-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Oct 2021 14:37:24 +0100 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:6.0.16-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Changes: redis (5:6.0.16-1+deb11u1) bullseye-security; urgency=high . * New upstream security release: . - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. . - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. . - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections. . - CVE-2021-32672: Random heap reading issue with Lua Debugger. . - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. . - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. . - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow. . - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value. Checksums-Sha1: 696ade6da3307025acd2fab77fa3a02b7076a306 2296 redis_6.0.16-1+deb11u1.dsc 381b94558450b967c0f6fa1e66497523f3c5da76 2307243 redis_6.0.16.orig.tar.gz 87c42c4141bb6d2283a7497095825baa5b6b89c4 29508 redis_6.0.16-1+deb11u1.debian.tar.xz bcbcd349947d4f38d59be4b72b35ab7dd0f49b57 64308 redis-sentinel_6.0.16-1+deb11u1_amd64.deb 92784ef41558973ac6ba9b7e18b064a20e0dee41 97980 redis-server_6.0.16-1+deb11u1_amd64.deb 5b973bbdab14a1dfdbfff4ca1245c396bc2bf57d 1760784 redis-tools-dbgsym_6.0.16-1+deb11u1_amd64.deb 00b85bd85a111caeac2335a5f9aa1a92417b674e 741740 redis-tools_6.0.16-1+deb11u1_amd64.deb dc5755af47c85af85b09ab62867241c68df06150 56556 redis_6.0.16-1+deb11u1_all.deb f5fd6470f489072a6ac853105a1f258f873b7d1c 7482 redis_6.0.16-1+deb11u1_amd64.buildinfo Checksums-Sha256: e2da071c82d478d42dcdf52db700c009f2b9e4c8f86ff066dadea507e9c8c9fe 2296 redis_6.0.16-1+deb11u1.dsc 8bea58a468bb67bedc92d8c2e44c170e42e6ea02527cbc5d233e92e8d78d1b99 2307243 redis_6.0.16.orig.tar.gz 048be7d3405c565c85060df6a2907a01e2782a5e90c5a78ec5f63fc48ddcdc78 29508 redis_6.0.16-1+deb11u1.debian.tar.xz 08e3eac56a8510ebf8756bb256785c23bae1a66f49d7bab1c7347b4720f438c3 64308 redis-sentinel_6.0.16-1+deb11u1_amd64.deb 539a84929d64a2e9e5a5bcb2d9e98972e2b2bfe623144d14578cf4d1797717fd 97980 redis-server_6.0.16-1+deb11u1_amd64.deb 13306e31c7b99350475d9e6b3a1f86885d431224c487cdd5c0acbe3566307341 1760784 redis-tools-dbgsym_6.0.16-1+deb11u1_amd64.deb 7991d13620b17d28e2ccc574d528737a5a728f160ce661e285132fb817f73f0e 741740 redis-tools_6.0.16-1+deb11u1_amd64.deb 7ee2530a89241d087d575bbe0c8f250f0052675cd53ec0b628edc3f8729618c3 56556 redis_6.0.16-1+deb11u1_all.deb ed590e9b7a37b7ad2aed617c670058911dabf88fc134e0ad9cb71b5576a0d4b5 7482 redis_6.0.16-1+deb11u1_amd64.buildinfo Files: 3d584c54e051a230fd294a8b00d00a35 2296 database optional redis_6.0.16-1+deb11u1.dsc cc0f506796970cf1454ee898e2bf7698 2307243 database optional redis_6.0.16.orig.tar.gz 392fcfd8391d8175d2688046d13fcf3d 29508 database optional redis_6.0.16-1+deb11u1.debian.tar.xz 45b78b827896a8d3fc046490b296312e 64308 database optional redis-sentinel_6.0.16-1+deb11u1_amd64.deb 86cd5b545f229d56a1adb78cca67cb21 97980 database optional redis-server_6.0.16-1+deb11u1_amd64.deb eb7260ed68a10086400a7411a78410c2 1760784 debug optional redis-tools-dbgsym_6.0.16-1+deb11u1_amd64.deb dba8a24ff87588b18ea8c54020f8a6cd 741740 database optional redis-tools_6.0.16-1+deb11u1_amd64.deb 9dee0f8549c8e16a8b7bd6714599f970 56556 database optional redis_6.0.16-1+deb11u1_all.deb 22eba998139914a1853527d64b378ff9 7482 database optional redis_6.0.16-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGEHYgACgkQHpU+J9Qx HlgjZw/9FO3fWhkeXvaiONWWSyJENIwylIGaZj3HLtmW1m1W6IX+YvCLos0gMGja iizyctkSnD6iZAOrEYoMB0vwRvzJo+j29pZ5PG8gbNo0na/Va6XCxc9TR6zIs5AZ 5JiPxy4aKtiNaTk8tBF7Dw9BS94OwXgAf4EgH+/1Gqg2s2Sm3RTzkd5UzNtwAjQh HXN6LDJ+xR4ZyEeX+g1agWmZpLex7MFEvo48fuN7feN7pNFGZ2EcIt1iKmdOq74j 3oqy99fqiUYXHxCyM0bQalPqzzP+oHg7W3YZB0phKMmlO60jOix9UH5VZPHIP6gK 12p5jG6m/UCqcgn6AXZUf9uUVbTM7ijniP0FqRwPLLdAaTeaDs27eIRWgtZDxkKV IYNFwjiW+V35qZi9QlCkx6m6raes6a21h97HppMHC/STTVnWodHnyoxKYNwulgFN NWUoG1vavDcckxKikoDKsQkV4kGO48OZlMxI1oXhWRgnecwp8v4ao7DzOXboCMku O/OaoN7mCn8kRYrTdA742RiVysrkttsXqqQpkyxlSzL26ZpjNggoaLikaN3OO4W5 x76+ZSHVMh5g+MWT3psUTe/5F0FtHf93PqH1HwbIicvITuoEzYv3uaD1HDPZyeE6 yIAfECwAPqcDcilnz5r8LxtQeoLDX1/6TgHxGJ1tj7vfyQbsUl4= =1Zin -----END PGP SIGNATURE-----