* [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.5
@ 2022-09-26 10:17 Titouan Christophe
2022-09-26 12:02 ` Thomas Petazzoni
0 siblings, 1 reply; 3+ messages in thread
From: Titouan Christophe @ 2022-09-26 10:17 UTC (permalink / raw)
To: buildroot; +Cc: Titouan Christophe, Daniel Price
From the release notes:
(https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES)
================================================================================
Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
================================================================================
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index d9b6ebea54..a10df46031 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f redis-7.0.4.tar.gz
+sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3 redis-7.0.5.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 245e9b4d1f..7a637c106c 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 7.0.4
+REDIS_VERSION = 7.0.5
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.37.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.5
2022-09-26 10:17 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.5 Titouan Christophe
@ 2022-09-26 12:02 ` Thomas Petazzoni
2022-10-11 19:23 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2022-09-26 12:02 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
On Mon, 26 Sep 2022 12:17:24 +0200
Titouan Christophe <titouanchristophe@gmail.com> wrote:
> From the release notes:
> (https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES)
>
> ================================================================================
> Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
> ================================================================================
>
> Upgrade urgency: SECURITY, contains fixes to security issues.
>
> Security Fixes:
> * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
> state, with a specially crafted COUNT argument, may cause an integer overflow,
> a subsequent heap overflow, and potentially lead to remote code execution.
> The problem affects Redis versions 7.0.0 or newer
> [reported by Xion (SeungHyun Lee) of KAIST GoN].
>
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> ---
> package/redis/redis.hash | 2 +-
> package/redis/redis.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.5
2022-09-26 12:02 ` Thomas Petazzoni
@ 2022-10-11 19:23 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-10-11 19:23 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Titouan Christophe, Daniel Price, buildroot
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:
> On Mon, 26 Sep 2022 12:17:24 +0200
> Titouan Christophe <titouanchristophe@gmail.com> wrote:
>> From the release notes:
>> (https://github.com/redis/redis/blob/7.0.5/00-RELEASENOTES)
>>
>> ================================================================================
>> Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
>> ================================================================================
>>
>> Upgrade urgency: SECURITY, contains fixes to security issues.
>>
>> Security Fixes:
>> * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
>> state, with a specially crafted COUNT argument, may cause an integer overflow,
>> a subsequent heap overflow, and potentially lead to remote code execution.
>> The problem affects Redis versions 7.0.0 or newer
>> [reported by Xion (SeungHyun Lee) of KAIST GoN].
>>
>> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
>> ---
>> package/redis/redis.hash | 2 +-
>> package/redis/redis.mk | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
> Applied to master, thanks.
Committed to 2022.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-11 19:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-26 10:17 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.0.5 Titouan Christophe
2022-09-26 12:02 ` Thomas Petazzoni
2022-10-11 19:23 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox