-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 12 Jul 2023 09:57:10 +0100 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.2-rc3-1 Distribution: experimental Urgency: high Maintainer: Chris Lamb <lamby@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1040879 Changes: redis (5:7.2-rc3-1) experimental; urgency=high . * New upstream security release. <https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES> . - CVE-2022-24834: A specially-crafted Lua script executing in Redis could have triggered a heap overflow in the cjson and cmsgpack libraries and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support and affects only authenticated/authorised users. . - CVE-2023-36824: Extracting key names from a command and a list of arguments may, in some cases, have triggered a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. (Specifically using COMMAND GETKEYS* and validation of key names in ACL rules). (Closes: #1040879) . * Refresh patches Checksums-Sha1: b63d6087c49c6e79b562c946a5c2af6aa9d85ca4 2245 redis_7.2-rc3-1.dsc a52b4341b11246b6938ee71d59c2f50b78e112cb 3417862 redis_7.2-rc3.orig.tar.gz 177e7fb946b1a8b41fd3e2382526d4084689894a 28528 redis_7.2-rc3-1.debian.tar.xz a2757732e612dc716a34c7ca3077238a296443c7 7496 redis_7.2-rc3-1_amd64.buildinfo Checksums-Sha256: b4ec260b2f5d47b39bf2a471a8471f6a4b09e7f98f1620a8eb64e90d74a1a312 2245 redis_7.2-rc3-1.dsc d4e116a7c968442523c00c20c65bc541ae8974964f340dbe07993e39e3fd48ef 3417862 redis_7.2-rc3.orig.tar.gz 13b1fd8e170278bfa2b563b70ab7e069b2ac8cb6fa9a970feb212903ba15324e 28528 redis_7.2-rc3-1.debian.tar.xz d87d0bfc9fcd61c942ac9640dd2e64d0004f5a93f115f53304aea6567d93b1a3 7496 redis_7.2-rc3-1_amd64.buildinfo Files: 3a961e24be27ab34805217b6c51a8a2d 2245 database optional redis_7.2-rc3-1.dsc a697dc73568c6dea45a16deb7e8668ef 3417862 database optional redis_7.2-rc3.orig.tar.gz 57d51aec85914476a3541de538716d66 28528 database optional redis_7.2-rc3-1.debian.tar.xz 362e461ca4ed686d21813206a40a941b 7496 database optional redis_7.2-rc3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmSua/kACgkQHpU+J9Qx HlhiLhAAgMMqnQPRxqqiNjylh1Z5J2LcUsZnSiOC5CMsaO2lPwW0Zc7XjsaRUw9a aU0U2pc4w0VClXiNdlO76nNV/S01oXA1oxtBwt9psxOOn4x8kN6zkPeUjM2NFYQ3 IPr2vK7vRFKeC28ADp5nR4OhlPpWhUZ5MbuX2idcOC6ONQArHk/2Cmxe3ok378tz rCbmnMY67AGnYy8V3XRlzRcJa7aRACKgZh80vUPeVVJK2b4vol/xFeR6+dV/fjUO S88cDE5OMq9VSg/8azM/GULGriO38b/SfA+i8f0vhOBl2ghj5HAlRBOyNGo1fnNR 0oEtiy9W7bSNFfETQvC2iqTUhQ4XVF+RI8VCWVB4/0jkhYW2zHIdmQoibVBzbBTa cPBU9Qz//CxFCDvvuXU0GhkijI4nemzBDi2kjx1RRf5GXeDRCdJrNbdAhb8a8Bld 78zR5dXq97LPQ0b/nviOjZB1EwIYoWnHTwUsyrffIkzPgU3l355XmeTiI5ZQWVBd 4uNEMO3P1PCIu1rrnP2yPfcsSa2O2VO5F3jKPVLLehwPGATua5Wh1SKtya1WICdy 0Ny9SKu2CbupjEVpOd4r7J0oLoj0tOROa0pT98kn70tANaB1hKDWnpyhE2jRtsPB xNr8HD5sE7tErD/I67GW0h06st/Dfr7ggxRF7YaQIWZM3ec6n3g= =ItXH -----END PGP SIGNATURE-----