Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities
Bug #1664390 reported by
aren55555
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
redis (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
The Trusty Redis package version is still 2.8.4. There seem to have been a number of incremental 2.8.x redis versions that have been released since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24 released in Dec 2015.
A number of the versions > 2.8.4 address "Critical" security issues; 2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed here http://
I am wondering if the Trusty packages will be updated? If shown how I could likely take a stab at this myself.
information type: | Public → Public Security |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.