From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B66CC4338F for ; Fri, 30 Jul 2021 16:24:22 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D025E60F94 for ; Fri, 30 Jul 2021 16:24:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D025E60F94 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=korsgaard.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=busybox.net Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id A683A60AC2; Fri, 30 Jul 2021 16:24:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEBhXLEkMmYK; Fri, 30 Jul 2021 16:24:20 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp3.osuosl.org (Postfix) with ESMTP id EC2FD60AB9; Fri, 30 Jul 2021 16:24:19 +0000 (UTC) Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 1DF011BF348 for ; Fri, 30 Jul 2021 16:24:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 1B71060AAB for ; Fri, 30 Jul 2021 16:24:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbkiYn4gVORP for ; Fri, 30 Jul 2021 16:24:07 +0000 (UTC) Received: from busybox.osuosl.org (busybox.osuosl.org [140.211.167.122]) by smtp3.osuosl.org (Postfix) with ESMTP id 6FBEE60674 for ; Fri, 30 Jul 2021 16:24:07 +0000 (UTC) Received: by busybox.osuosl.org (Postfix, from userid 4021) id DB0168A300; Fri, 30 Jul 2021 15:49:16 +0000 (UTC) From: Peter Korsgaard To: buildroot@buildroot.org Date: Fri, 30 Jul 2021 18:23:53 +0200 X-Git-Refname: refs/heads/2021.05.x X-Git-Oldrev: 86158609b1a109df1490f6f5134cac0d538e2d4c X-Git-Newrev: f5b86cf2cea89b1f7e3024fd5af39a6998bf0bdd X-Patchwork-Hint: ignore Message-Id: <20210730154916.DB0168A300@busybox.osuosl.org> Subject: [Buildroot] [git commit branch/2021.05.x] package/redis: security bump to v6.2.5 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" commit: https://git.buildroot.net/buildroot/commit/?id=f5b86cf2cea89b1f7e3024fd5af39a6998bf0bdd branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.05.x >From the release notes: ================================================================================ Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise. Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution. See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES Signed-off-by: Titouan Christophe Signed-off-by: Thomas Petazzoni (cherry picked from commit f4b1cda06131931d713d33723355f71e4036b73d) Signed-off-by: Peter Korsgaard --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/redis/redis.hash b/package/redis/redis.hash index f5e5827dab..3d207fa4c1 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 ba32c406a10fc2c09426e2be2787d74ff204eb3a2e496d87cff76a476b6ae16e redis-6.2.4.tar.gz +sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae redis-6.2.5.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index 4e16b346c1..c1d435015d 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 6.2.4 +REDIS_VERSION = 6.2.5 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING _______________________________________________ buildroot mailing list buildroot@busybox.net http://lists.busybox.net/mailman/listinfo/buildroot