Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upRedis security vulnerabilities in HyperLogLog and a DoS fixed. #6215
Comments
This comment has been minimized.
This comment has been minimized.
|
FYI https://security-tracker.debian.org/tracker/CVE-2019-10192 and https://security-tracker.debian.org/tracker/CVE-2019-10193 relate to this issue. |
This comment has been minimized.
This comment has been minimized.
|
So the mapping for the two CVEs to the commits seem to be:
Debian Bug: https://bugs.debian.org/931625 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all,
15th of March 2019 I sent a communication, alongside with patches to fix two vulnerabilities in Redis.
A few hours later:
I provided the fixes to a number of companies running Redis as a service, in order for them to get the vulnerabilities fixed. Who runs Redis in their own systems is a lot less affected by this issues, if you have trusted clients, they can anyway do a lot of damage (this will change in Redis 6 because of ACLs). So what happened was the following:
The commits fixing all these issues are the following:
For the HyperLogLog:
The other vulnerability was a DoS that was fixed here:
Hopefully you may already running a fixed Redis because we upgraded all the versions 18th of March, otherwise you may think about upgrading in case your clients are not trusted or for any other reason regarding your security policy.