-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 04 Mar 2023 11:01:59 +0000 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.0.9-1 Distribution: unstable Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1032279 Changes: redis (5:7.0.9-1) unstable; urgency=high . * New upstream security release: - CVE-2023-25155: Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Closes: #1032279) - CVE-2022-36021: Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. * Refresh patches. * Extend our USE_SYSTEM_JEMALLOC patch to support latest version. Checksums-Sha1: 2ff5d24dfc8365cf05b6f040bf3044851ff4fece 2266 redis_7.0.9-1.dsc 64e520ec359754f61e57acea4ac1ebd28491e6c2 3015419 redis_7.0.9.orig.tar.gz 954efe368faa7c4baacc4d7eb0ba4e82bd571e58 28276 redis_7.0.9-1.debian.tar.xz 681587799d56bfe80256ef7ff6457b65df07f9d1 7430 redis_7.0.9-1_amd64.buildinfo Checksums-Sha256: 2c6e787742ecd3cdccf07f2f6fc499a188e6b6aca119645da35d763019299a21 2266 redis_7.0.9-1.dsc 535c41ba0e17004fab2394e30567a3c6b8cd541bb2b76ff67d2f16e6178d2f4d 3015419 redis_7.0.9.orig.tar.gz e5bb678d34ee2e30f4ebea8c4d1b8674194295c10e30e6615a65527b066eaea9 28276 redis_7.0.9-1.debian.tar.xz bd03dd3652503197eae2cd01d08476558653ba8eb74e15d22f09a49eadc70f22 7430 redis_7.0.9-1_amd64.buildinfo Files: ef468abc7a067dd042d07987eddc17e8 2266 database optional redis_7.0.9-1.dsc a467ff1b531856eef99c1f2198a324cd 3015419 database optional redis_7.0.9.orig.tar.gz ef865bb45d1567d9eedc90dcd9d9c2b7 28276 database optional redis_7.0.9-1.debian.tar.xz d360d853c5079b52aa6a31ff3d9dfaf6 7430 database optional redis_7.0.9-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQDJt0ACgkQHpU+J9Qx HlgWNA/7BlglCG086kJr+vHtkmZ3xYWGHyB0BuG/EYAtm7cXg2OHaj7rDssLMg7N kO/y9C51Aa1DVR077rkr4BKdfNK+8G9axaD+l5v1tl0umYHmjWYAnYOThjwJ4aBk iyIJ4FR4jS+mZWBCSQlDAh7z2NLfpCehWq7wFZkwInOW+HmbpGGwUd1hsoh7I16i ClkSaqWO533R9iWzCAYsj3uiglfOQYlQ/KYrADe5fyoQ3csBzQdKUo1zc81l82Ra OorOazefACUxNOKKohn3Tg8wwXCc967O/+bUNw8SgTxcARC0DS4nNYm340uUh5Xi w0obDpyT2FFpHLf0NBzyildhZZBuCXeq95/hmd0EeSPZms0kbGP1Y5g2TLRFQrne CB+/WjSPumWlbnQY9M5aks/eO7VKyeAvTOF467CMFUeFFy5gwCgVnd/rLAhHNrUQ agU1DH+w8OMNVPm7BAQwOxyc5Mv9G4D/wJATdqbUDewibRDQmiOgUcWkzNeOxJu6 ebVzOQ5zfaZ8v1Q8bZyZdQPTD6aVMPKSwqXJbygiuF9YB5fkx0tLi8TlTWFnHvVP WI6IfxZ45PP89pjg8MFOusjEb9Di7Lmze3/a+nTcGFtu/yfe1uFBkXj6+aWp6svl magDPK20CD2KX0wiFpthQhKy394gAZx8d3Nc4r3L2OeCGCUmgbg= =j9vM -----END PGP SIGNATURE-----