Accepted redis 5:6.0.16-2~bpo11+1 (source amd64 all) into bullseye-backports

To: debian-backports-changes@lists.debian.org
Subject: Accepted redis 5:6.0.16-2~bpo11+1 (source amd64 all) into bullseye-backports
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 10 Mar 2022 08:34:36 +0000
Message-id: <[🔎] E1nSEFo-0006wa-HZ@fasolo.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Mar 2022 08:12:54 +0000
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:6.0.16-2~bpo11+1
Distribution: bullseye-backports
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface (monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 1005787
Changes:
 redis (5:6.0.16-2~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 redis (5:6.0.16-2) unstable; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
 .
 redis (5:6.0.16-1) unstable; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
       redis-sentinel parsing large multi-bulk replies on some older and less
       common platforms.
 .
     - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
       set-max-intset-entries is manually configured to a non-default, very
       large value.
 .
     - CVE-2021-32675: Denial Of Service when processing RESP request payloads
       with a large number of elements on many connections.
 .
     - CVE-2021-32672: Random heap reading issue with Lua Debugger.
 .
     - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
       data types, when configuring a large, non-default value for
       hash-max-ziplist-entries, hash-max-ziplist-value,
       zset-max-ziplist-entries or zset-max-ziplist-value.
 .
     - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
       configuring a non-default, large value for proto-max-bulk-len and
       client-query-buffer-limit.
 .
     - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
       buffer overflow.
 .
     - CVE-2021-41099: Integer to heap buffer overflow handling certain string
       commands and network payloads, when proto-max-bulk-len is manually
       configured to a non-default, very large value.
 .
   * Refresh patches.
   * Bump Standards-Version to 4.6.0.
Checksums-Sha1:
 389623f3c34fe0f63e0b8564ed48222335ce73be 2296 redis_6.0.16-2~bpo11+1.dsc
 381b94558450b967c0f6fa1e66497523f3c5da76 2307243 redis_6.0.16.orig.tar.gz
 f23f001150f3ad238fdc2313fbc2f180ddff34c7 30072 redis_6.0.16-2~bpo11+1.debian.tar.xz
 9e97c2b8c51ce303f2717444275b564e05885dbe 64916 redis-sentinel_6.0.16-2~bpo11+1_amd64.deb
 30e5997f86f570f16ec828bdb96a7df3a7d29191 98564 redis-server_6.0.16-2~bpo11+1_amd64.deb
 666bfe97af3ee51fc35680a22f0356974e5d9587 1635528 redis-tools-dbgsym_6.0.16-2~bpo11+1_amd64.deb
 e954871e8c52f394d07529a751fd2609d4197e95 718416 redis-tools_6.0.16-2~bpo11+1_amd64.deb
 6a5c7120f430c83f38f84b9e1ae830d57eef4615 57160 redis_6.0.16-2~bpo11+1_all.deb
 f1832958fdf9b1b127116655632e98c7c7647ddb 7364 redis_6.0.16-2~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 44ce0000911b39ac437b3042c59af42f20e3402d8d441d236693fa9262c3aef7 2296 redis_6.0.16-2~bpo11+1.dsc
 8bea58a468bb67bedc92d8c2e44c170e42e6ea02527cbc5d233e92e8d78d1b99 2307243 redis_6.0.16.orig.tar.gz
 7f6e150da0a04a53d6fe32076cc741a2295960443641f80681e5e9d6c2686a06 30072 redis_6.0.16-2~bpo11+1.debian.tar.xz
 5295c687803c65de0bd26087bb309c5608516615b9a828105e20b1fe63811f6c 64916 redis-sentinel_6.0.16-2~bpo11+1_amd64.deb
 916de74195810a3251e822481425bc068ef973d8946b5b7de44f0d0f7dcdb496 98564 redis-server_6.0.16-2~bpo11+1_amd64.deb
 e219841d9281b85fe166421eed2db181b6bc0e9a6bb1e775fc5548498b3c78c6 1635528 redis-tools-dbgsym_6.0.16-2~bpo11+1_amd64.deb
 040ca0fb5315a1def70954d568d4c92b904a035bb4fd483949d3ba4f1b9af040 718416 redis-tools_6.0.16-2~bpo11+1_amd64.deb
 7634872761c51199b144d6ca6a6a4e5f0287d6e7f66931a3f6bfd221188e9c09 57160 redis_6.0.16-2~bpo11+1_all.deb
 7452c14651783403adcbf92a796cb79b1b251b65ce81acec50f6b494afe7d5d8 7364 redis_6.0.16-2~bpo11+1_amd64.buildinfo
Files:
 7759fc8ad8be7b828d3ccd61b4001d4a 2296 database optional redis_6.0.16-2~bpo11+1.dsc
 cc0f506796970cf1454ee898e2bf7698 2307243 database optional redis_6.0.16.orig.tar.gz
 fb0e0407600389740807703f939b6869 30072 database optional redis_6.0.16-2~bpo11+1.debian.tar.xz
 c88aae5c0c29db738154431981f0048c 64916 database optional redis-sentinel_6.0.16-2~bpo11+1_amd64.deb
 8ca4c2f63c964ee3f16cc9d370d172fc 98564 database optional redis-server_6.0.16-2~bpo11+1_amd64.deb
 3954607a6eedf02249abdae31e0f4fcf 1635528 debug optional redis-tools-dbgsym_6.0.16-2~bpo11+1_amd64.deb
 fbc29ef3b50e8f8710029c0dbb9e926c 718416 database optional redis-tools_6.0.16-2~bpo11+1_amd64.deb
 3f58b3e1de1a907e8d532341f6e94c7a 57160 database optional redis_6.0.16-2~bpo11+1_all.deb
 a6808ca942e82bc326fdca1defbda8cb 7364 database optional redis_6.0.16-2~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmIptF0ACgkQHpU+J9Qx
HliBDw//bWj0GQwR3ct7IKHZaW4XenTrzgd7IK9b7oplL8MCOjwfrpwDkEEdYmaA
/EbvDpm37ENAUAzD/nQaWVQFpQiS761A3iFpEl3FLu22b5bfRXBbKhfR+ZCk+S3C
EnC0tOSpu7crcZwnw+H2AqowDvKq17RnbuwPIPEP88j2YEme0hcd8zouQiBkuYW0
oYKvMXNG7Wx1sCFnFMjEc0gwtHuXiHtwTDdzuDe14RnsPL/Tzv5C9wB5SCUQhvfj
inp4nGRW1XsViy0jix/CcYr4Wwl0XHfOPM6/0VKVdDRa/h/hWEt+abTvT/H2cAsI
l5W+2OdYZYTmQXa6t94NWvlZkwa+FVLo2YScszF8ExprkdVIZGJ4Mz30dSlrnWgX
Q0NlFiVmD9M358YURZ7mYColPjaFtCOUDZ1YcPO9kVp26Mx3N8joPmki1TwbKG4J
dwYSzUkdlP46gcaYEJqdpllaqUnV5R+R0HGMzQMR2biXGbeiNj7hBYQlPPgvlcOn
hmKYgEje7rtQiqHD5uQrdgOWMC98A7Bamyq9iFCKKt21OePteSFn25C51GVx2jGe
jkY3xD21ltFjqSYoA04XGD654CSiNNuLud18i2tNy7oLMXFmZGjeaHw1O+N4LkO8
hG732+DOmHHYKqM5I1lJSWPSRIo5CFXFQlpOh+BTWSGD0qyzpC4=
=VzaB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted libreoffice 1:7.3.1-1~bpo11+1 (source) into bullseye-backports
Next by Date: Accepted liblouis 3.21.0-1~bpo11+1 (source) into bullseye-backports
Previous by thread: Accepted libreoffice 1:7.3.1-1~bpo11+1 (source) into bullseye-backports
Next by thread: Accepted liblouis 3.21.0-1~bpo11+1 (source) into bullseye-backports
Index(es):
- Date
- Thread