-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Oct 2021 10:00:49 +0100 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:6.0.16-1~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Changes: redis (5:6.0.16-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . redis (5:6.0.16-1) unstable; urgency=medium . * New upstream security release: . - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. . - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. . - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections. . - CVE-2021-32672: Random heap reading issue with Lua Debugger. . - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. . - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. . - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow. . - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value. . * Refresh patches. * Bump Standards-Version to 4.6.0. Checksums-Sha1: 2ef043fad7ef6a37517985d71440244be4661a52 2296 redis_6.0.16-1~bpo11+1.dsc 381b94558450b967c0f6fa1e66497523f3c5da76 2307243 redis_6.0.16.orig.tar.gz 16e1734be59a32fb49e47c3e7ee66b6e6c6fea18 29548 redis_6.0.16-1~bpo11+1.debian.tar.xz eceb2119f1489373166dae627a95dfe4de8ce250 64296 redis-sentinel_6.0.16-1~bpo11+1_amd64.deb b8b4644e7148a1cf97824065dc18eed32bb69d40 97956 redis-server_6.0.16-1~bpo11+1_amd64.deb bc12c8b3823e963cf28bc83c9244c83eed3b302d 1634932 redis-tools-dbgsym_6.0.16-1~bpo11+1_amd64.deb 66bafadda593837e09fd5051c97001f32f1a456f 718208 redis-tools_6.0.16-1~bpo11+1_amd64.deb 130076234e310f0d94991387b1caac01fd087321 56548 redis_6.0.16-1~bpo11+1_all.deb a842d1aa73d0bcf644f34b2ab6ed341925f90e33 7356 redis_6.0.16-1~bpo11+1_amd64.buildinfo Checksums-Sha256: 28bcdbdcd06edb4216ddc791bea99e65757c30be544df6ca7f465e90c76c50df 2296 redis_6.0.16-1~bpo11+1.dsc 8bea58a468bb67bedc92d8c2e44c170e42e6ea02527cbc5d233e92e8d78d1b99 2307243 redis_6.0.16.orig.tar.gz ecc6236a6005688dd8d5bd751c4557f55cd02b7a5a698f63925a1e35e828bf40 29548 redis_6.0.16-1~bpo11+1.debian.tar.xz d58a3d376fd643676ba53bd3785dabeedf652e41c86bed03ef9c06fa50cad4e3 64296 redis-sentinel_6.0.16-1~bpo11+1_amd64.deb e1edc90aae6dff3cb4bc886b483c14d8b78eeff4739cee1c43d1b2e864841583 97956 redis-server_6.0.16-1~bpo11+1_amd64.deb 66db80340974c664805dcf7b6e180d7aae1a979a8ea705f8fb63c3c45cdc51d9 1634932 redis-tools-dbgsym_6.0.16-1~bpo11+1_amd64.deb 3bebd9815bccc44107b4b27357a40f2392bdb1007d5ad487fa5d312f982f7d29 718208 redis-tools_6.0.16-1~bpo11+1_amd64.deb ee6988a050c08d24f573c565acb1db17ac267aeaa0ebfa2caadbe67d2533ddcf 56548 redis_6.0.16-1~bpo11+1_all.deb 530a0f01082b678302ee9f2d66d6f99577297c9ce9f4c412b6913955424e96a0 7356 redis_6.0.16-1~bpo11+1_amd64.buildinfo Files: b14554809d123d238f4dab031f2512dc 2296 database optional redis_6.0.16-1~bpo11+1.dsc cc0f506796970cf1454ee898e2bf7698 2307243 database optional redis_6.0.16.orig.tar.gz c8719c1a2e979720f48aa0ee0f7f79bb 29548 database optional redis_6.0.16-1~bpo11+1.debian.tar.xz 097e00320186e64febf1ec14999a7a26 64296 database optional redis-sentinel_6.0.16-1~bpo11+1_amd64.deb 6f2a3eaf3ad69122e09a856bb18cc29f 97956 database optional redis-server_6.0.16-1~bpo11+1_amd64.deb 394b5144594991168005b8c9df60a1d4 1634932 debug optional redis-tools-dbgsym_6.0.16-1~bpo11+1_amd64.deb b0e31b98cce87e37c8a9f3738ca79a06 718208 database optional redis-tools_6.0.16-1~bpo11+1_amd64.deb dc0e5230d205fdd58109e623ecbcf282 56548 database optional redis_6.0.16-1~bpo11+1_all.deb 7bf9c9a99dd20d53a3d1dd52d6285e33 7356 database optional redis_6.0.16-1~bpo11+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmFet/8ACgkQHpU+J9Qx Hlidcg/+JIxP0i8y7km4Aq6CPdIjtJ/U3Ka3yJ1x5VliNTqSspyNabU0mVlTtEl/ qJHLgWjawmnKCZxfxa6Ju+4RWDPKNlsTOaunK+Rl7kQEqOp9ekNH+74+Ce38n5lz jSccbqe6gN2bCqh/VgYdom0hnLldCde2IRzueWp3wdEBZzkv4dHtT9kMkn8Bf7w8 h3PHGPjCqDOD90uVVxwzhe5hb3z4Ata0Y6jp/E8ajmicAf0FZP/TC7+Tv+ngueyw 4mIlsDcoEadHgdVPDqsNvJaQBamf7Wxu606hgKm6e6OgcEo4J0mdA3YkHr7c5M6Z t7N2Vzrl/hNC8lIaN+vWikHMnnUze4zKv09PeJdYGBoFjOG/3jHWrbl6DOANwMEV HG04pLmFk4LIVxBEoQNrFKvBH0EHIlt1z7cS2DKePV8y8fEHAg+Rpcr/6NS/c0Xc JLhnmOYsXZ0uWPDbVaGxIvIkaY16MLyN48Hn/fMHL3Xsuo6Ng40cQFH/5tPr+XpP Yj2hKpGOJCEfABdQK0fKYMzsIN3Xvpw943PPkcXRMydmLo44gjyVMzgf5/NctNfD pjmi+2Xdbv9WvSBZUov/RvsVSkAVUieRyXNGj3Fxc/78LM74O/XqWYTwIJgfSpTM pneDKaj0sFo4yxWtkDYpvnctYLSN9DqrHxKUEvb+FmR1gJM/DXs= =3uxD -----END PGP SIGNATURE-----