Ubuntu
redis package

Why has the Trusty version (2:2.8.4-2) not been bumped to address security vulnerabilities

Asked by aren55555

Hi all,

I was wondering why the Trusty Redis package version is still 2.8.4. There seem to have been a number of incremental 2.8.x redis versions that have been released since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24 released in Dec 2015.

A number of the versions address "Critical" security issues; 2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed here http://t.co/LpGTyZmfS7

I am wondering if the Trusty packages will be updated? If shown how I could likely take a stab at this myself.

Aren

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu redis Edit question
Assignee:
No assignee Edit question
Solved by:
aren55555
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug and cite the link to the critical bugs which are present version available in Ubuntu.
This will get the package updated sooner rather than later

Revision history for this message
aren55555 (aren55555) said : 		#2

Bug created thank you.