Accepting request 1058769 from home:AndreasStieger:branches:server:database

redis 7.0.8
CVE-2022-35977 boo#1207202
CVE-2023-22458 boo#1207203

OBS-URL: https://build.opensuse.org/request/show/1058769
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=216
This commit is contained in:
Martin Pluskal 2023-01-17 07:53:17 +00:00 committed by Git OBS Bridge
parent 096a801a0e
commit b27cec9b30
5 changed files with 23 additions and 5 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586
size 2979019

3
redis-7.0.8.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914
size 2981212

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Jan 16 21:00:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.8
* CVE-2022-35977: Integer overflow in the Redis SETRANGE and
SORT/SORT_RO commands can drive Redis to OOM panic boo#1207202
* CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER commands can lead to denial-of-service boo#1207203
* Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD, and ZRANDMEMBER commands and gets disconnected by
client output buffer limit
* Make sure that fork child doesn't do incremental rehashing
* Fix a bug where blocking commands with a sub-second timeout
would block forever
* Fix sentinel issue if replica changes IP
-------------------------------------------------------------------
Fri Dec 16 13:15:09 UTC 2022 - Michael Ströder <michael@stroeder.com>

View File

@ -146,3 +146,5 @@ hash redis-7.0.5.tar.gz sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f382
hash redis-6.2.8.tar.gz sha256 f91ab24bcb42673cb853292eb5d43c2017d11d659854808ed6a529c97297fdfe http://download.redis.io/releases/redis-6.2.8.tar.gz
hash redis-7.0.6.tar.gz sha256 7b33a7e890d13e27af1f246acb16312669ad8a1d56ce8f807dfbcd3c09aa7bb3 http://download.redis.io/releases/redis-7.0.6.tar.gz
hash redis-7.0.7.tar.gz sha256 8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586 http://download.redis.io/releases/redis-7.0.7.tar.gz
hash redis-7.0.8.tar.gz sha256 06a339e491306783dcf55b97f15a5dbcbdc01ccbde6dc23027c475cab735e914 http://download.redis.io/releases/redis-7.0.8.tar.gz
hash redis-6.2.9.tar.gz sha256 9661b2c6b1cc9bf2999471b37a4d759fa5e747d408142c18af8792ebd8384a2a http://download.redis.io/releases/redis-6.2.9.tar.gz

View File

@ -1,7 +1,7 @@
#
# spec file for package redis
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@
%define _log_dir %{_localstatedir}/log/%{name}
%define _conf_dir %{_sysconfdir}/%{name}
Name: redis
Version: 7.0.7
Version: 7.0.8
Release: 0
Summary: Persistent key-value database
License: BSD-3-Clause