| Summary: | <dev-db/redis-{7.0.13, 7.2.1}: Redis SORT_RO may bypass ACL configuration | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Petr Vaněk <arkamar> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | arkamar, proxy-maint, sam |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc | ||
| See Also: | https://github.com/gentoo/gentoo/pull/32670 | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 914574 | ||
| Bug Blocks: | |||
|
Description
Petr Vaněk
2023-09-07 07:26:26 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad3020efc6d26340112db43909e75469efa1eff5 commit ad3020efc6d26340112db43909e75469efa1eff5 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-09-07 07:39:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-09 04:55:41 +0000 dev-db/redis: drop vulnerable 7.2.0 Bug: https://bugs.gentoo.org/913741 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/32670 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 - dev-db/redis/redis-7.2.0.ebuild | 200 ---------------------------------------- 2 files changed, 201 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5be5615485f287b6efef9a8e57dd7c8a325f9dee commit 5be5615485f287b6efef9a8e57dd7c8a325f9dee Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-09-07 07:38:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-09 04:55:41 +0000 dev-db/redis: add 7.2.1 Bug: https://bugs.gentoo.org/913741 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.2.1.ebuild | 200 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea2cc0351047361556cb3a60a2ec67cb2449b5b9 commit ea2cc0351047361556cb3a60a2ec67cb2449b5b9 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-09-07 07:37:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-09 04:55:41 +0000 dev-db/redis: add 7.0.13 Bug: https://bugs.gentoo.org/913741 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.0.13.ebuild | 187 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f0aeee0d9ab31c81a869f258821733048f7423 commit 40f0aeee0d9ab31c81a869f258821733048f7423 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-09 14:12:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-09 14:23:54 +0000 dev-db/redis: drop versions This commit drops most of vulnerable versions, however, security cleanups are still blocked because of 7.0.5 which is the last stable version for arm. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 7 - dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ------------------ dev-db/redis/redis-6.2.11.ebuild | 195 -------------------- dev-db/redis/redis-6.2.13.ebuild | 195 -------------------- dev-db/redis/redis-6.2.7-r2.ebuild | 198 -------------------- dev-db/redis/redis-7.0.12.ebuild | 187 ------------------- dev-db/redis/redis-7.0.13.ebuild | 187 ------------------- dev-db/redis/redis-7.0.9.ebuild | 187 ------------------- dev-db/redis/redis-7.2.2.ebuild | 200 --------------------- 9 files changed, 1529 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af commit 3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 10:05:04 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 10:16:11 +0000 dev-db/redis: destabilize 7.0.5-r1 for ~arm Dropping the stable keyword for arm architecture due to a lack of security stabilization for over a year. Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915548#c6 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/918847 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/redis-7.0.5-r1.ebuild | 4 ++-- profiles/arch/arm/package.use.stable.mask | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8942d96c5ff1a45db0922d9e5e4403b050494bf6 commit 8942d96c5ff1a45db0922d9e5e4403b050494bf6 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-01-10 12:25:59 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-10 12:27:32 +0000 dev-db/redis: drop 7.0.5-r1 Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/redis/Manifest | 1 - .../files/redis-7.0.4-replica-tests-fix.patch | 61 ------- dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 ------------------- dev-db/redis/redis-7.0.5-r1.ebuild | 191 --------------------- 4 files changed, 426 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=bbba9c645e3767933f8d769ab743fca8728487ab commit bbba9c645e3767933f8d769ab743fca8728487ab Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-07 06:33:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-07 06:33:27 +0000 [ GLSA 202408-05 ] Redis: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Bug: https://bugs.gentoo.org/904486 Bug: https://bugs.gentoo.org/910191 Bug: https://bugs.gentoo.org/913741 Bug: https://bugs.gentoo.org/915989 Bug: https://bugs.gentoo.org/921662 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-05.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) |