Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted redis 5:7.0.15-2 (source) into unstable
Date: Wed, 09 Oct 2024 22:08:45 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 09 Oct 2024 13:41:44 -0700
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:7.0.15-2
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1084805
Changes:
 redis (5:7.0.15-2) unstable; urgency=high
 .
   * Fix three new security vulnerabilities:
 .
     - CVE-2024-31227: An authenticated with sufficient privileges could have
       created a malformed ACL selector which, when accessed, triggered a server
       panic and subsequent denial of service.
 .
     - CVE-2024-31228: Authenticated users could have triggered a
       denial-of-service by using specially crafted, long string match patterns
       on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION
       LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long
       patterns may have resulted in unbounded recursion, leading to stack overflow
       and process crash.
 .
     - CVE-2024-31449: An authenticated user may have used a specially crafted
       Lua script to trigger a stack buffer overflow in the bit library, which
       may have potentially led to remote code execution.
 .
     (Closes: #1084805)
 .
   * Correct a link in previous changelog message.
Checksums-Sha1:
 9bafb437de37694fad2a2e563ec30f2b2eae96a8 2273 redis_7.0.15-2.dsc
 55e8528b1bb915895915e816a9c6a797b1f1c40d 30740 redis_7.0.15-2.debian.tar.xz
 012acf34db6ab79a358dbbd974a3e6b79408f83e 7354 redis_7.0.15-2_amd64.buildinfo
Checksums-Sha256:
 e39fcc2feb94ee743f901b9ae91b162e1b41d7ee0c54c0c4702cc48d286af673 2273 redis_7.0.15-2.dsc
 b72ba287339775d5b99c9e35b7ff3e057c0671e5be584633871ae2a4944b2e6f 30740 redis_7.0.15-2.debian.tar.xz
 4951d7d97d8b9c77c31f02cd2c3bb2d1017144fa55d4d6e198ef838e19df94f9 7354 redis_7.0.15-2_amd64.buildinfo
Files:
 4a5be94439db51f4cd42cc47723510cd 2273 database optional redis_7.0.15-2.dsc
 af1fcc3c760724efe24cce11a4abdd7d 30740 database optional redis_7.0.15-2.debian.tar.xz
 faa8b598243c2f338d5d6d1654187f91 7354 database optional redis_7.0.15-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcG61gACgkQHpU+J9Qx
HliA3g//X0FahxSOikmMYqV4T9Kk+BNnA0wrOv4elAqUnD5UhA9wNkPTFL9np3r/
eI/g3P5Fyu6ZV/4DZ29taIqlJbbdhfBtpELMwNst8I7In/+Mj0/Q2GApmyEBwwSU
Ps1DvUIzYgybk8ZSn8+gXBI2XThg0gGBU/ogjk1tNMGPDBM8jIhQtN5A4ey087Eh
rbMclk0Lo8xWOeq8hxb0/wW4ihSYh8dKFqrvLOIsBj1pgcZmxyrRYN5TAaoYmtNb
KjR22ZWWMYtFGf2XDQm/aOuYWFePkkyXQlGSZUlP5tB1LzYUdYgYSbTYYzcVNbrW
aiMfBcm3dJI18U3ROJBnOe1LkXpttmRCqao1cDJwognBbyQpZRnveXJ8PuQZfhUU
gk2xmqgGAI6mHK5TA+eATozc2L8/bTt5uW4HwTM01XyumsfIxrGdxjr62wUErGmb
74xpOp6Ct6a0preajMC0k/AAarnbD8Oxl5AuuJ3tmK/6WUZPFjTQcx6JRpU1twSH
sIJ4dv+15BQi+/xud1gV4vPkczYTYOLXRHT7EPXrwjH3MSuRBU4SzJn8pXZo37pa
1SaKLrh//T8FhLv1zRTjG7TnbsdqTBOtgYWt5/SLQ3c5gnZhkks8MDA0UXuP5Iiw
RevP363jj5mdz52G04BhikLSYVuVm8Bh0onf3IprxjSRjYl8j4w=
=pFmZ
-----END PGP SIGNATURE-----
News for package redis
