From c29bf1d2db5afb8a0109260ed2477fa8fc49c2ba Mon Sep 17 00:00:00 2001 From: Titouan Christophe Date: Mon, 5 Jun 2023 08:24:51 +0200 Subject: [PATCH] package/redis: security bump to v7.0.11 From the release notes (see https://github.com/redis/redis/blob/7.0/00-RELEASENOTES): ================================================================================ Redis 7.0.11 Released Mon Apr 17 16:00:00 IST 2023 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access ... ================================================================================ Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service ... ================================================================================ Redis 7.0.9 Released Tue Feb 28 12:00:00 IST 2023 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. * (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. ... ================================================================================ Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic * (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service ... Signed-off-by: Titouan Christophe Signed-off-by: Peter Korsgaard --- package/redis/redis.hash | 2 +- package/redis/redis.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/redis/redis.hash b/package/redis/redis.hash index eb8c21be98..69bfc1475f 100644 --- a/package/redis/redis.hash +++ b/package/redis/redis.hash @@ -1,5 +1,5 @@ # From https://github.com/redis/redis-hashes/blob/master/README -sha256 8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586 redis-7.0.7.tar.gz +sha256 ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3 redis-7.0.11.tar.gz # Locally calculated sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING diff --git a/package/redis/redis.mk b/package/redis/redis.mk index b08be11538..e5d3de8eb9 100644 --- a/package/redis/redis.mk +++ b/package/redis/redis.mk @@ -4,7 +4,7 @@ # ################################################################################ -REDIS_VERSION = 7.0.7 +REDIS_VERSION = 7.0.11 REDIS_SITE = http://download.redis.io/releases REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components) REDIS_LICENSE_FILES = COPYING