-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 01 Apr 2023 10:44:01 +0100 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:7.0.10-1~bpo11+1 Distribution: bullseye-backports Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1029363 1029844 1031206 1031750 1032279 1033340 Changes: redis (5:7.0.10-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . redis (5:7.0.10-1) unstable; urgency=medium . * New upstream release. - CVE-2023-28425: Unauthenticated users could have used the MSETNX command to trigger a runtime assertion and termination of the Redis server process. (Closes: #1033340) * Refresh patches. * Bump Standards-Version. * Extend our USE_SYSTEM_JEMALLOC patch to support latest version. . redis (5:7.0.9-1) unstable; urgency=high . * New upstream security release: - CVE-2023-25155: Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (Closes: #1032279) - CVE-2022-36021: Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. * Refresh patches. * Extend our USE_SYSTEM_JEMALLOC patch to support latest version. . redis (5:7.0.8-4) unstable; urgency=medium . * Correct "delaycompress" typo in redis-server.logrotate, not just redis-sentinel.logrotate. (Closes: #1031750) . redis (5:7.0.8-3) unstable; urgency=medium . * Correct "delaycompress" typo. (Closes: #1031206) . redis (5:7.0.8-2) unstable; urgency=medium . * Add delaycompess to logrotate configuration. Thanks, Marc Haber. (Closes: #1029844) . redis (5:7.0.8-1) unstable; urgency=high . * New upstream release. <https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES> * CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may have led to denial-of-service. (Closes: #1029363) * CVE-2022-35977: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands could have driven Redis to an OOM panic. Checksums-Sha1: f312b50f83987ff37337735482ceb43fafec8852 2305 redis_7.0.10-1~bpo11+1.dsc d5cd28c2907625532bef88828ba478a2f04d9bfa 3017600 redis_7.0.10.orig.tar.gz 70cff96a37e1da9d7e5d85679f3b0a23b2173e0c 28752 redis_7.0.10-1~bpo11+1.debian.tar.xz 712458d20531e3c0edc0e0f90fda973d253ef18a 32192 redis-sentinel_7.0.10-1~bpo11+1_amd64.deb 3c41ba577fdfc796c83bfd3a6359add418dac20e 71004 redis-server_7.0.10-1~bpo11+1_amd64.deb 8d3179a515652311a362138651463821fa42ba37 2635828 redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb c44c5015f511f8bc38852ef931c0c800fdb88249 984696 redis-tools_7.0.10-1~bpo11+1_amd64.deb e52a831a5f4486ab0488d808f3f6fbf745a6d179 23144 redis_7.0.10-1~bpo11+1_all.deb 149048ce6f5e99d0fcae8d37ae518e74954f3698 7863 redis_7.0.10-1~bpo11+1_amd64.buildinfo Checksums-Sha256: f8410c889d02db47d34faa6350f02d264b9d231284ca4bfd8fd9cb96d1553d74 2305 redis_7.0.10-1~bpo11+1.dsc 5be1f61c8ce4216e0ca80c835def3a16eb4a29fa80b2ecd04943eacac9d038ea 3017600 redis_7.0.10.orig.tar.gz 667515946fcfd54e08d4a405c4247bd9d196eb7e7a53a8029331c0741a951ad9 28752 redis_7.0.10-1~bpo11+1.debian.tar.xz e0c5ce56da1f3a4c3bab7c3554c0e7089943988b1db3b21d70899d2f1605f117 32192 redis-sentinel_7.0.10-1~bpo11+1_amd64.deb 9b5b7f80cf30a4d6889caa0dbcf788b603347aa3b2fbf6342c3610ea2d0efdaa 71004 redis-server_7.0.10-1~bpo11+1_amd64.deb f568f309120c56fb904e4d52dd4c803ac14d7e7800bc9a6ab0d7566579940337 2635828 redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb 82ff4aabd9b37b97bf76943082eb931341bf974ac2ec80e6ce9a138896d5b660 984696 redis-tools_7.0.10-1~bpo11+1_amd64.deb ec4253cee41043c2863763fc9856d0f82f1508d461ada535d497fcc7e9f06ddf 23144 redis_7.0.10-1~bpo11+1_all.deb bbf75c0b4440aaa573d2d7151cba321aed57593be1445dc98d3d716ad5fc7877 7863 redis_7.0.10-1~bpo11+1_amd64.buildinfo Files: 0087d141541dc183da371dc0d7dd7c1e 2305 database optional redis_7.0.10-1~bpo11+1.dsc c2b06eb38e6094be789ad18aa5b178e2 3017600 database optional redis_7.0.10.orig.tar.gz 67a0b1a1fbf3b8c3188bc64c9d5cabc1 28752 database optional redis_7.0.10-1~bpo11+1.debian.tar.xz e97e34ae3ad3f6da1ccb79aac5131074 32192 database optional redis-sentinel_7.0.10-1~bpo11+1_amd64.deb 6e278ae3da1e0458308bac78f234cad1 71004 database optional redis-server_7.0.10-1~bpo11+1_amd64.deb 4651d3f374a07666178002fc3c27894b 2635828 debug optional redis-tools-dbgsym_7.0.10-1~bpo11+1_amd64.deb d614a626368adad2bff4c8ea11900431 984696 database optional redis-tools_7.0.10-1~bpo11+1_amd64.deb 3d3b6fbe8c1dec18b805d9f92a7edc20 23144 database optional redis_7.0.10-1~bpo11+1_all.deb e0ebe5d65c144083902789ee9f7cea09 7863 database optional redis_7.0.10-1~bpo11+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQn/coACgkQHpU+J9Qx HlggFQ//REPirhqb0iVx70coIzDNUcuNfNlmJmgdin7eiOmWf69G6iAHTLuu56Vx OIBZChqfZ/g8FZlxKLmZZa+jDIPS4trDR9LF+snYy23WcgYbkka28T/VoEAsg0k4 1iNKfIbouim+EZFJOlksSOkGlEFNKEc6tykoNmH55q5WnuYZzcSsRRV8C3s5Xv2a NfrDCcptsAtUdLlPOlIiIa9bE6Nez3v+IEJVINmM6zZvIe0IaSmALLwff5xWHE6f 4Px6gq6moCo2T9ReDzguEzeZl1UEzPcZuN3TFBbocCPEtsZuPmsQfVUOmz9NCrzU J7vtPcH978TdpHPfVNZeGZZQgstwcD2+vViTZFx+G8uawLRLby85T/hQ6X4c+tpt fLolGemck3fT+q1awj4xTFeAJBHk2bJYjZRIJfOrlypBYpkEmfoE61rhl0t2zptZ dCiMi8fVXl8gkX1d5cq+CuvWKEBHaHgrGcqit6HiG9mfVarZ4EoHrY4i21ja+gJP GZcZdn13jfumYpvz9Rdmrx4xrrbaesyN5mdK6qV/dT0UKn53AWdNkYKaTLWozIZt FG9zQkHF5f/bL7rSFfAJ49feR6ScWZ10evKzQBlWDiJIr+GLLs54j4GWMtn+izw/ jLMtSbP16ATTSLp4LLN99ojoiMS7pHnQrMJY5hP3Ko/4DPlo9RU= =9JtS -----END PGP SIGNATURE-----
