Debian alert DLA-2083-1 (hiredis)

From:
             
 
"Chris Lamb" <lamby@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2083-1] hiredis security update 
Date:
             
 
Wed, 29 Jan 2020 14:24:30 +0100
Message-ID:
             
 
<8396584e-cc0e-4705-9eda-8e6e85ec7c76@sloti26t01>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : hiredis
Version        : 0.11.0-4+deb8u1
CVE ID         : CVE-2020-7105
Debian Bug     : #949995

It was discovered that there were a large number of NULL pointer
dereferences due to unchecked return values from malloc and friends
in hiredis, a minimalistic C client library.

For Debian 8 "Jessie", these issue have been fixed in hiredis version
0.11.0-4+deb8u1.

We recommend that you upgrade your hiredis packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4xh28ACgkQHpU+J9Qx
HljmWg/9G/mGdKqAxO2um02y8T+jphkAGpU5U/fB7qKht23ERkZbfNCt6RfQuOrR
UIxL7tmHBSyMmA/vkNuaoirx7GHz6zTT9oWcxGCtKmetCeH3XPeDvmMOnjOwq558
XYb+olE06JDQdMGKC/D4D6Lmw7or5sw8braIYT5cSO42NO5jrkzt50lv65PnrE4g
FouYDeH+pp2PHARTa2xF9ZFy5Vhj6ns5TNhmzN7AfSYJzO5YdMxn2g98kIbrDB13
BOqWYBP+m/M4hR/CnB/6LYTqvj1VfzUwwe5UCv+FEDh54xo6c6r78co9fsBqTz4u
a9js73AuTjBVN2rQFH9MpO9FXj0SX3wYDMYNxAt6Fr9iyRNxvulbpanHBk4ImIUs
SfN/TZTqQbr4oajkJZjQSQXm5qDQEMij38SQB4FMNOtklkZs/L9wDWlA/XkLNC/3
Gf6TslAr0BCMeJlRH5sQHeY/sDjbAH8C8MundvQfYlsVSSWdiI9FL+gj5gxKaq4A
wqtODOda6M5zRkUh7g/KaX/LHAZABN7zvYLoBRIfwm8MtxB6jhet7zQHv/bwzYC3
Qw7GMpwi3kUkF7aBSSZnR2L5Lgc05WFgrnJYftEQRwEqM/gRwOlWiZY/FGc9GjX1
VOgOEl2b/Fx/y1+ZBPomlimByaCMQOfINe5jPk5uHL78pY54KIs=
=U5yc
-----END PGP SIGNATURE-----