| Message ID | 20210726091635.86606-1-titouanchristophe@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [for,2021.02.x,1/1] package/redis: security bump to v6.0.15 | expand |
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes: > From the release notes: > ================================================================================ > Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021 > ================================================================================ > Upgrade urgency: SECURITY, contains fixes to security issues that affect > authenticated client connections on 32-bit versions. MODERATE otherwise. > Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). > An integer overflow bug in Redis version 2.2 or newer can be exploited using the > BITFIELD command to corrupt the heap and potentially result with remote code > execution. > See https://github.com/redis/redis/blob/6.0.15/00-RELEASENOTES > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> Committed to 2021.02.x, thanks.
diff --git a/package/redis/redis.hash b/package/redis/redis.hash index 15b55eb501..d736c09489 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 c3e60c928b183ca9fe8e878936a6f8ba99e0441b9b6e04d2412a750ea576c649 redis-6.0.14.tar.gz +sha256 4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 redis-6.0.15.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index 925279274c..f66397b216 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 6.0.14 +REDIS_VERSION = 6.0.15 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING
From the release notes: ================================================================================ Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise. Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution. See https://github.com/redis/redis/blob/6.0.15/00-RELEASENOTES Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)