Summary: | <dev-db/redis-{6.2.7-r2,7.0.5-r1}: crash on crash report | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | arkamar, proxy-maint, sam |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/27893 https://github.com/gentoo/gentoo/pull/28388 |
||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 881065 | ||
Bug Blocks: |
Description
John Helmert III
2022-10-21 20:52:28 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85442e23f002bbdbfe137a7fc15314eb6b048982 commit 85442e23f002bbdbfe137a7fc15314eb6b048982 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-10-22 09:52:31 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-11 15:10:06 +0000 dev-db/redis: backport recommended patch for CVE-2022-3647 to 6.2.7 The original patch does not apply cleanly, it was necessary to backport it. Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/27893 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ++++++++++++++++++ dev-db/redis/redis-6.2.7-r2.ebuild | 198 +++++++++++++++++++++ 2 files changed, 371 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=355ad01f1b82d113b950ea3e483a7c2bc54bed6d commit 355ad01f1b82d113b950ea3e483a7c2bc54bed6d Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-10-22 09:43:38 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-11 15:10:06 +0000 dev-db/redis: apply recommended patch for CVE-2022-3647 to 7.0.5 The patch is taken from upstream as is. Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 +++++++++++++++++++ dev-db/redis/redis-7.0.5-r1.ebuild | 191 +++++++++++++++++++++ 2 files changed, 364 insertions(+) Thanks! Please stabilize when ready. I think GLSA is not necessary in this case. Great, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bef961bfd119bf2f945108589261844d69260d80 commit bef961bfd119bf2f945108589261844d69260d80 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-11-22 18:57:12 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-23 00:23:44 +0000 dev-db/redis: drop 6.2.7-r1, 7.0.5 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/28388 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-db/redis/redis-6.2.7-r1.ebuild | 195 ------------------------------------- dev-db/redis/redis-7.0.5.ebuild | 188 ----------------------------------- 2 files changed, 383 deletions(-) All done, thanks! |