Summary: | <dev-db/redis-{4.0.14,5.0.4}: multiple vulnerabilities (CVE-2019-{10192,10193}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, ppc, robbat2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/antirez/redis/issues/6215 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
dev-db/redis-4.0.14
|
Runtime testing required: | --- |
Bug Depends on: | 698436, 713922 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-07-12 01:52:44 UTC
Re-opening because we have stable 4.x ebuilds in repository which are affected. @ Arches, please test and mark stable: =dev-db/redis-4.0.14 amd64 stable x86 stable ppc64 stable hppa stable arm64 stable arm stable @ppc, ping. This issue was resolved and addressed in GLSA 201908-04 at https://security.gentoo.org/glsa/201908-04 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arch and cleanup. @ppc: wake up please :) Pending PR to make redis working on ppc: https://github.com/gentoo/gentoo/pull/14994 @ppc: ping now fix was merged (In reply to Sam James (sec padawan) from comment #13) > @ppc: ping now fix was merged redis-5.0.8 builds fine now but redis-4.0.14 still fails. Seems the fix was only applied to 5.0.8. Let's forget about redis 4, now even 6.x is out. (In reply to Tomáš Mózes from comment #15) > Let's forget about redis 4, now even 6.x is out. Is there a PR to remove it from tree? (In reply to Sam James (sec padawan) from comment #16) > (In reply to Tomáš Mózes from comment #15) > > Let's forget about redis 4, now even 6.x is out. > > Is there a PR to remove it from tree? I tried, but we need to stabilize 5.x on hppa, then we can drop 4.x. (In reply to Tomáš Mózes from comment #17) > (In reply to Sam James (sec padawan) from comment #16) > > (In reply to Tomáš Mózes from comment #15) > > > Let's forget about redis 4, now even 6.x is out. > > > > Is there a PR to remove it from tree? > > I tried, but we need to stabilize 5.x on hppa, then we can drop 4.x. Gotcha. Thank you :) This seems obsolete as 5.0.8 is stable on ppc, please consider closing. |