* [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15
@ 2021-07-26 9:16 Titouan Christophe
2021-07-26 9:16 ` [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5 Titouan Christophe
2021-07-30 16:23 ` [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Peter Korsgaard
0 siblings, 2 replies; 5+ messages in thread
From: Titouan Christophe @ 2021-07-26 9:16 UTC (permalink / raw)
To: buildroot; +Cc: Titouan Christophe, Daniel Price
From the release notes:
================================================================================
Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
See https://github.com/redis/redis/blob/6.0.15/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index 15b55eb501..d736c09489 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 c3e60c928b183ca9fe8e878936a6f8ba99e0441b9b6e04d2412a750ea576c649 redis-6.0.14.tar.gz
+sha256 4bc295264a95bc94423c162a9eee66135a24a51eefe5f53f18fc9bde5c3a9f74 redis-6.0.15.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 925279274c..f66397b216 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 6.0.14
+REDIS_VERSION = 6.0.15
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.32.0
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5
2021-07-26 9:16 [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Titouan Christophe
@ 2021-07-26 9:16 ` Titouan Christophe
2021-07-26 21:08 ` Thomas Petazzoni
2021-07-30 16:24 ` Peter Korsgaard
2021-07-30 16:23 ` [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Peter Korsgaard
1 sibling, 2 replies; 5+ messages in thread
From: Titouan Christophe @ 2021-07-26 9:16 UTC (permalink / raw)
To: buildroot; +Cc: Titouan Christophe, Daniel Price
From the release notes:
================================================================================
Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues that affect
authenticated client connections on 32-bit versions. MODERATE otherwise.
Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
An integer overflow bug in Redis version 2.2 or newer can be exploited using the
BITFIELD command to corrupt the heap and potentially result with remote code
execution.
See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index f5e5827dab..3d207fa4c1 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 ba32c406a10fc2c09426e2be2787d74ff204eb3a2e496d87cff76a476b6ae16e redis-6.2.4.tar.gz
+sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae redis-6.2.5.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 4e16b346c1..c1d435015d 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 6.2.4
+REDIS_VERSION = 6.2.5
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.32.0
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5
2021-07-26 9:16 ` [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5 Titouan Christophe
@ 2021-07-26 21:08 ` Thomas Petazzoni
2021-07-30 16:24 ` Peter Korsgaard
1 sibling, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2021-07-26 21:08 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
On Mon, 26 Jul 2021 11:16:35 +0200
Titouan Christophe <titouanchristophe@gmail.com> wrote:
> From the release notes:
> ================================================================================
> Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
>
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
>
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
>
> See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
>
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> ---
> package/redis/redis.hash | 2 +-
> package/redis/redis.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5
2021-07-26 9:16 ` [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5 Titouan Christophe
2021-07-26 21:08 ` Thomas Petazzoni
@ 2021-07-30 16:24 ` Peter Korsgaard
1 sibling, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-07-30 16:24 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> From the release notes:
> ================================================================================
> Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
> See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Committed to 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15
2021-07-26 9:16 [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Titouan Christophe
2021-07-26 9:16 ` [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5 Titouan Christophe
@ 2021-07-30 16:23 ` Peter Korsgaard
1 sibling, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-07-30 16:23 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> From the release notes:
> ================================================================================
> Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
> See https://github.com/redis/redis/blob/6.0.15/00-RELEASENOTES
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-07-30 16:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-26 9:16 [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Titouan Christophe
2021-07-26 9:16 ` [Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5 Titouan Christophe
2021-07-26 21:08 ` Thomas Petazzoni
2021-07-30 16:24 ` Peter Korsgaard
2021-07-30 16:23 ` [Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15 Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox