-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 14 Feb 2022 14:40:49 -0800 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:5.0.14-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1005787 Changes: redis (5:5.0.14-1+deb10u2) buster-security; urgency=high . * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability. . This vulnerability existed because the Lua library in Debian is provided as a dynamic library. A "package" variable was automatically populated that in turn permitted access to arbitrary Lua functionality. As this extended to, for example, the "execute" function from the "os" module, an attacker with the ability to execute arbitrary Lua code could potentially execute arbitrary shell commands. . Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and reporting this issue. (Closes: #1005787) Checksums-Sha1: c7323594890807164422503c38c4d687e9e8e14f 2190 redis_5.0.14-1+deb10u2.dsc d383cc7958c7ea89006509e4793c76eaa591cd20 2017965 redis_5.0.14.orig.tar.gz f0606f84773a5dd31b43348a4ccc5b3cebd3e1c8 27040 redis_5.0.14-1+deb10u2.debian.tar.xz 95bc17791025dba181ad800d6c60823fb4f8f94f 63564 redis-sentinel_5.0.14-1+deb10u2_amd64.deb fdce48049810468f5b0ab7db3c59097f5381b12a 90812 redis-server_5.0.14-1+deb10u2_amd64.deb d3b4e1d5e72406ef7cfb2b9f9f505ba552882cc3 1254712 redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb 272d111201ab937b40db64a5c8970390370a3f2b 540648 redis-tools_5.0.14-1+deb10u2_amd64.deb 9800667dd5f599f3f6ceac4edac179d1dcde7283 56136 redis_5.0.14-1+deb10u2_all.deb ba87f9c796cd875424b3417f534a0532f1242636 7061 redis_5.0.14-1+deb10u2_amd64.buildinfo Checksums-Sha256: b4f65b96b89f980077d7e042477c97421133bf19b77ebbfb0560db83ac13d70c 2190 redis_5.0.14-1+deb10u2.dsc 6d8e87baeaae521a4ad2d9b5e2af78f582a4212a370c4a8e7e1c58dbbd9a0f19 2017965 redis_5.0.14.orig.tar.gz cae16a8e87c1f45eaa14b62cd5a46cf753e4ac688322cf300e49e350aebf5994 27040 redis_5.0.14-1+deb10u2.debian.tar.xz 86946a3aa9cc0efc1400e2f767d13bb527b4991d9ad67d4ea46e2d2ed1f56412 63564 redis-sentinel_5.0.14-1+deb10u2_amd64.deb f3ca8e21d179771309e04ba74bd4d7fe10006d48f0a381d41d0e961b7f7e5afc 90812 redis-server_5.0.14-1+deb10u2_amd64.deb 5d7214ccb0be09a5bf7204a1ef56fe1c84ed07b004ebf3649934f35e828e2767 1254712 redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb c3fcc65f76f397ee5f68a2e48ffbe7d6cfdb5e6d62d0e251c10ae2388a1ab2e4 540648 redis-tools_5.0.14-1+deb10u2_amd64.deb 716dad9d84674ba16da517d8e1f00ff5d63904671f4306ef5f47b19f42e8fc44 56136 redis_5.0.14-1+deb10u2_all.deb bfdfa56d32bbfce8b92b83bcbe4f26f73d3dcf0e5705b25167bb8d9245fdccb4 7061 redis_5.0.14-1+deb10u2_amd64.buildinfo Files: e6c701025cb1bb2d983e6240b46a3075 2190 database optional redis_5.0.14-1+deb10u2.dsc 1a06c1b414d9f895b32e6af714932175 2017965 database optional redis_5.0.14.orig.tar.gz 70f6d2c86d96941343f1d360f547a782 27040 database optional redis_5.0.14-1+deb10u2.debian.tar.xz e64f92387fd903263197a1cbb1829a93 63564 database optional redis-sentinel_5.0.14-1+deb10u2_amd64.deb 09c80f9ab624f519a3b85426e4103602 90812 database optional redis-server_5.0.14-1+deb10u2_amd64.deb aea040f10b8a4d2422bd6ffc31d2d548 1254712 debug optional redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb 267208455bcd8d8372602de5b5e84320 540648 database optional redis-tools_5.0.14-1+deb10u2_amd64.deb 231d8446c16b71b0dd2b7b8510fbd197 56136 database optional redis_5.0.14-1+deb10u2_all.deb 7d006a42b9b83669c94f2a55f8288fa3 7061 database optional redis_5.0.14-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmINcucACgkQHpU+J9Qx Hlj5cA//Wm/4hMQTweY1HK5wBmSvJsFJ6uoO2iDqT6uD72+vcAgWmFpIY4Ms3YYD BUZjZhmLdra8JetlfGpBagDVQaY91lKuUDLBi2ppf9+dzzIzYflaNzmpNQqm177T uo6gGVqYZNCYp036WHtd9oBD99SH3R5T0QHFq/I7LmbWr8mtKooZ1ji7tXZa1nLU R3hKKz3j4WUBGuyvGCM7xsqWBqYVh6vhz+e0/Zns+UVWyV2Xno/YMw03sh/u7Vt5 qU+FcE10u551YuFnWBlNwNdm+53Xj/EOBtpiRA5fnrcYcA34Pz7kEyV6VzTIF06Y OESEcegCm1F/xkVJZfy8U2e181Y+BPDOIUTbsWi0NiakBfIJV1QSGL4fkyuntSqF WCKe7ukB10oORjOIs848Bbnnf0kG0TTCCURbJUyrk4725dKkJrtpUOe9WJ9+dbS3 9ElUvZjBTSdtrjXtwKphrkTz6VMHAl2CNs9WpbfrmRro4FOz1XM1nZPRJEfe7R6t VHHKQaRhs4eYQ2NNo0/ujwPjIITN2Y1xwJ5yXlutozKKSlLunEm6LfihOnaP3707 hdpetFrEjBGkIsP400AEGMWK4dzTBAUAB1spcWDzMJlmBph44ojAo9gNsmKGveuY Mn/0PL7oBoBSyWvsMDepTUq0QJdAdCpE1wOqZK0DI1A0YsIzh1k= =mfZn -----END PGP SIGNATURE-----