-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2783-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 12, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : hiredis Version : 0.13.3-1+deb9u1 CVE ID : CVE-2021-32765 It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies. For Debian 9 "Stretch", this problem has been fixed in version 0.13.3-1+deb9u1. We recommend that you upgrade your hiredis packages. For the detailed security status of hiredis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/hiredis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFlYW4ACgkQHpU+J9Qx HlgWBBAAnx0TDFFsPKOtOx0RE7zdYNCOxL+F0xz2D18cd/dMp9jEGPIRJsejqNUY hsxpLMBWAy3Z8tKcJmgluo8cFBxgWyNEr/nF4cYDZqll/mwSMNSJ3Tayh7QtPHly +ACVaqrsuySPJWv7Uh334lJj9RYQ1VbU0KMNkmukCPy3VWevitK/WrquH/8qWeBr iXeeTrMOLxZapJHsKMIgJsfgjQFXXGNUOhKfM5zCGRQqAbQOfa/aBdknJbzaHcJa 8CPO6YJaTbUkiuEyjdM3ynccdFQrqEyCu8TZsBD+8z3AmNzkF2v3/xntJwel3UUN +ucw51BgBtwypaBTiUb6+cfB4VoyEP6imuilzQnyn2vp/xnRAYLivoINz5YDsfR1 bGukzGdDmG5+MHawM4f/khIUpY4YkVGRtoFNdFibdvDB1wOUw+rocCTIJr5HGty8 54km9RwonHW2nMyiX6eqQp2YBZ5qogFWcnFQonlO14z1OFM+/Kq1y102BZNn/YXl SKuc6QzK6tcQKO6OWD9/XZCLY4rvkNj4d2MeYJrWUe7JEPA1KaLoeEvXUTnjYTWw 7No5ufzWnMe0c9OJb5ZOYOyNIDPvJ0merttJLH5jMfBULEyS0mIJAIGUU/+B7ODA Zm+rr/ZakQZEYxaIi3ydvcYxf39NLKZSLBgMqEVqlxllb3cYATM= =vsCI -----END PGP SIGNATURE-----
