b 45108 database optional 
redis_5.0.3-4+deb10u1_all.deb
 8e11576d8d77bd775658b27b33a9aa36 6871 database optional 
redis_5.0.3-4+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0mLPUACgkQHpU+J9Qx
HlgqLg/9Ec/ak5+HbrQNkhLwLeXRZtECJcf2MCTrl+I/TazWLEtPnQCGzRKUco8h
QgYHMAvaFfWeqI4FK1OCDB9/bTLOKugd3pjgS8m3/2Mm1QOiuWBGMiFy0Wgvjmlo
zB3UNqIFVXEW6rUupr/ZkMnBX8IVu85AJOEBmFhtuOilVrDprTbsbSTjyzS2bRGF
oCgW9VKt857XAuuiPplvVeHoGd1w4ay3EpbV27mi53AgjueSmy8szE7/uU7x6/Ye
lBxa2J4nen/asdTqROaedA+j3nTNp8PP+ZRLQ+h3zOT3qFACriqxidN7hjcYyWT0
zsbhwe5aSELO7r86aJ3zq7KGLqs8bCzx7XdQnxK5Ecc1bXBPR6rgAfbMMYgxHa4T
Tn3Bh0y87gW2taWB/fPqgl0PmBOomJcBH069DcC0TFi7prCx+h09wF1PdM1YDnyc
y5Q097WkBUZ7fQkrdyj7k7zjcF/Ysv3xBStG/HtlUsRfujXOTh/+uVzbNcSokEW+
gv4uX+5P27syzvPQT+wO0bybkU3L+m2cr+N8t+yqsdZ6Ri4HjnDm22tDZGaGeh4E
aV2LykljLqaSmYleB36Iywe3YciapFy0YgduJVlp/Pdaby/QTRCJB33WG9ZtgULT
Yr7Xu1P3S2W19DUzy95p+b6dbC+KVCax+ekC2SJy2Tf4R1/LVgY=
=c0hr
-----END PGP SIGNATURE-----

--- End Message ---