diff options
author | antirez <antirez@gmail.com> | 2018-05-14 17:49:06 +0200 |
---|---|---|
committer | antirez <antirez@gmail.com> | 2018-06-13 12:40:33 +0200 |
commit | 1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (patch) | |
tree | 396b817824e3a0e440058bb227396d6005abcc5b /CONTRIBUTING | |
parent | 52a00201fca331217c3b4b8b634f6a0f57d6b7d3 (diff) | |
download | redis-1eb08bcd4634ae42ec45e8284923ac048beaa4c3.tar.gz |
Security: update Lua struct package for security.
During an auditing Apple found that the "struct" Lua package
we ship with Redis (http://www.inf.puc-rio.br/~roberto/struct/) contains
a security problem. A bound-checking statement fails because of integer
overflow. The bug exists since we initially integrated this package with
Lua, when scripting was introduced, so every version of Redis with
EVAL/EVALSHA capabilities exposed is affected.
Instead of just fixing the bug, the library was updated to the latest
version shipped by the author.
Diffstat (limited to 'CONTRIBUTING')
0 files changed, 0 insertions, 0 deletions