Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org> , <debian-experimental-changes@lists.debian.org>
Subject: Accepted redis 5:7.2.5-2 (source) into experimental
Date: Wed, 09 Oct 2024 22:09:00 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 09 Oct 2024 13:51:24 -0700
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:7.2.5-2
Distribution: experimental
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1084805
Changes:
 redis (5:7.2.5-2) experimental; urgency=high
 .
   * Fix three new security vulnerabilities:
 .
     - CVE-2024-31227: An authenticated with sufficient privileges could have
       created a malformed ACL selector which, when accessed, triggered a server
       panic and subsequent denial of service.
 .
     - CVE-2024-31228: Authenticated users could have triggered a
       denial-of-service by using specially crafted, long string match patterns
       on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION
       LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long
       patterns may have resulted in unbounded recursion, leading to stack overflow
       and process crash.
 .
     - CVE-2024-31449: An authenticated user may have used a specially crafted
       Lua script to trigger a stack buffer overflow in the bit library, which
       may have potentially led to remote code execution.
 .
     (Closes: #1084805)
Checksums-Sha1:
 30fcf1a74b614a1697b3e1832f7aed0ab9a28494 2231 redis_7.2.5-2.dsc
 cda255682090f201b1e4befdf3b368793962fa80 30712 redis_7.2.5-2.debian.tar.xz
 a26d528fd4461728be2738778c1b33d75c702abb 7271 redis_7.2.5-2_amd64.buildinfo
Checksums-Sha256:
 facfe18cc3ad33018165abd492d1e1e0955c61c9f98ab2dafc633b0c503b0e8d 2231 redis_7.2.5-2.dsc
 ff1835fab9c141166392b28c7d2cbea943e1f791142896a9c3cd83fb00d07657 30712 redis_7.2.5-2.debian.tar.xz
 6b2048c3c04da256f919f9f9bc3f6954fb9cb3a225a8db6d407c5061b652130b 7271 redis_7.2.5-2_amd64.buildinfo
Files:
 79dcb774300071bc9be4257ec3d62ebe 2231 database optional redis_7.2.5-2.dsc
 57e1627f034d9943bc9e2f3ac0f2b49e 30712 database optional redis_7.2.5-2.debian.tar.xz
 59a3c1952d284294f6dfd5c7621a17a5 7271 database optional redis_7.2.5-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcG7ZQACgkQHpU+J9Qx
HliwsQ/+NPRA1OUYI/3lOP2bXqWUmRu1QH7yiq+1FPEXQ2PXiCrxvbG/UNVqenld
rC0X/0805bVKoewTz9oNlbWhGp5on4HhxvVWf40DmY/3r1cywwUVkAoF6E6aceuB
Ag1BPJ3WCMvKddmhISiKuYRHq0UuvKOMEFduyNBJGptIRecraMcIbTjmt2QCiaJE
EgPSuAirLTRaydTbcpCaF8hDnPdT4VnxN9A1Xy6pHIqPfiWcx6T1MkAbTijStGhi
iIqxHP68uDqvy7IM/4qx1Hj4Asb5FVNtweZ47BFVOYiyYEJdG3H2skK6ns13xWHN
gYyUXbL6PS5sXoF19BNLjYguywJN+r7Nqi+9PDuiK/FWr2zbu50sjk+LyTxG3acp
azZFcVespCJTLq8RTOjDT/KGxBQ8sCVr8KxHWZ07qXDGhVmxq/jyjJZfgcUFanll
mJ8dtw+OvGb5YucC4wRvGpJBXeOX9LsWZEeDQzuTYYFU8Ic4D6pcwNGWGv+Vqoyo
IER7LP1XWH/S/CNMTowTVPE6Xko8FggQteWZjWCqmF+DdoKHhfgZeQR7YTa9H2JR
cQvtDWyakWdn9Xkiq9K75qMJ+gYLZAhCHrLfAHPuElohogMQXRsL3qFSTjM4WfYg
L0JaSxBXZ4unUefRVzplIGUiGPTBFMqnRW7EqCOtgj+q01pxjV0=
=XTdq
-----END PGP SIGNATURE-----

News for package redis