Message ID | 20220811185448.1122716-1-titouanchristophe@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/redis: security bump to v7.0.4 | expand |
On Thu, 11 Aug 2022 20:54:48 +0200 Titouan Christophe <titouanchristophe@gmail.com> wrote: > From the release notes: > > ================================================================================ > Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022 > ================================================================================ > > Upgrade urgency: SECURITY, contains fixes to security issues. > > Security Fixes: > * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream > key in a specific state may result with heap overflow, and potentially > remote code execution. The problem affects Redis versions 7.0.0 or newer. > > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> > --- > package/redis/redis.hash | 2 +- > package/redis/redis.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes: > From the release notes: > ================================================================================ > Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022 > ================================================================================ > Upgrade urgency: SECURITY, contains fixes to security issues. > Security Fixes: > * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream > key in a specific state may result with heap overflow, and potentially > remote code execution. The problem affects Redis versions 7.0.0 or newer. > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> Committed to 2022.05.x, thanks.
diff --git a/package/redis/redis.hash b/package/redis/redis.hash index bff478fe7c..d9b6ebea54 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 2cde7d17214ffe305953da9fff12333e8a72caa57fd4923e4872f6362a208e73 redis-7.0.3.tar.gz +sha256 f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f redis-7.0.4.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index b292782acf..245e9b4d1f 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 7.0.3 +REDIS_VERSION = 7.0.4 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING
From the release notes: ================================================================================ Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. The problem affects Redis versions 7.0.0 or newer. Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)