Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted redis 5:6.0.16-2 (source) into unstable
Date: Tue, 08 Mar 2022 11:24:55 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Mar 2022 11:08:46 +0000
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:6.0.16-2
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1005787
Changes:
 redis (5:6.0.16-2) unstable; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
Checksums-Sha1:
 48810dfaaee552b2a397a27ae832f607b3b70e3a 2264 redis_6.0.16-2.dsc
 a47df9adeaf3d1ff9b9df1b1fc8e8dbd191490e2 29756 redis_6.0.16-2.debian.tar.xz
 27cc668080e3467e8d9065a5afa5ba6b3e9ac4cc 7408 redis_6.0.16-2_amd64.buildinfo
Checksums-Sha256:
 41cab0e400c1400067bd887d181c7975dd4e0cc5e7c626b0afc5d8c3cd23009b 2264 redis_6.0.16-2.dsc
 64cb48251a82f003fc79c4277807ac8c867d61c169cb053682b6e0731e91b1af 29756 redis_6.0.16-2.debian.tar.xz
 82cc08b3f4c573c0ca8d714933078df540e8025931a8afac77c8ef8b518d452e 7408 redis_6.0.16-2_amd64.buildinfo
Files:
 6315f9aab14ce34a8087524f9ae0c702 2264 database optional redis_6.0.16-2.dsc
 cf578dec93c53c6d7947dcff5dbc16f7 29756 database optional redis_6.0.16-2.debian.tar.xz
 8c0cb37c41106f795f92ebe4e6bb5374 7408 database optional redis_6.0.16-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInOc8ACgkQHpU+J9Qx
HlgQ+BAAl8AxvcmQTuMFyO+XMj4ig/Gvv9RB0qF3jhAWOG7NykTP3pdlEFxZwRGH
VcOtPjVmIgcKGZDvJOftW5IwGaAWCqplOpm/vgHwjPHGLAkAARXWJnDQDxmJsMPZ
UqwMhqqJH2XpbjDs1sH9FPUbHPNfXnbQpMyyFjpYPk6jt38moj6hN1laArDxvjt9
BQqCxT4X0ZctSiv/iakOUXz2bNWlu1ZqayWVQ/nfCdrViosegwEfpmmDwgOUS4YG
SWzN8+dYgd55hC1J+M7WX8qtCmY+CZatfZWVpa5so1VfpfOCBSWQbuVN6gann66w
f/GmTrzP7UHGGpUPJV3dCwc+YXIeosFCON3ilrHYXttxqAfSAeJCEu65amaaIX3W
G506701U3hfIOGME1WgjiarKSMZF3+uhgTSwqjrosRJ7qUzQiL3jV1OFkgv9UjwT
hxkqPDF2gjIb4LiYQnTjC/HSWl1xqg/BA3oaOPCbFy9UxQEPcNW98MM7JXDhAORT
NWDA7TaL2Sd6isJuY/wchKUbMFUP/bN5TesZKfW5kTLHVNDkc/kd24UJYBxnirqV
IyzHTcVjkPGFwPi3V5bBYUcEj9XwORC99spiTG7ndNOPT3WbqyRAmxC/hxNNufl6
npZIolO0++hWChi/uzkKtgKQu19F0R4Gzr8Nc+z0eQ64tgpkv+s=
=v/95
-----END PGP SIGNATURE-----

News for package redis