CVE-2023-41056 In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=228445783982f7b9542880cdf012012e2e2eb70b commit 228445783982f7b9542880cdf012012e2e2eb70b Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-09 13:43:27 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-09 13:53:43 +0000 dev-db/redis: add 7.2.4 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.2.4.ebuild | 200 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=acafb49e3711af6725ce1d921927608b5d50bec9 commit acafb49e3711af6725ce1d921927608b5d50bec9 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-09 13:41:23 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-09 13:53:42 +0000 dev-db/redis: add 7.0.15 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.0.15.ebuild | 187 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f0aeee0d9ab31c81a869f258821733048f7423 commit 40f0aeee0d9ab31c81a869f258821733048f7423 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-09 14:12:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-09 14:23:54 +0000 dev-db/redis: drop versions This commit drops most of vulnerable versions, however, security cleanups are still blocked because of 7.0.5 which is the last stable version for arm. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 7 - dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ------------------ dev-db/redis/redis-6.2.11.ebuild | 195 -------------------- dev-db/redis/redis-6.2.13.ebuild | 195 -------------------- dev-db/redis/redis-6.2.7-r2.ebuild | 198 -------------------- dev-db/redis/redis-7.0.12.ebuild | 187 ------------------- dev-db/redis/redis-7.0.13.ebuild | 187 ------------------- dev-db/redis/redis-7.0.9.ebuild | 187 ------------------- dev-db/redis/redis-7.2.2.ebuild | 200 --------------------- 9 files changed, 1529 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af commit 3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 10:05:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 10:16:11 +0000 dev-db/redis: destabilize 7.0.5-r1 for ~arm Dropping the stable keyword for arm architecture due to a lack of security stabilization for over a year. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915548#c6 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/918847 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/redis-7.0.5-r1.ebuild | 4 ++-- profiles/arch/arm/package.use.stable.mask | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8942d96c5ff1a45db0922d9e5e4403b050494bf6 commit 8942d96c5ff1a45db0922d9e5e4403b050494bf6 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 12:25:59 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 12:27:32 +0000 dev-db/redis: drop 7.0.5-r1 Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 1 - .../files/redis-7.0.4-replica-tests-fix.patch | 61 ------- dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 ------------------- dev-db/redis/redis-7.0.5-r1.ebuild | 191 --------------------- 4 files changed, 426 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5a0d6d701e1e513f689c9b698b4225e0b36422e commit d5a0d6d701e1e513f689c9b698b4225e0b36422e Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-03-13 21:54:50 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-03-13 21:56:30 +0000 dev-db/redis: drop 7.0.14-r1, 7.2.1-r1, 7.2.3-r1 Bug: https://bugs.gentoo.org/921662 Bug: https://bugs.gentoo.org/915989 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 3 - dev-db/redis/redis-7.0.14-r1.ebuild | 187 --------------------------------- dev-db/redis/redis-7.2.1-r1.ebuild | 200 ------------------------------------ dev-db/redis/redis-7.2.3-r1.ebuild | 200 ------------------------------------ 4 files changed, 590 deletions(-)
