Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4
@ 2022-08-11 18:54 Titouan Christophe
  2022-08-11 20:25 ` Thomas Petazzoni via buildroot
  2022-09-14 22:36 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Titouan Christophe @ 2022-08-11 18:54 UTC (permalink / raw)
  To: buildroot; +Cc: Titouan Christophe, Daniel Price

From the release notes:

================================================================================
Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
  key in a specific state may result with heap overflow, and potentially
  remote code execution. The problem affects Redis versions 7.0.0 or newer.

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
 package/redis/redis.hash | 2 +-
 package/redis/redis.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index bff478fe7c..d9b6ebea54 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
 # From https://github.com/redis/redis-hashes/blob/master/README
-sha256  2cde7d17214ffe305953da9fff12333e8a72caa57fd4923e4872f6362a208e73  redis-7.0.3.tar.gz
+sha256  f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f  redis-7.0.4.tar.gz
 
 # Locally calculated
 sha256  97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828  COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index b292782acf..245e9b4d1f 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-REDIS_VERSION = 7.0.3
+REDIS_VERSION = 7.0.4
 REDIS_SITE = http://download.redis.io/releases
 REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
 REDIS_LICENSE_FILES = COPYING
-- 
2.37.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4
  2022-08-11 18:54 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4 Titouan Christophe
@ 2022-08-11 20:25 ` Thomas Petazzoni via buildroot
  2022-09-14 22:36 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-08-11 20:25 UTC (permalink / raw)
  To: Titouan Christophe; +Cc: Daniel Price, buildroot

On Thu, 11 Aug 2022 20:54:48 +0200
Titouan Christophe <titouanchristophe@gmail.com> wrote:

> From the release notes:
> 
> ================================================================================
> Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
> ================================================================================
> 
> Upgrade urgency: SECURITY, contains fixes to security issues.
> 
> Security Fixes:
> * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
>   key in a specific state may result with heap overflow, and potentially
>   remote code execution. The problem affects Redis versions 7.0.0 or newer.
> 
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> ---
>  package/redis/redis.hash | 2 +-
>  package/redis/redis.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4
  2022-08-11 18:54 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4 Titouan Christophe
  2022-08-11 20:25 ` Thomas Petazzoni via buildroot
@ 2022-09-14 22:36 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-14 22:36 UTC (permalink / raw)
  To: Titouan Christophe; +Cc: Daniel Price, buildroot

>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:

 > From the release notes:
 > ================================================================================
 > Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
 > ================================================================================

 > Upgrade urgency: SECURITY, contains fixes to security issues.

 > Security Fixes:
 > * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
 >   key in a specific state may result with heap overflow, and potentially
 >   remote code execution. The problem affects Redis versions 7.0.0 or newer.

 > Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>

Committed to 2022.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-14 22:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-11 18:54 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.4 Titouan Christophe
2022-08-11 20:25 ` Thomas Petazzoni via buildroot
2022-09-14 22:36 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox