Message ID | 20220926101724.1989377-1-titouanchristophe@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/redis: security bump to v7.0.5 | expand |
On Mon, 26 Sep 2022 12:17:24 +0200 Titouan Christophe <titouanchristophe@gmail.com> wrote: > From the release notes: > (https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES) > > ================================================================================ > Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022 > ================================================================================ > > Upgrade urgency: SECURITY, contains fixes to security issues. > > Security Fixes: > * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific > state, with a specially crafted COUNT argument, may cause an integer overflow, > a subsequent heap overflow, and potentially lead to remote code execution. > The problem affects Redis versions 7.0.0 or newer > [reported by Xion (SeungHyun Lee) of KAIST GoN]. > > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> > --- > package/redis/redis.hash | 2 +- > package/redis/redis.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes: > On Mon, 26 Sep 2022 12:17:24 +0200 > Titouan Christophe <titouanchristophe@gmail.com> wrote: >> From the release notes: >> (https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES) >> >> ================================================================================ >> Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022 >> ================================================================================ >> >> Upgrade urgency: SECURITY, contains fixes to security issues. >> >> Security Fixes: >> * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific >> state, with a specially crafted COUNT argument, may cause an integer overflow, >> a subsequent heap overflow, and potentially lead to remote code execution. >> The problem affects Redis versions 7.0.0 or newer >> [reported by Xion (SeungHyun Lee) of KAIST GoN]. >> >> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> >> --- >> package/redis/redis.hash | 2 +- >> package/redis/redis.mk | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) > Applied to master, thanks. Committed to 2022.08.x, thanks.
diff --git a/package/redis/redis.hash b/package/redis/redis.hash index d9b6ebea54..a10df46031 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f redis-7.0.4.tar.gz +sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3 redis-7.0.5.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index 245e9b4d1f..7a637c106c 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 7.0.4 +REDIS_VERSION = 7.0.5 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING
From the release notes: (https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES) ================================================================================ Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer [reported by Xion (SeungHyun Lee) of KAIST GoN]. Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com> --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)