Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2

To: Adrian Bunk <bunk@debian.org>, 1088709@bugs.debian.org
Cc: security@debian.org
Subject: Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 30 Nov 2024 19:15:38 +0100
Message-id: <[🔎] Z0tWSjKSRd6PIziw@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1088709@bugs.debian.org
In-reply-to: <[🔎] 173291356263.17890.884155138202153797.reportbug@localhost>
References: <[🔎] 173291356263.17890.884155138202153797.reportbug@localhost> <[🔎] 173291356263.17890.884155138202153797.reportbug@localhost>

Control: tags -1 - moreinfo

Hi Adrian,

On Fri, Nov 29, 2024 at 10:52:42PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Chris Lamb <lamby@debian.org>, security@debian.org
> 
>   * CVE-2024-31227: DoS with malformed ACL selectors
>   * CVE-2024-31228: unbounded pattern matching DoS
>   * CVE-2024-31449: Lua bit library stack overflow
> 
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.

Thanks for the question. Moritz did earlier today mark the 3 CVEs as
no-dsa, and releasing the update via the next point release is
sufficient.

Regards,
Salvatore

Reply to:

References:
- Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Bug#1082552: #1082552: transition: petsc and numerical library stack
Next by Date: Processed: Re: Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2
Previous by thread: Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2
Next by thread: Processed: Re: Bug#1088709: bookworm-pu: package redis/5:7.0.15-1~deb12u2
Index(es):
- Date
- Thread