Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org> , <debian-experimental-changes@lists.debian.org>
Subject: Accepted redis 5:6.2.6-1 (source) into experimental
Date: Mon, 04 Oct 2021 14:40:10 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 04 Oct 2021 14:33:02 +0100
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:6.2.6-1
Distribution: experimental
Urgency: medium
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 redis (5:6.2.6-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
       redis-sentinel parsing large multi-bulk replies on some older and less
       common platforms.
 .
     - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
       set-max-intset-entries is manually configured to a non-default, very
       large value.
 .
     - CVE-2021-32675: Denial Of Service when processing RESP request payloads
       with a large number of elements on many connections.
 .
     - CVE-2021-32672: Random heap reading issue with Lua Debugger.
 .
     - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
       data types, when configuring a large, non-default value for
       hash-max-ziplist-entries, hash-max-ziplist-value,
       zset-max-ziplist-entries or zset-max-ziplist-value.
 .
     - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
       configuring a non-default, large value for proto-max-bulk-len and
       client-query-buffer-limit.
 .
     - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
       buffer overflow.
 .
     - CVE-2021-41099: Integer to heap buffer overflow handling certain string
       commands and network payloads, when proto-max-bulk-len is manually
       configured to a non-default, very large value.
 .
   * Refresh patches.
   * Bump Standards-Version to 4.6.0.
Checksums-Sha1:
 d2cb8ab8554f2ac13bfd3736e9a7712d05bfa0d1 2266 redis_6.2.6-1.dsc
 3e57ad3fb4d9c36f76343f655de6671f797ce27f 2497805 redis_6.2.6.orig.tar.gz
 03dd7243846c8d686612b0fb50c6c1781e865b0c 28568 redis_6.2.6-1.debian.tar.xz
 805a626d1f1b28f47c88db37a64edfa083912924 7358 redis_6.2.6-1_amd64.buildinfo
Checksums-Sha256:
 5d36a309757b6c3acdda52fe7fbbc6d31a06e971a7c78fcd4fd7f87a3a81b730 2266 redis_6.2.6-1.dsc
 5d452038e346b5f31d7d277a41a4ec583bc8bf04403db620403638f79bdda891 2497805 redis_6.2.6.orig.tar.gz
 ebde26858c3def4c73eda56f06313965251386086412e023c5acf2d3d567a772 28568 redis_6.2.6-1.debian.tar.xz
 d19dd8afc4ea4f025ceabab9ecab69087b1dcd5971efa03f4ff825e7c532c855 7358 redis_6.2.6-1_amd64.buildinfo
Files:
 88ca5c1c4579da7d6cb951a9070e7ad5 2266 database optional redis_6.2.6-1.dsc
 9c9e595efe96857f8b388bea1daaeba6 2497805 database optional redis_6.2.6.orig.tar.gz
 6ef91020aff900e8a89db81e4e4bea66 28568 database optional redis_6.2.6-1.debian.tar.xz
 bc6e54e68c2d360aba96de08291d1888 7358 database optional redis_6.2.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFbA28ACgkQHpU+J9Qx
HljBhA/+MXKEbac3jpCASt+wVUd0P9+8qgemYZ4UHiLFcay3kwqahtMzzzWeDcfe
vD7tG+QDJVMq2oOHpJObnd+llNhxZl2ob3TseMLJOj89+FxsMSdTojvPbFgg0Tou
u4kcCCr8T2VYFqOYjWkmkllqTauX01XqMWZZKL79Mzrll4rvg2h0FH9UgszHfDV+
BlJIVYRJtnKIJSL98ZJvvu22daI6iOdmvzUCfBiOr4Mu+yl1hTQxSyvdjxixnyjZ
uLCQqTcblP0lDfMM4QUB/m4L+PPjkeiHGOwwjM4jugpqS9rlpX211ReuvniB2Nek
0KrPwC1WDeE2lLUZ2Mj7FfbowzMIXVHUmov2kGmMKeTt87nrQNoste3gmzzBIuMG
8xvvvaQCyXziPz8Q8PpU1V+MnhDbsBha730bm1tgfPJcMgvKJbff/E6zOx7M4UC6
SQQNLF40M7GOoW6a2ECrY+vYjhVl/PCpm24gCYu9yE8SFuPX9R/kvLnuKFjXlYlf
/+qeY7rQ42DqE5t6DbeXVsh9SeUG4053gFey20v6YeQYCwMla7161acBmNWe4d6q
P1C88js7B0Br4Ul4eahpoBRLAOYZ5ZqLHLc+zQBGzQop6IrXQ5tqT2x8zXNeTfR5
gpgsC/ihXCMCqH5+vWjFJxM59VP9X12ldCXxl7aW+HA4hFVzqVk=
=Lmkx
-----END PGP SIGNATURE-----
News for package redis
