Accepting request 1098376 from home:dspinella:branches:server:database

- redis 7.0.12:
  * (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
    a heap overflow in the cjson and cmsgpack libraries, and result in heap
    corruption and potentially remote code execution. The problem exists in all
    versions of Redis with Lua scripting support, starting from 2.6, and affects
    only authenticated and authorized users. (bsc#1213193)
  * (CVE-2023-36824) Extracting key names from a command and a list of arguments
    may, in some cases, trigger a heap overflow and result in reading random heap
    memory, heap corruption and potentially remote code execution. Specifically:
    using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
  * Re-enable downscale rehashing while there is a fork child
  * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
  * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
    SPOP, and eviction
  * Fix WAIT to be effective after a blocked module command being unblocked
  * Avoid unnecessary full sync after master restart in a rare case

OBS-URL: https://build.opensuse.org/request/show/1098376
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=226
This commit is contained in:
Martin Pluskal 2023-07-12 16:56:39 +00:00 committed by Git OBS Bridge
parent 74bf12d703
commit ce9b309603
5 changed files with 28 additions and 4 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3
size 2988485

3
redis-7.0.12.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9dd83d5b278bb2bf0e39bfeb75c3e8170024edbaf11ba13b7037b2945cf48ab7
size 2992216

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Wed Jul 12 14:10:43 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com>
- redis 7.0.12:
* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users. (bsc#1213193)
* (CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
* Re-enable downscale rehashing while there is a fork child
* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
SPOP, and eviction
* Fix WAIT to be effective after a blocked module command being unblocked
* Avoid unnecessary full sync after master restart in a rare case
-------------------------------------------------------------------
Fri May 19 11:23:43 UTC 2023 - Jiri Srain <jsrain@suse.com>

View File

@ -159,3 +159,7 @@ hash redis-7.0.11.tar.gz sha256 ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e3
hash redis-6.2.12.tar.gz sha256 75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b http://download.redis.io/releases/redis-6.2.12.tar.gz
hash redis-6.0.19.tar.gz sha256 55e26318c3d9c53a77a6e802f60524afdddd057a2e965cebcf781a0a72f0e3e6 http://download.redis.io/releases/redis-6.0.19.tar.gz
hash redis-7.2-rc2.tar.gz sha256 4e075e79ad18f16c41e18b14ab60e1edfdb6633907fe9a39a34c62f4a758740b http://download.redis.io/releases/redis-7.2-rc2.tar.gz
hash redis-6.0.20.tar.gz sha256 173d4c5f44b5d7186da96c4adc5cb20e8018b50ec3a8dfe0d191dbbab53952f0 http://download.redis.io/releases/redis-6.0.20.tar.gz
hash redis-6.2.13.tar.gz sha256 89ff27c80d420456a721ccfb3beb7cc628d883c53059803513749e13214a23d1 http://download.redis.io/releases/redis-6.2.13.tar.gz
hash redis-7.0.12.tar.gz sha256 9dd83d5b278bb2bf0e39bfeb75c3e8170024edbaf11ba13b7037b2945cf48ab7 http://download.redis.io/releases/redis-7.0.12.tar.gz
hash redis-7.2-rc3.tar.gz sha256 4035e2b146ca1eb43b4188ca30a6d7be1a4d40ac2dfdf58db8f885517bbab41a http://download.redis.io/releases/redis-7.2-rc3.tar.gz

View File

@ -20,7 +20,7 @@
%define _log_dir %{_localstatedir}/log/%{name}
%define _conf_dir %{_sysconfdir}/%{name}
Name: redis
Version: 7.0.11
Version: 7.0.12
Release: 0
Summary: Persistent key-value database
License: BSD-3-Clause