Summary: | <dev-db/redis-3.0.7: Integer wraparound in lua_struct.c causing stack-based buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bugs, hydrapolic, lu_zero, proxy-maint, robbat2, ultrabug |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1278965 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=dev-db/redis-3.0.7
|
Runtime testing required: | --- |
Bug Depends on: | 586968 | ||
Bug Blocks: | 551274 |
Description
Agostino Sarubbo
2015-11-09 08:49:17 UTC
@ Maintainers: As of today, the latest 2.8.x version in tree (2.8.23) is still vulnerable. Please bump to 2.8.24 or drop the 2.8.x. For 3.0.x branch, this was fixed with v3.0.6 (https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-db/redis?id=7ffd92f12385548bb62e749cf7d79a7e7f68f32f). Please call for stabilization (probably =dev-db/redis-3.0.7) after deciding how to process with v2.8.x branch. I'd like to drop 2.8.x tbh Robin, would you agree ? @arches please stabilize: =dev-db/redis-3.0.7 *** Bug 586968 has been marked as a duplicate of this bug. *** amd64 stable x86 stable arm stable Stable for HPPA PPC64. No ACE/RCE, downgraded to B3. GLSA Vote: No @ Maintainer(s): Please cleanup and drop <dev-db/redis-3.0.7! Cleanup done Because we have to create a GLSA for another vulnerability in redis we will add this vulnerability to the same request. This issue was resolved and addressed in GLSA 201702-16 at https://security.gentoo.org/glsa/201702-16 by GLSA coordinator Thomas Deutschmann (whissi). |