* [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12
@ 2021-03-02 8:12 Titouan Christophe
2021-03-02 8:34 ` Peter Korsgaard
2021-03-13 16:07 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Titouan Christophe @ 2021-03-02 8:12 UTC (permalink / raw)
To: buildroot
From the release notes:
(https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
================================================================================
Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
================================================================================
Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
================================================================================
Upgrade urgency: LOW, fixes a compilation issue.
Bug fixes:
* Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
Changes v1->v2:
* Version bump within the 6.0 series (6.0.11 and 6.0.12) instead of 6.2.0
* Remove patch that has been applied in 6.0.12
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index b72605013e..9b87b49fb1 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 79bbb894f9dceb33ca699ee3ca4a4e1228be7fb5547aeb2f99d921e86c1285bd redis-6.0.10.tar.gz
+sha256 f16ad973d19f80f121e53794d5eb48a997e2c6a85b5be41bb3b66750cc17bf6b redis-6.0.12.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index 96132ae962..c851e589c4 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 6.0.10
+REDIS_VERSION = 6.0.12
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.25.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12
2021-03-02 8:12 [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12 Titouan Christophe
@ 2021-03-02 8:34 ` Peter Korsgaard
2021-03-13 16:07 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-03-02 8:34 UTC (permalink / raw)
To: buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> From the release notes:
> (https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
> ================================================================================
> Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
> ================================================================================
> Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
> otherwise.
> Integer overflow on 32-bit systems (CVE-2021-21309):
> Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
> input size. By default, it is 512MB which is a safe value for all platforms.
> If the limit is significantly increased, receiving a large request from a client
> may trigger several integer overflow scenarios, which would result with buffer
> overflow and heap corruption.
> ================================================================================
> Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
> ================================================================================
> Upgrade urgency: LOW, fixes a compilation issue.
> Bug fixes:
> * Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> ---
> Changes v1->v2:
> * Version bump within the 6.0 series (6.0.11 and 6.0.12) instead of 6.2.0
> * Remove patch that has been applied in 6.0.12
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12
2021-03-02 8:12 [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12 Titouan Christophe
2021-03-02 8:34 ` Peter Korsgaard
@ 2021-03-13 16:07 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-03-13 16:07 UTC (permalink / raw)
To: buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> From the release notes:
> (https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
> ================================================================================
> Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
> ================================================================================
> Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
> otherwise.
> Integer overflow on 32-bit systems (CVE-2021-21309):
> Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
> input size. By default, it is 512MB which is a safe value for all platforms.
> If the limit is significantly increased, receiving a large request from a client
> may trigger several integer overflow scenarios, which would result with buffer
> overflow and heap corruption.
> ================================================================================
> Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
> ================================================================================
> Upgrade urgency: LOW, fixes a compilation issue.
> Bug fixes:
> * Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
> ---
> Changes v1->v2:
> * Version bump within the 6.0 series (6.0.11 and 6.0.12) instead of 6.2.0
> * Remove patch that has been applied in 6.0.12
Committed to 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-13 16:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-02 8:12 [Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12 Titouan Christophe
2021-03-02 8:34 ` Peter Korsgaard
2021-03-13 16:07 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.