*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Andrei Coada (raziel.kernel):
The Trusty Redis package version is still 2.8.4. There seem to have been a number of incremental 2.8.x redis versions that have been released since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24 released in Dec 2015. A number of the versions > 2.8.4 address "Critical" security issues; 2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed here http://t.co/LpGTyZmfS7 I am wondering if the Trusty packages will be updated? If shown how I could likely take a stab at this myself. ** Affects: redis (Ubuntu) Importance: Undecided Status: Incomplete -- Trusty version (2:2.8.4-2) has not been bumped to address security vulnerabilities https://bugs.launchpad.net/bugs/1664390 You received this bug notification because you are a member of MOTU, which is subscribed to the bug report. -- universe-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/universe-bugs
