From cd6af81f2697486e8381ca831fc0d75ecdbacefdc1f560b40f8fb0aa820ebb0a Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 28 Apr 2022 06:51:05 +0000 Subject: [PATCH] Accepting request 973269 from home:AndreasStieger:branches:server:database redis 6.2.7 CVE-2022-24736 boo#1198953 CVE-2022-24735 boo#1198952 OBS-URL: https://build.opensuse.org/request/show/973269 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=188 --- redis-6.2.6.tar.gz | 3 --- redis-6.2.7.tar.gz | 3 +++ redis.changes | 20 ++++++++++++++++++++ redis.hashes | 5 +++++ redis.spec | 4 ++-- 5 files changed, 30 insertions(+), 5 deletions(-) delete mode 100644 redis-6.2.6.tar.gz create mode 100644 redis-6.2.7.tar.gz diff --git a/redis-6.2.6.tar.gz b/redis-6.2.6.tar.gz deleted file mode 100644 index b9d271e..0000000 --- a/redis-6.2.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab -size 2476542 diff --git a/redis-6.2.7.tar.gz b/redis-6.2.7.tar.gz new file mode 100644 index 0000000..5cd806e --- /dev/null +++ b/redis-6.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319 +size 2487287 diff --git a/redis.changes b/redis.changes index 5cfb5e9..831a94b 100644 --- a/redis.changes +++ b/redis.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Apr 27 21:17:06 UTC 2022 - Andreas Stieger + +- redis 6.2.7: + * CVE-2022-24736: An attacker attempting to load a specially + crafted Lua script can cause NULL pointer dereference which + will result with a crash of the redis-server process + (boo#1198953) + * CVE-2022-24735: By exploiting weaknesses in the Lua script + execution environment, an attacker with access to Redis can + inject Lua code that will execute with the (potentially higher) + privileges of another Redis user (boo#1198952) + * LPOP/RPOP with count against non-existing list return null array + * LPOP/RPOP used to produce wrong replies when count is 0 + * Speed optimization in command execution pipeline + * Fix regression in Z[REV]RANGE commands (by-rank) introduced in + Redis 6.2 + * Fix OpenSSL 3.0.x related issues + * Bug fixes + ------------------------------------------------------------------- Mon Nov 15 12:57:13 UTC 2021 - Johannes Segitz diff --git a/redis.hashes b/redis.hashes index aeb6ed6..473f42a 100644 --- a/redis.hashes +++ b/redis.hashes @@ -133,3 +133,8 @@ hash redis-6.2.5.tar.gz sha256 4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea9 hash redis-5.0.14.tar.gz sha256 3ea5024766d983249e80d4aa9457c897a9f079957d0fb1f35682df233f997f32 http://download.redis.io/releases/redis-5.0.14.tar.gz hash redis-6.0.16.tar.gz sha256 3639bbf29aca1a1670de1ab2ce224d6511c63969e7e590d3cdf8f7888184fa19 http://download.redis.io/releases/redis-6.0.16.tar.gz hash redis-6.2.6.tar.gz sha256 5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab http://download.redis.io/releases/redis-6.2.6.tar.gz +hash redis-7.0-rc1.tar.gz sha256 9bd57d3c9ebba9dbbd6cd14b0c263ce151b0044fb6620b556449c2d82e06ef3d http://download.redis.io/releases/redis-7.0-rc1.tar.gz +hash redis-7.0-rc2.tar.gz sha256 ee41f5a9f459b44baefbc021cf5096440f346f3c5fc8a1979a877a2f10603ca3 http://download.redis.io/releases/redis-7.0-rc2.tar.gz +hash redis-7.0-rc3.tar.gz sha256 66b2ecc2e4b53c62940589434ea8af3a85546df131001680ed294028cd84ecdc http://download.redis.io/releases/redis-7.0-rc3.tar.gz +hash redis-6.2.7.tar.gz sha256 b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319 http://download.redis.io/releases/redis-6.2.7.tar.gz +hash redis-7.0.0.tar.gz sha256 284d8bd1fd85d6a55a05ee4e7c31c31977ad56cbf344ed83790beeb148baa720 http://download.redis.io/releases/redis-7.0.0.tar.gz diff --git a/redis.spec b/redis.spec index 08b88e2..c98703f 100644 --- a/redis.spec +++ b/redis.spec @@ -1,7 +1,7 @@ # # spec file for package redis # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define _log_dir %{_localstatedir}/log/%{name} %define _conf_dir %{_sysconfdir}/%{name} Name: redis -Version: 6.2.6 +Version: 6.2.7 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause