Summary: | <dev-db/redis-5.0.9: Insufficient input validation in the clusterLoadConfig function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, robbat2, ultrabug |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1499152 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=724776 | ||
Whiteboard: | C2 [glsa+ cve cleanup] | ||
Package list: |
dev-db/redis-5.0.9-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 724776 |
Description
Agostino Sarubbo
2017-10-09 09:07:53 UTC
PR: https://github.com/antirez/redis/pull/4365 Patch: https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad Comment on exploitability: https://github.com/antirez/redis/issues/4278#issuecomment-335095580 Patch looks like it's in 5.x, 6.x. @maintainer(s), please bump to 5.0.9. (In reply to Sam James from comment #2) > @maintainer(s), please bump to 5.0.9. In tree Ready to stable? Unable to check for sanity:
> no match for package: dev-db/redis-5.0.9
Fine for me. All sanity-check issues have been resolved (In reply to Tomáš Mózes from comment #6) > Fine for me. OK. hppa stable arm stable ppc/ppc64 stable arm64 stable amd64 stable x86 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93fc026adfcd8e9e46fd290fca412431554d01e commit d93fc026adfcd8e9e46fd290fca412431554d01e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-08-27 18:11:40 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-08-27 18:11:40 +0000 dev-db/redis: drop vulnerable 5.0.8 Bug: https://bugs.gentoo.org/633824 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-db/redis/Manifest | 1 - dev-db/redis/redis-5.0.8.ebuild | 160 ---------------------------------------- 2 files changed, 161 deletions(-) This issue was resolved and addressed in GLSA 202008-17 at https://security.gentoo.org/glsa/202008-17 by GLSA coordinator Sam James (sam_c). |