[3.7] redis: Multiples vulnerabilities (CVE-2018-11218, CVE-2018-11219)
CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library
in the Lua subsystem in Redis
before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVE-2018-11219: An Integer Overflow issue was discovered in the struct
library in the Lua subsystem in Redis
before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
(from redmine: issue id 9021, created on 2018-06-19, closed on 2018-06-21)
- Revision ac61833f by Natanael Copa on 2018-06-19T10:11:47Z:
main/redis: security upgrade to 4.0.10 (CVE-2018-11218,CVE-2018-11219) fixes #9021