Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted redis 5:6.0.16-1+deb11u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates
Date: Sat, 19 Feb 2022 17:02:12 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 14 Feb 2022 14:45:00 -0800
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:6.0.16-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface (monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 1005787
Changes:
 redis (5:6.0.16-1+deb11u2) bullseye-security; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
Checksums-Sha1:
 73a12dedee6e1510def455590526af17ccf56a24 2296 redis_6.0.16-1+deb11u2.dsc
 cd9e181eef1125b7c7eb9cd1198791ac0a9f24ae 29764 redis_6.0.16-1+deb11u2.debian.tar.xz
 b750091b586a44eb6a208b5b0fd772943c0e323b 64540 redis-sentinel_6.0.16-1+deb11u2_amd64.deb
 8e424ccd6768ead6b953c3b0438dc75fbf5ac1e4 98212 redis-server_6.0.16-1+deb11u2_amd64.deb
 752ff3b7355ae569dd88e990c6ef5fb67abd7bf0 1760540 redis-tools-dbgsym_6.0.16-1+deb11u2_amd64.deb
 52750a0022140b2d0f051cce4df742727411f759 741308 redis-tools_6.0.16-1+deb11u2_amd64.deb
 d9921bfcfa27a7825ffed9b112b10b8e49063180 56796 redis_6.0.16-1+deb11u2_all.deb
 c271c00ede79a4f5a45983efe0350d1efe7ccd1f 7482 redis_6.0.16-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 fbce4f2cb4b5c7d1e4371b74dfd54066de592080f398be148c274c7b116060fc 2296 redis_6.0.16-1+deb11u2.dsc
 11dd7e429818fa7a4595849bc3223f4a23055d4e83b474e54102e5eeb922ad0d 29764 redis_6.0.16-1+deb11u2.debian.tar.xz
 cec84029bd00b54bb7ee425c1561336141bfcdc626e87a32001e84e93510a923 64540 redis-sentinel_6.0.16-1+deb11u2_amd64.deb
 d7d3d93e00d414982eef09b57de3ad39db5ab61c16aef58241dedb75db0105fc 98212 redis-server_6.0.16-1+deb11u2_amd64.deb
 e3198c1a058b1dc0f795ff81f1b6346d39edbafa736e0ed36653c4f2546e1d38 1760540 redis-tools-dbgsym_6.0.16-1+deb11u2_amd64.deb
 0329056b6cf1cc65ec1069a66bb0825ddb8307d1c6c5c93ab022fb19187138fd 741308 redis-tools_6.0.16-1+deb11u2_amd64.deb
 9f671ecd20d9c60cb5548cf0608b9d259b89cbf55ba96f888c31a4477a0d351e 56796 redis_6.0.16-1+deb11u2_all.deb
 66986056b626ba113fd77911d6e3bb86b95f04a15dcb3b0bf6500321fab19350 7482 redis_6.0.16-1+deb11u2_amd64.buildinfo
Files:
 39239e8d8292c0c73daa176405380215 2296 database optional redis_6.0.16-1+deb11u2.dsc
 33786e9d93c01b16352b2b25372a69b4 29764 database optional redis_6.0.16-1+deb11u2.debian.tar.xz
 9ad5ac71ee63206022820e1ea82e24dd 64540 database optional redis-sentinel_6.0.16-1+deb11u2_amd64.deb
 5ce11a294ed67a34a59f5ecc612bc45d 98212 database optional redis-server_6.0.16-1+deb11u2_amd64.deb
 27b40d97fa17552a2aa2e1268232c738 1760540 debug optional redis-tools-dbgsym_6.0.16-1+deb11u2_amd64.deb
 94004e20ad4918c55b15d633f019f3b9 741308 database optional redis-tools_6.0.16-1+deb11u2_amd64.deb
 05d1e4d3be7b82c80396fc23d2611b47 56796 database optional redis_6.0.16-1+deb11u2_all.deb
 8339e96b1f51b7306e624952b9b1a1ef 7482 database optional redis_6.0.16-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmINc7kACgkQHpU+J9Qx
HlgZgw//YSjcO3JSSvbZFP3GqYl8jYysHBMMJtqGb3vnkRuq2jgxDr1ZgDN1DAKz
a2+j+nES56Y1lny6TdbhQk9rLV9c2yVVrdcaO3P41goii9SSOUO4/IMuzPHqil39
7ApnuORI07MZ5SbpKKRDdzy4mfE2fOcSkCkxyD0IslkO32vxR95/nCLXG1lW7Hmp
FRnLJwDa1fLiUQNyAWEQSGaZzEDO3MOofQzHLrSWMkj4lBWi8mOsvKRzIiy55+j+
GeCYsDJKTLmtoGxrHIbz3dnexTp/Zc2o3cBecgpgIfgUJphHpgNP76cugXchjJ6S
YPXUyc5OvSjyEtBYAWdVEwCBw8w59yZhkOJO8LR3l/Ho+u39OSFO5VN54bRJ5I3o
58tCTIFlE7H9Vr6G9T9tk/u4AnwzPeBJ09/nH+58vTgnall/mSw4s49d/07y9jAP
IpKTY0tD3RkJ2zew674WZbfAxicVtOWqvQErhT7Y9Oa6w7edg4UPrLRus1UP3VBJ
aX5Td00D/GeW+VxIkel/cBxb2pTZlXuzCKm55tcUJ6M81THXlmlHedaqzbvHAmkO
W9cfu4TH49jUauoCPJ5eBZiNvqeRN0Dr6xTJGut6Q8dZ/zBCHpbN/7/xKSF84JI7
i+fNJLiRK7DFnOl+LZBwsCPj6Zws5QeFF9X9t2mKKisaw9tlOUM=
=K53A
-----END PGP SIGNATURE-----
News for package redis
