1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted redis 5:5.0.14-1+deb10u1 (source amd64 all) into oldstable-pro

    From Debian FTP Masters@21:1/5 to All on Sat Nov 6 20:10:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 06 Oct 2021 15:39:35 +0100
    Source: redis
    Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck
    Architecture: source amd64 all
    Version: 5:5.0.14-1+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Chris Lamb <lamby@debian.org>
    Changed-By: Chris Lamb <lamby@debian.org>
    Description:
    redis - Persistent key-value database with network interface (metapackage
    redis-sentinel - Persistent key-value database with network interface (monitoring)
    redis-server - Persistent key-value database with network interface
    redis-tools - Persistent key-value database with network interface (client) Changes:
    redis (5:5.0.14-1+deb10u1) buster-security; urgency=high
    .
    * New upstream security release:
    .
    - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
    redis-sentinel parsing large multi-bulk replies on some older and less
    common platforms.
    .
    - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
    set-max-intset-entries is manually configured to a non-default, very
    large value.
    .
    - CVE-2021-32675: Denial Of Service when processing RESP request payloads
    with a large number of elements on many connections.
    .
    - CVE-2021-32672: Random heap reading issue with Lua Debugger.
    .
    - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
    data types, when configuring a large, non-default value for
    hash-max-ziplist-entries, hash-max-ziplist-value,
    zset-max-ziplist-entries or zset-max-ziplist-value.
    .
    - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
    configuring a non-default, large value for proto-max-bulk-len and
    client-query-buffer-limit.
    .
    - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
    buffer overflow.
    .
    - CVE-2021-41099: Integer to heap buffer overflow handling certain string
    commands and network payloads, when proto-max-bulk-len is manually
    configured to a non-default, very large value.
    * Refresh patches.
    Checksums-Sha1:
    b588a8dec08607fb6a19c95a2d6005a5b649b0b3 2190 redis_5.0.14-1+deb10u1.dsc
    d383cc7958c7ea89006509e4793c76eaa591cd20 2017965 redis_5.0.14.orig.tar.gz
    f2d80d77cf62601044358c486d6a732dca865f07 26812 redis_5.0.14-1+deb10u1.debian.tar.xz
    7f6bbfffb8334b6c09ffd9a621bef450bc732a6f 63240 redis-sentinel_5.0.14-1+deb10u1_amd64.deb
    d951b82a9f9e8aa5a5e0bf61fc2f4e3a04970e84 90524 redis-server_5.0.14-1+deb10u1_amd64.deb
    578e89e65d0b9d00635863e8bf7ab8fefb57da4c 1254808 redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb
    c37a4467951231f83e60a9fcc6bc1c5331660aae 540404 redis-tools_5.0.14-1+deb10u1_amd64.deb
    14b3aa118019be2dc4596c923caec0a09ebe8b74 55844 redis_5.0.14-1+deb10u1_all.deb
    5141c1acc53df68ae7d7ad763c2d089ab0d5cb1c 7061 redis_5.0.14-1+deb10u1_amd64.buildinfo
    Checksums-Sha256:
    b16857e79bf8b31d7addcc92f7e7f215da64582f935827340a7a9b7a48d0a7a1 2190 redis_5.0.14-1+deb10u1.dsc
    6d8e87baeaae521a4ad2d9b5e2af78f582a4212a370c4a8e7e1c58dbbd9a0f19 2017965 redis_5.0.14.orig.tar.gz
    3d345f749cb60414b096109d076ce217789dba35aab20c0476537689ab5afdbe 26812 redis_5.0.14-1+deb10u1.debian.tar.xz
    9f1135ea4cf803a2feac256f882dd2148ef4da0743d1e9b3086e133c488a2cdd 63240 redis-sentinel_5.0.14-1+deb10u1_amd64.deb
    0b0308ab17f4298d9ab67f11063639b40198b596470629fa9a5958b6d51b9eeb 90524 redis-server_5.0.14-1+deb10u1_amd64.deb
    810b5c45409e98d2ecedb933cfa06c5a2b0a485ab0baccaf819e04e9344d5085 1254808 redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb
    f0fa2f41657652dfa3d42015058c99578f53752eaa5a4f0177d61ec762b70ada 540404 redis-tools_5.0.14-1+deb10u1_amd64.deb
    7469275a1dbd411ad61a5bdbd8ff972ca3be974b5f3f6015523116b9c03fe334 55844 redis_5.0.14-1+deb10u1_all.deb
    f67f25514fc168df3ee7f42044c78913c65b255db7ea2270dcf65e7e0f870453 7061 redis_5.0.14-1+deb10u1_amd64.buildinfo
    Files:
    5e9274a57140ed445e9126281351e9cb 2190 database optional redis_5.0.14-1+deb10u1.dsc
    1a06c1b414d9f895b32e6af714932175 2017965 database optional redis_5.0.14.orig.tar.gz
    f1681cd4098e0771a7ef58ea6047b12e 26812 database optional redis_5.0.14-1+deb10u1.debian.tar.xz
    32df07cf31ba5239e9c5b796d3428f0c 63240 database optional redis-sentinel_5.0.14-1+deb10u1_amd64.deb
    66acd5d36a007a1132b55ea5eb7e6f9c 90524 database optional redis-server_5.0.14-1+deb10u1_amd64.deb
    479f954f57059401fa266c95607a9f3d 1254808 debug optional redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb
    d05a8ea9fceba6260b7b4052265f07de 540404 database optional redis-tools_5.0.14-1+deb10u1_amd64.deb
    a5f597ea64945987d28e2cfbbfd7aa04 55844 database optional redis_5.0.14-1+deb10u1_all.deb
    8f2f093fcc376a3f9b82501e43cceb88 7061 database optional redis_5.0.14-1+deb10u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGEF98ACgkQHpU+J9Qx Hlj4Jg/+M/I+xkZwau6wkqM1IHkKfxmonRbjOWo+X2Np2uKsCCAnVOiScE/RpvYX TuAy7nsp1DU0aPnB61acoVQc34LqauDJU4TT9GND5+wYd0Z3NtHoTLLA3WOCkmEs DkoGpSr4K9jyIPIZeh3LFrUHgcTZQ0fnhhXwc+DSC5X/H7RQ/qHqhGF0bOMKhAb2 d0VeLKH6Erj+hmuO5ZlT4r5K2oy94RPlEdNeKF5NXKuIwaKq2R87AcePvl7YQb2g CaPK/IzVM/WjQKvuFzYDG/s2JFA0AXa8le01f4NFjMaxsP4do1cburbFPsnzsaGm eGqAYFa0M1d5SHPXuz36paigLLrUvHZDNrPeYugSVqfx1emB4lvcKFFh+WnwwKA4 3hvPRPGZbDgZs5WyrcAGpBdGnPi4mk/e0S2GjZZmw02LhXEaI3C3O375SZ5I/j13 IV3Yh7/AyeYq5lJ1qbCllY+t68ffj6IdUZjG7MRSpaVFxjekPlIpCQreclMeE84O 3CG9tDH1OPZvqAdBC2fKckZa3T2OF0LhRAJsnQ7+/IsazHdRIa9kUDaa8x8J2WTa IUEn7513bIh349t+/xpHwIBYZuh6K9iNqHEQd6m5OSAMz7rR3KtxuNfZbHT5nFWB 7cUAdWD4i990Lh645Dd6kH0pnJ6/vSNB03S7WeH6rx68Qq6ktPs=
    =9J9t
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)