Ubuntu
redis package

redis CVE-2021-32687 not fixed after over 1 year

Asked by Ferdinand Renner on 2022-10-12

https://ubuntu.com/security/CVE-2021-32687 has not been fixed after over 1 year.

Fixed debian packages and upstream fixes are available.

Will this issue be addressed?

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu redis Edit question

Assignee:: No assignee Edit question

Last query:: 2022-10-12

Last reply:: 2022-10-12

Link existing bug

Revision history for this message

Bernard Stafford (bernard010) said on 2022-10-12:

#1

The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
https://ubuntu.com/security/CVE-2021-32687
https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32687

Revision history for this message

Ferdinand Renner (frenner-nn) said on 2022-10-12:

#2

Unfortunately 5.0.14 is not available in bionic and focal.
These versions are not EOL and should receive fixes.

Revision history for this message

Manfred Hampl (m-hampl) said on 2022-10-12 (last edit on 2022-10-12):

#3

redis is in Ubuntu's "universe" category, that means that the Ubuntu packages are community-maintained.
Everybody, including you, is invited to prepare an updated package with a fix.

Can you help with this problem?

Provide an answer of your own, or ask Ferdinand Renner for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers