* [Buildroot] [PATCH for 2022.02.x 1/1] package/redis: security bump to v6.2.7
@ 2022-05-02 10:16 Titouan Christophe
2022-05-03 9:51 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Titouan Christophe @ 2022-05-02 10:16 UTC (permalink / raw)
To: buildroot; +Cc: Titouan Christophe, Daniel Price
From the release notes:
(https://github.com/redis/redis/blob/6.2.7/00-RELEASENOTES)
Upgrade urgency: SECURITY, contains fixes to security issues.
Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.
[reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject Lua code that will
execute with the (potentially higher) privileges of another Redis user.
[reported by Aviv Yahav].
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
---
package/redis/redis.hash | 2 +-
package/redis/redis.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/redis/redis.hash b/package/redis/redis.hash
index 74a9392a63..6871a59041 100644
--- a/package/redis/redis.hash
+++ b/package/redis/redis.hash
@@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
-sha256 5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab redis-6.2.6.tar.gz
+sha256 b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319 redis-6.2.7.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING
diff --git a/package/redis/redis.mk b/package/redis/redis.mk
index f3c030d68c..fb7f653742 100644
--- a/package/redis/redis.mk
+++ b/package/redis/redis.mk
@@ -4,7 +4,7 @@
#
################################################################################
-REDIS_VERSION = 6.2.6
+REDIS_VERSION = 6.2.7
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH for 2022.02.x 1/1] package/redis: security bump to v6.2.7
2022-05-02 10:16 [Buildroot] [PATCH for 2022.02.x 1/1] package/redis: security bump to v6.2.7 Titouan Christophe
@ 2022-05-03 9:51 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-05-03 9:51 UTC (permalink / raw)
To: Titouan Christophe; +Cc: Daniel Price, buildroot
>>>>> "Titouan" == Titouan Christophe <titouanchristophe@gmail.com> writes:
> From the release notes:
> (https://github.com/redis/redis/blob/6.2.7/00-RELEASENOTES)
> Upgrade urgency: SECURITY, contains fixes to security issues.
> Security Fixes:
> * (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
> can cause NULL pointer dereference which will result with a crash of the
> redis-server process. This issue affects all versions of Redis.
> [reported by Aviv Yahav].
> * (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
> environment, an attacker with access to Redis can inject Lua code that will
> execute with the (potentially higher) privileges of another Redis user.
> [reported by Aviv Yahav].
> Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-03 9:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-02 10:16 [Buildroot] [PATCH for 2022.02.x 1/1] package/redis: security bump to v6.2.7 Titouan Christophe
2022-05-03 9:51 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.