(CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands can lead to denial-of-service
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=498bce5f436a85856131845037f0f7b20250c002 commit 498bce5f436a85856131845037f0f7b20250c002 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-01-16 21:05:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-17 01:51:58 +0000 dev-db/redis: add 7.0.8 Bug: https://bugs.gentoo.org/891169 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/29139 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.0.8.ebuild | 187 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d8b788a6efd8fe446ea089824b1569c14227012 commit 1d8b788a6efd8fe446ea089824b1569c14227012 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-01-16 21:03:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-17 01:51:56 +0000 dev-db/redis: add 6.2.9 Bug: https://bugs.gentoo.org/891169 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-6.2.9.ebuild | 195 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=615415da0c1a3368abbef0f7ccedda6d2515e6de commit 615415da0c1a3368abbef0f7ccedda6d2515e6de Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-01-17 15:27:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-17 15:39:51 +0000 dev-db/redis: add 6.2.10, drop 6.2.9 a quick followup fix for a recently released 6.2.9 Bug: https://bugs.gentoo.org/891169 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/29146 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 +- dev-db/redis/{redis-6.2.9.ebuild => redis-6.2.10.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=739ed70ce636cdfd087fe75226b3f610dc757ec8 commit 739ed70ce636cdfd087fe75226b3f610dc757ec8 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-02-28 17:11:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-04 07:18:03 +0000 dev-db/redis: drop 6.2.8, 7.0.7 Bug: https://bugs.gentoo.org/891169 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 - dev-db/redis/redis-6.2.8.ebuild | 195 ---------------------------------------- dev-db/redis/redis-7.0.7.ebuild | 187 -------------------------------------- 3 files changed, 384 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19681fd5fa178dc41d2f61225a0958ea3b538224 commit 19681fd5fa178dc41d2f61225a0958ea3b538224 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-03-21 08:07:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:17:37 +0000 dev-db/redis: drop 6.2.10, 7.0.8 Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/30278 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 - dev-db/redis/redis-6.2.10.ebuild | 195 --------------------------------------- dev-db/redis/redis-7.0.8.ebuild | 187 ------------------------------------- 3 files changed, 384 deletions(-)
Whoops, sorry, not ready for cleanup yet.
Ah, still waiting for ppc to mark a new enough 6.x version stable.
Not ppc but arm, I dropped ppc to ~ppc.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f0aeee0d9ab31c81a869f258821733048f7423 commit 40f0aeee0d9ab31c81a869f258821733048f7423 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-09 14:12:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-09 14:23:54 +0000 dev-db/redis: drop versions This commit drops most of vulnerable versions, however, security cleanups are still blocked because of 7.0.5 which is the last stable version for arm. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 7 - dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ------------------ dev-db/redis/redis-6.2.11.ebuild | 195 -------------------- dev-db/redis/redis-6.2.13.ebuild | 195 -------------------- dev-db/redis/redis-6.2.7-r2.ebuild | 198 -------------------- dev-db/redis/redis-7.0.12.ebuild | 187 ------------------- dev-db/redis/redis-7.0.13.ebuild | 187 ------------------- dev-db/redis/redis-7.0.9.ebuild | 187 ------------------- dev-db/redis/redis-7.2.2.ebuild | 200 --------------------- 9 files changed, 1529 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af commit 3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 10:05:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 10:16:11 +0000 dev-db/redis: destabilize 7.0.5-r1 for ~arm Dropping the stable keyword for arm architecture due to a lack of security stabilization for over a year. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915548#c6 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/918847 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/redis-7.0.5-r1.ebuild | 4 ++-- profiles/arch/arm/package.use.stable.mask | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8942d96c5ff1a45db0922d9e5e4403b050494bf6 commit 8942d96c5ff1a45db0922d9e5e4403b050494bf6 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 12:25:59 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 12:27:32 +0000 dev-db/redis: drop 7.0.5-r1 Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 1 - .../files/redis-7.0.4-replica-tests-fix.patch | 61 ------- dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 ------------------- dev-db/redis/redis-7.0.5-r1.ebuild | 191 --------------------- 4 files changed, 426 deletions(-)
