-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 06 Oct 2021 15:39:35 +0100 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:5.0.14-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Changes: redis (5:5.0.14-1+deb10u1) buster-security; urgency=high . * New upstream security release: . - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. . - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. . - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections. . - CVE-2021-32672: Random heap reading issue with Lua Debugger. . - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. . - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. . - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow. . - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value. * Refresh patches. Checksums-Sha1: b588a8dec08607fb6a19c95a2d6005a5b649b0b3 2190 redis_5.0.14-1+deb10u1.dsc d383cc7958c7ea89006509e4793c76eaa591cd20 2017965 redis_5.0.14.orig.tar.gz f2d80d77cf62601044358c486d6a732dca865f07 26812 redis_5.0.14-1+deb10u1.debian.tar.xz 7f6bbfffb8334b6c09ffd9a621bef450bc732a6f 63240 redis-sentinel_5.0.14-1+deb10u1_amd64.deb d951b82a9f9e8aa5a5e0bf61fc2f4e3a04970e84 90524 redis-server_5.0.14-1+deb10u1_amd64.deb 578e89e65d0b9d00635863e8bf7ab8fefb57da4c 1254808 redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb c37a4467951231f83e60a9fcc6bc1c5331660aae 540404 redis-tools_5.0.14-1+deb10u1_amd64.deb 14b3aa118019be2dc4596c923caec0a09ebe8b74 55844 redis_5.0.14-1+deb10u1_all.deb 5141c1acc53df68ae7d7ad763c2d089ab0d5cb1c 7061 redis_5.0.14-1+deb10u1_amd64.buildinfo Checksums-Sha256: b16857e79bf8b31d7addcc92f7e7f215da64582f935827340a7a9b7a48d0a7a1 2190 redis_5.0.14-1+deb10u1.dsc 6d8e87baeaae521a4ad2d9b5e2af78f582a4212a370c4a8e7e1c58dbbd9a0f19 2017965 redis_5.0.14.orig.tar.gz 3d345f749cb60414b096109d076ce217789dba35aab20c0476537689ab5afdbe 26812 redis_5.0.14-1+deb10u1.debian.tar.xz 9f1135ea4cf803a2feac256f882dd2148ef4da0743d1e9b3086e133c488a2cdd 63240 redis-sentinel_5.0.14-1+deb10u1_amd64.deb 0b0308ab17f4298d9ab67f11063639b40198b596470629fa9a5958b6d51b9eeb 90524 redis-server_5.0.14-1+deb10u1_amd64.deb 810b5c45409e98d2ecedb933cfa06c5a2b0a485ab0baccaf819e04e9344d5085 1254808 redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb f0fa2f41657652dfa3d42015058c99578f53752eaa5a4f0177d61ec762b70ada 540404 redis-tools_5.0.14-1+deb10u1_amd64.deb 7469275a1dbd411ad61a5bdbd8ff972ca3be974b5f3f6015523116b9c03fe334 55844 redis_5.0.14-1+deb10u1_all.deb f67f25514fc168df3ee7f42044c78913c65b255db7ea2270dcf65e7e0f870453 7061 redis_5.0.14-1+deb10u1_amd64.buildinfo Files: 5e9274a57140ed445e9126281351e9cb 2190 database optional redis_5.0.14-1+deb10u1.dsc 1a06c1b414d9f895b32e6af714932175 2017965 database optional redis_5.0.14.orig.tar.gz f1681cd4098e0771a7ef58ea6047b12e 26812 database optional redis_5.0.14-1+deb10u1.debian.tar.xz 32df07cf31ba5239e9c5b796d3428f0c 63240 database optional redis-sentinel_5.0.14-1+deb10u1_amd64.deb 66acd5d36a007a1132b55ea5eb7e6f9c 90524 database optional redis-server_5.0.14-1+deb10u1_amd64.deb 479f954f57059401fa266c95607a9f3d 1254808 debug optional redis-tools-dbgsym_5.0.14-1+deb10u1_amd64.deb d05a8ea9fceba6260b7b4052265f07de 540404 database optional redis-tools_5.0.14-1+deb10u1_amd64.deb a5f597ea64945987d28e2cfbbfd7aa04 55844 database optional redis_5.0.14-1+deb10u1_all.deb 8f2f093fcc376a3f9b82501e43cceb88 7061 database optional redis_5.0.14-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGEF98ACgkQHpU+J9Qx Hlj4Jg/+M/I+xkZwau6wkqM1IHkKfxmonRbjOWo+X2Np2uKsCCAnVOiScE/RpvYX TuAy7nsp1DU0aPnB61acoVQc34LqauDJU4TT9GND5+wYd0Z3NtHoTLLA3WOCkmEs DkoGpSr4K9jyIPIZeh3LFrUHgcTZQ0fnhhXwc+DSC5X/H7RQ/qHqhGF0bOMKhAb2 d0VeLKH6Erj+hmuO5ZlT4r5K2oy94RPlEdNeKF5NXKuIwaKq2R87AcePvl7YQb2g CaPK/IzVM/WjQKvuFzYDG/s2JFA0AXa8le01f4NFjMaxsP4do1cburbFPsnzsaGm eGqAYFa0M1d5SHPXuz36paigLLrUvHZDNrPeYugSVqfx1emB4lvcKFFh+WnwwKA4 3hvPRPGZbDgZs5WyrcAGpBdGnPi4mk/e0S2GjZZmw02LhXEaI3C3O375SZ5I/j13 IV3Yh7/AyeYq5lJ1qbCllY+t68ffj6IdUZjG7MRSpaVFxjekPlIpCQreclMeE84O 3CG9tDH1OPZvqAdBC2fKckZa3T2OF0LhRAJsnQ7+/IsazHdRIa9kUDaa8x8J2WTa IUEn7513bIh349t+/xpHwIBYZuh6K9iNqHEQd6m5OSAMz7rR3KtxuNfZbHT5nFWB 7cUAdWD4i990Lh645Dd6kH0pnJ6/vSNB03S7WeH6rx68Qq6ktPs= =9J9t -----END PGP SIGNATURE-----