So, this bug affects only trusty. The point is, during SRU you can't upgrade a package like redis to a whole new upstream release, but rather you should cherry-pick the relevant patch (like https://github.com/lamby/pkg-redis/commit/c2b56ef2d39bd681b3f98cd97354790ac19a1ce5).
See: http://wiki.ubuntu.com/SRU https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Also affects: redis (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: redis (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: redis (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467606 Title: EVAL Lua Sandbox Escape (CVE-2015-4335 / DSA-3279) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/redis/+bug/1467606/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
