Information on source package redis

Available versions

ReleaseVersion
jessie2:2.8.17-1+deb8u5
jessie (security)2:2.8.17-1+deb8u6
stretch3:3.2.6-3+deb9u2
stretch (security)3:3.2.6-3+deb9u1
buster5:4.0.11-3
sid5:4.0.11-3

Open issues

BugjessiestretchbustersidDescription
CVE-2016-2121vulnerable (no DSA)fixedfixedfixedweak permissions on sensitive files
CVE-2016-10517vulnerable (no DSA)vulnerable (no DSA)fixedfixednetworking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2017-15047fixedvulnerablefixedfixedThe clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...

Resolved issues

BugDescription
CVE-2018-12453Type confusion in the xgroupCommand function in t_stream.c in ...
CVE-2018-12326Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...
CVE-2018-11219An Integer Overflow issue was discovered in the struct library in the ...
CVE-2018-11218Memory Corruption was discovered in the cmsgpack library in the Lua ...
CVE-2016-8339A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code ...
CVE-2015-8080Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x ...
CVE-2015-4335Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ...
CVE-2013-7458linenoise, as used in Redis before 3.2.3, uses world-readable ...
CVE-2013-0178redis 2.4: Insecure temporary flaw use for redis service's vm swap file

Security announcements

DSA / DLADescription
DLA-1396-1redis - security update
DSA-4230-1redis - security update
DLA-1161-1redis - security update
DSA-3634-1redis - security update
DLA-577-1redis - security update
DSA-3412-1redis - security update
DSA-3279-1redis - security update

Search for package or bug name: Reporting problems