Summary: | <dev-db/redis-{5.0.12, 6.0.12}: integer overflow vulnerabilities in 32 bit builds (CVE-2021-21309) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hydrapolic, robbat2, sam, tcltk |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-02-27 20:35:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30020b89b5e0d6ef497ab8983103eec7281abc95 commit 30020b89b5e0d6ef497ab8983103eec7281abc95 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-04 04:18:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-04 04:19:35 +0000 dev-db/redis: security version bump to 5.0.12 Bug: https://bugs.gentoo.org/773328 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-5.0.12.ebuild | 162 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 163 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2acd97bfc1f3fae1d6f0b82a02614ff1ed72403d commit 2acd97bfc1f3fae1d6f0b82a02614ff1ed72403d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-04 04:16:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-04 04:19:34 +0000 dev-db/redis: security bump to 6.0.12 Bug: https://bugs.gentoo.org/773328 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/files/redis-6.0.12-sharedlua.patch | 60 ++++++++ dev-db/redis/redis-6.0.12.ebuild | 184 ++++++++++++++++++++++++ 3 files changed, 245 insertions(+) Sanity check failed:
> dev-db/redis-6.0.12
> depend arm stable profile default/linux/arm/17.0 (10 total)
> dev-tcltk/tls
> depend arm dev profile default/linux/arm/17.0/armv4 (35 total)
> dev-tcltk/tls
@Tomáš, let me know when you had a chance to test this. @Sam, just installed 6.0.12 on some testing machines, let's try to stabilize next week. (In reply to Tomáš Mózes from comment #4) > @Sam, just installed 6.0.12 on some testing machines, let's try to stabilize > next week. +1 So far no issues with 6.0.12 on amd64, feel free to call stabilization. (In reply to Tomáš Mózes from comment #6) > So far no issues with 6.0.12 on amd64, feel free to call stabilization. Thank you! amd64 stable ppc64 done ppc done x86 stable arm64 done arm done all arches done Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9deb0bf5a36359f9c7864e3c2625f203e6e26738 commit 9deb0bf5a36359f9c7864e3c2625f203e6e26738 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-03-31 11:54:02 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-03-31 11:54:02 +0000 dev-db/redis: security cleanup Bug: https://bugs.gentoo.org/773328 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-db/redis/Manifest | 2 - dev-db/redis/redis-5.0.9-r1.ebuild | 162 ---------------------------------- dev-db/redis/redis-6.0.9-r100.ebuild | 164 ----------------------------------- 3 files changed, 328 deletions(-) New GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7486aa16a7b0f330f7b6fdbe2284a53dbf4c0446 commit 7486aa16a7b0f330f7b6fdbe2284a53dbf4c0446 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-11 01:10:35 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-11 01:10:51 +0000 dev-db/redis: drop 6.0.12, 6.0.13-r1, 6.2.1, 6.2.3-r1 Bug: https://bugs.gentoo.org/773328 Bug: https://bugs.gentoo.org/788211 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 4 - dev-db/redis/redis-6.0.12.ebuild | 184 ----------------------------------- dev-db/redis/redis-6.0.13-r1.ebuild | 187 ------------------------------------ dev-db/redis/redis-6.2.1.ebuild | 184 ----------------------------------- dev-db/redis/redis-6.2.3-r1.ebuild | 187 ------------------------------------ 5 files changed, 746 deletions(-) Oh, this was already GLSAed as https://security.gentoo.org/glsa/202103-02. Tree is clean. |