[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
This bug was fixed in the package redis - 2:3.0.6-1ubuntu0.4 --- redis (2:3.0.6-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: heap buffer overflows in Hyperloglog (Closes: #1836496) - debian/patches/CVE-2019-10192.patch: Fix hyperloglog corruption - CVE-2019-10192 -- Julian Andres Klode Sun, 14 Jul 2019 21:21:22 +0200 ** Changed in: redis (Ubuntu) Status: In Progress => Fix Released ** Changed in: redis (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
This bug was fixed in the package redis - 5:4.0.9-1ubuntu0.2 --- redis (5:4.0.9-1ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: heap buffer overflows in Hyperloglog (Closes: #1836496) - debian/patches/CVE-2019-10192.patch: Fix hyperloglog corruption - CVE-2019-10192 -- Julian Andres Klode Sun, 14 Jul 2019 21:20:08 +0200 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Changed in: redis (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Changed in: redis (Ubuntu) Assignee: (unassigned) => Eduardo dos Santos Barretto (ebarretto) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Attachment added: "bionic build & autopkgtest log" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277023/+files/redis-bionic.log ** Description changed: - Two CVEs have been published, I'm merging the patches from buster- - security. + [Affected] + CVE-2019-10192 affects all releases. + CVE-2019-10193 only affects bionic (and cosmic) + + + [Testing performed] + Build and run tests in autopkgtest; installed bionic build on my VPS (where it is used by rspamd). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Attachment added: "xenial build & autopkgtest log" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277024/+files/redis-xenial.log ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10192 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Attachment added: "disco build & autopkgtest log" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277022/+files/redis-disco.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Patch added: "debdiff for disco" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277018/+files/redis-disco.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Patch added: "redis-bionic.diff" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277019/+files/redis-bionic.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
** Patch added: "redis-xenial.diff" https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+attachment/5277020/+files/redis-xenial.diff ** Changed in: redis (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836496] Re: CVE-2019-10192 CVE-2019-10193
Reading the git branches and the Debian uploads, CVE-2019-10193 does not affect xenial and bionic. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10193 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836496 Title: CVE-2019-10192 CVE-2019-10193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1836496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs