Accepted redis 5:7.0.10-1~bpo11+1 (source amd64 all) into bullseye-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 01 Apr 2023 10:44:01 +0100
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:7.0.10-1~bpo11+1
Distribution: bullseye-backports
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
redis - Persistent key-value database with network interface (metapackage
redis-sentinel - Persistent key-value database with network interface (monitoring)
redis-server - Persistent key-value database with network interface
redis-tools - Persistent key-value database with network interface (client)
Closes: 1029363 1029844 1031206 1031750 1032279 1033340
Changes:
redis (5:7.0.10-1~bpo11+1) bullseye-backports; urgency=medium
.
* Rebuild for bullseye-backports.
.
redis (5:7.0.10-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2023-28425: Unauthenticated users could have used the MSETNX command
to trigger a runtime assertion and termination of the Redis server
process. (Closes: #1033340)
* Refresh patches.
* Bump Standards-Version.
* Extend our USE_SYSTEM_JEMALLOC patch to support latest version.
.
redis (5:7.0.9-1) unstable; urgency=high
.
* New upstream security release:
- CVE-2023-25155: Authenticated users issuing specially crafted
`SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an
integer overflow, resulting in a runtime assertion and termination of the
Redis server process. (Closes: #1032279)
- CVE-2022-36021: Authenticated users can use string matching commands
(like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a
denial-of-service attack on Redis, causing it to hang and consume 100%
CPU time.
* Refresh patches.
* Extend our USE_SYSTEM_JEMALLOC patch to support latest version.
.
redis (5:7.0.8-4) unstable; urgency=medium
.
* Correct "delaycompress" typo in redis-server.logrotate, not just
redis-sentinel.logrotate. (Closes: #1031750)
.
redis (5:7.0.8-3) unstable; urgency=medium
.
* Correct "delaycompress" typo. (Closes: #1031206)
.
redis (5:7.0.8-2) unstable; urgency=medium
.
* Add delaycompess to logrotate configuration. Thanks, Marc Haber.
(Closes: #1029844)
.
redis (5:7.0.8-1) unstable; urgency=high
.
* New upstream release.
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
* CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands may have led to denial-of-service. (Closes: #1029363)
* CVE-2022-35977: Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands could have driven Redis to an OOM panic.
Checksums-Sha1:
f312b50f83987ff37337735482ceb43fafec8852 2305 redis_7.0.10-1~bpo11+1.dsc
d5cd28c2907625532bef88828ba478a2f04d9bfa 3017600 redis_7.0.10.orig.tar.gz
70cff96a37e1da9d7e5d85679f3b0a23b2173e0c 28752 redis_7.0.10-1~bpo11+1.debian.tar.xz
712458d20531e3c0edc0e0f90fda973d253ef18a 32192 redis-sentinel_7.0.10-1~bpo11+1_amd64.deb
3c41ba577fdfc796c83bfd3a6359add418dac20e 71004 redis-server_7.0.10-1~bpo11+1_amd64.deb
8d3179a515652311a362138651463821fa42ba37 2635828 redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb
c44c5015f511f8bc38852ef931c0c800fdb88249 984696 redis-tools_7.0.10-1~bpo11+1_amd64.deb
e52a831a5f4486ab0488d808f3f6fbf745a6d179 23144 redis_7.0.10-1~bpo11+1_all.deb
149048ce6f5e99d0fcae8d37ae518e74954f3698 7863 redis_7.0.10-1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
f8410c889d02db47d34faa6350f02d264b9d231284ca4bfd8fd9cb96d1553d74 2305 redis_7.0.10-1~bpo11+1.dsc
5be1f61c8ce4216e0ca80c835def3a16eb4a29fa80b2ecd04943eacac9d038ea 3017600 redis_7.0.10.orig.tar.gz
667515946fcfd54e08d4a405c4247bd9d196eb7e7a53a8029331c0741a951ad9 28752 redis_7.0.10-1~bpo11+1.debian.tar.xz
e0c5ce56da1f3a4c3bab7c3554c0e7089943988b1db3b21d70899d2f1605f117 32192 redis-sentinel_7.0.10-1~bpo11+1_amd64.deb
9b5b7f80cf30a4d6889caa0dbcf788b603347aa3b2fbf6342c3610ea2d0efdaa 71004 redis-server_7.0.10-1~bpo11+1_amd64.deb
f568f309120c56fb904e4d52dd4c803ac14d7e7800bc9a6ab0d7566579940337 2635828 redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb
82ff4aabd9b37b97bf76943082eb931341bf974ac2ec80e6ce9a138896d5b660 984696 redis-tools_7.0.10-1~bpo11+1_amd64.deb
ec4253cee41043c2863763fc9856d0f82f1508d461ada535d497fcc7e9f06ddf 23144 redis_7.0.10-1~bpo11+1_all.deb
bbf75c0b4440aaa573d2d7151cba321aed57593be1445dc98d3d716ad5fc7877 7863 redis_7.0.10-1~bpo11+1_amd64.buildinfo
Files:
0087d141541dc183da371dc0d7dd7c1e 2305 database optional redis_7.0.10-1~bpo11+1.dsc
c2b06eb38e6094be789ad18aa5b178e2 3017600 database optional redis_7.0.10.orig.tar.gz
67a0b1a1fbf3b8c3188bc64c9d5cabc1 28752 database optional redis_7.0.10-1~bpo11+1.debian.tar.xz
e97e34ae3ad3f6da1ccb79aac5131074 32192 database optional redis-sentinel_7.0.10-1~bpo11+1_amd64.deb
6e278ae3da1e0458308bac78f234cad1 71004 database optional redis-server_7.0.10-1~bpo11+1_amd64.deb
4651d3f374a07666178002fc3c27894b 2635828 debug optional redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb
d614a626368adad2bff4c8ea11900431 984696 database optional redis-tools_7.0.10-1~bpo11+1_amd64.deb
3d3b6fbe8c1dec18b805d9f92a7edc20 23144 database optional redis_7.0.10-1~bpo11+1_all.deb
e0ebe5d65c144083902789ee9f7cea09 7863 database optional redis_7.0.10-1~bpo11+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQn/coACgkQHpU+J9Qx
HlggFQ//REPirhqb0iVx70coIzDNUcuNfNlmJmgdin7eiOmWf69G6iAHTLuu56Vx
OIBZChqfZ/g8FZlxKLmZZa+jDIPS4trDR9LF+snYy23WcgYbkka28T/VoEAsg0k4
1iNKfIbouim+EZFJOlksSOkGlEFNKEc6tykoNmH55q5WnuYZzcSsRRV8C3s5Xv2a
NfrDCcptsAtUdLlPOlIiIa9bE6Nez3v+IEJVINmM6zZvIe0IaSmALLwff5xWHE6f
4Px6gq6moCo2T9ReDzguEzeZl1UEzPcZuN3TFBbocCPEtsZuPmsQfVUOmz9NCrzU
J7vtPcH978TdpHPfVNZeGZZQgstwcD2+vViTZFx+G8uawLRLby85T/hQ6X4c+tpt
fLolGemck3fT+q1awj4xTFeAJBHk2bJYjZRIJfOrlypBYpkEmfoE61rhl0t2zptZ
dCiMi8fVXl8gkX1d5cq+CuvWKEBHaHgrGcqit6HiG9mfVarZ4EoHrY4i21ja+gJP
GZcZdn13jfumYpvz9Rdmrx4xrrbaesyN5mdK6qV/dT0UKn53AWdNkYKaTLWozIZt
FG9zQkHF5f/bL7rSFfAJ49feR6ScWZ10evKzQBlWDiJIr+GLLs54j4GWMtn+izw/
jLMtSbP16ATTSLp4LLN99ojoiMS7pHnQrMJY5hP3Ko/4DPlo9RU=
=9JtS
-----END PGP SIGNATURE-----
Reply to: