* [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4
@ 2024-01-18 19:37 Titouan Christophe
2024-01-21 9:45 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Titouan Christophe @ 2024-01-18 19:37 UTC (permalink / raw)
To: buildroot; +Cc: Titouan Christophe, Daniel Price
See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
================================================================================
Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
================================================================================
Upgrade urgency SECURITY: See security fixes below.
Security fixes
==============
* (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug fixes
=========
* Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
* Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
* Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index 365fbf4063..378b930374 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 3e2b196d6eb4ddb9e743088bfc2915ccbb42d40f5a8a3edd8cb69c716ec34be7 redis-7.2.3.tar.gz
+sha256 8d104c26a154b29fd67d6568b4f375212212ad41e0c2caa3d66480e78dbd3b59 redis-7.2.4.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 77cfb1e0b1..09a3b9448b 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 7.2.3
+REDIS_VERSION = 7.2.4
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4
2024-01-18 19:37 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4 Titouan Christophe
@ 2024-01-21 9:45 ` Peter Korsgaard
2024-02-04 14:52 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2024-01-21 9:45 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
> ================================================================================
> Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
> ================================================================================
> Upgrade urgency SECURITY: See security fixes below.
> Security fixes
> ==============
> * (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
> buffers which can result in incorrect accounting of buffer sizes and lead to
> heap overflow and potential remote code execution.
> Bug fixes
> =========
> * Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
> * Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
> * Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4
2024-01-21 9:45 ` Peter Korsgaard
@ 2024-02-04 14:52 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-02-04 14:52 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
>> See release notes (https://github.com/redis/redis/blob/7.2.4/00-RELEASENOTES):
>> ================================================================================
>> Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST
>> ================================================================================
>> Upgrade urgency SECURITY: See security fixes below.
>> Security fixes
>> ==============
>> * (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
>> buffers which can result in incorrect accounting of buffer sizes and lead to
>> heap overflow and potential remote code execution.
>> Bug fixes
>> =========
>> * Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
>> * Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
>> * Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
>> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> Committed, thanks.
Committed to 2023.11.x, thanks.
For 2023.02.x I have instead bumped to 7.0.15.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-04 14:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-18 19:37 [Buildroot] [PATCH 1/1] package/redis: security bump to v7.2.4 Titouan Christophe
2024-01-21 9:45 ` Peter Korsgaard
2024-02-04 14:52 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox