Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 856040 (CVE-2022-33105)

Summary: <dev-db/redis-7.0.1: memory leak via streamGetEdgeID
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: arkamar, proxy-maint, sam
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef
See Also: https://github.com/gentoo/gentoo/pull/26218
Whiteboard: B4 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 856265    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-03 02:08:40 UTC 
CVE-2022-33105:

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

Please stabilize Redis 7.0.1.
Comment 1 Larry the Git Cow gentoo-dev 2022-07-04 20:07:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a16aa4ac35c28c32e25b440d4cc94f5b38f0bd7

commit 0a16aa4ac35c28c32e25b440d4cc94f5b38f0bd7
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2022-07-04 10:56:45 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-07-04 20:07:10 +0000

    dev-db/redis: drop 7.0.0, 7.0.0-r2
    
    Removal due to a CVE-2022-33105.
    
    Bug: https://bugs.gentoo.org/856040
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Closes: https://github.com/gentoo/gentoo/pull/26218
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-db/redis/Manifest              |   1 -
 dev-db/redis/redis-7.0.0-r2.ebuild | 183 ---------------------------------
 dev-db/redis/redis-7.0.0.ebuild    | 201 -------------------------------------
 3 files changed, 385 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-26 18:06:05 UTC 
GLSA request filed
Comment 3 Larry the Git Cow gentoo-dev 2022-09-29 14:48:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3b83b8330073185fb5605b449ed900293d014aeb

commit 3b83b8330073185fb5605b449ed900293d014aeb
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-29 14:21:49 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-29 14:47:59 +0000

    [ GLSA 202209-17 ] Redis: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803302
    Bug: https://bugs.gentoo.org/816282
    Bug: https://bugs.gentoo.org/841404
    Bug: https://bugs.gentoo.org/856040
    Bug: https://bugs.gentoo.org/859181
    Bug: https://bugs.gentoo.org/872278
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-17.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-29 14:50:07 UTC 
GLSA released, all done!