Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted redis 5:6.0.16-1 (source) into unstable
Date: Mon, 04 Oct 2021 14:40:03 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 04 Oct 2021 14:37:24 +0100
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:6.0.16-1
Distribution: unstable
Urgency: medium
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 redis (5:6.0.16-1) unstable; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
       redis-sentinel parsing large multi-bulk replies on some older and less
       common platforms.
 .
     - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
       set-max-intset-entries is manually configured to a non-default, very
       large value.
 .
     - CVE-2021-32675: Denial Of Service when processing RESP request payloads
       with a large number of elements on many connections.
 .
     - CVE-2021-32672: Random heap reading issue with Lua Debugger.
 .
     - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
       data types, when configuring a large, non-default value for
       hash-max-ziplist-entries, hash-max-ziplist-value,
       zset-max-ziplist-entries or zset-max-ziplist-value.
 .
     - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
       configuring a non-default, large value for proto-max-bulk-len and
       client-query-buffer-limit.
 .
     - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
       buffer overflow.
 .
     - CVE-2021-41099: Integer to heap buffer overflow handling certain string
       commands and network payloads, when proto-max-bulk-len is manually
       configured to a non-default, very large value.
 .
   * Refresh patches.
   * Bump Standards-Version to 4.6.0.
Checksums-Sha1:
 c93918f946492eb1fe7cbdfd1df6aab3eed5fc5c 2264 redis_6.0.16-1.dsc
 381b94558450b967c0f6fa1e66497523f3c5da76 2307243 redis_6.0.16.orig.tar.gz
 5ba00d334155060292e06145ddb77bf181c5030e 29504 redis_6.0.16-1.debian.tar.xz
 a04166243aaaaba9d68234a1a0952ef5ef44edeb 7377 redis_6.0.16-1_amd64.buildinfo
Checksums-Sha256:
 c90fad51e966b2ff82349e060936d9a98cd5b182f3a61838191ee0f42e351bd8 2264 redis_6.0.16-1.dsc
 8bea58a468bb67bedc92d8c2e44c170e42e6ea02527cbc5d233e92e8d78d1b99 2307243 redis_6.0.16.orig.tar.gz
 5a09f4f4c6e2b3fafc7b986bca0e67578e70167e7ec60928aec7d5af913ca661 29504 redis_6.0.16-1.debian.tar.xz
 4377510a7f36f3471b02db0e4590d9ce50e1a9090e3afb302f0f5f7b2d464d3f 7377 redis_6.0.16-1_amd64.buildinfo
Files:
 e8b6158ac10e6b3791cf3f55ce8b7f8c 2264 database optional redis_6.0.16-1.dsc
 cc0f506796970cf1454ee898e2bf7698 2307243 database optional redis_6.0.16.orig.tar.gz
 666edc1bb15980bad00683b98b54c4dd 29504 database optional redis_6.0.16-1.debian.tar.xz
 c09066c83cfc1aa7c46f42f074872d18 7377 database optional redis_6.0.16-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFbBBEACgkQHpU+J9Qx
HlhDrg//bH/bDPFZOvPb03aipaErXxx1tuwVK1PBoQBXu10eArmAVvtxochwhR0b
CfXOJqHnsMNxv+AVNKnRGOrh00SXXIaOzQacKZ9uNk7K2JZGLxSfTS81G1V0Loso
aUUSWa7g2ClxZ+D9qyELQCUFICZt4h0f53BIt9K2tY87OH4uS8x/5VjArvsRG7wH
AMJt1mcygjXtb+mqjapvzwtibszYoxmg7spD59gl0NVcxRvM7iMNBmLug6Ej681T
WnUUrWxaLMQKrGPF+XbGNyMj2ZCnbbjCN4lWtsXv6VBsdwcZKIfi5vnLfkKzY6qX
AZPhmM+V53AvU7BBjy6gI/AAAGZBog9RPHXAGLiQXGlo8K7iokwcbyleh4fL6ArP
IUItH+tCDblx1lPWgLKLouB4B98zIYLAG4qTHKcAgnBS7vzaZwDM9dGOQgWbwK71
86VZ6axTs/atFpGpq2kKE4Y5tmO0F0mcRCNAjjqfB/CJwpEKH/UTM1vlC91f0QUL
szrpggCHefSerwJ3/nfAqwU9hI+jxFXL6DROI0e47Z+6NVbjlZWzMIRmbtKkwpCL
+tZnIbyiXu4VD14P9g+EnjSyp9++BsAAsTec7v105W4wkVO6DwdHZDYkkN0Gp6wu
75d0x4WO+CvOLzxTPN1gOFDD5cI5mwYZgzt8JERMs0ybKbisiNw=
=iSkV
-----END PGP SIGNATURE-----
News for package redis
