| Release | Version |
|---|---|
| jessie | 2:2.8.17-1+deb8u5 |
| jessie (security) | 2:2.8.17-1+deb8u6 |
| stretch | 3:3.2.6-3+deb9u2 |
| stretch (security) | 3:3.2.6-3+deb9u1 |
| buster | 5:4.0.11-3 |
| sid | 5:4.0.11-3 |
| Bug | jessie | stretch | buster | sid | Description |
|---|---|---|---|---|---|
| CVE-2016-2121 | vulnerable (no DSA) | fixed | fixed | fixed | weak permissions on sensitive files |
| CVE-2016-10517 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" ... |
| Bug | jessie | stretch | buster | sid | Description |
|---|---|---|---|---|---|
| CVE-2017-15047 | fixed | vulnerable | fixed | fixed | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ... |
| Bug | Description |
|---|---|
| CVE-2018-12453 | Type confusion in the xgroupCommand function in t_stream.c in ... |
| CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ... |
| CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the ... |
| CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua ... |
| CVE-2016-8339 | A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code ... |
| CVE-2015-8080 | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x ... |
| CVE-2015-4335 | Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ... |
| CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable ... |
| CVE-2013-0178 | redis 2.4: Insecure temporary flaw use for redis service's vm swap file |
| DSA / DLA | Description |
|---|---|
| DLA-1396-1 | redis - security update |
| DSA-4230-1 | redis - security update |
| DLA-1161-1 | redis - security update |
| DSA-3634-1 | redis - security update |
| DLA-577-1 | redis - security update |
| DSA-3412-1 | redis - security update |
| DSA-3279-1 | redis - security update |