Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 753701 - <dev-db/redis-6.0.9: Potential heap overflow with non-standard heap allocator
Summary: <dev-db/redis-6.0.9: Potential heap overflow with non-standard heap allocator
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C3 [glsa? cleanup]
Keywords: CC-ARCHES
: 738958 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-11-09 12:46 UTC by Tomáš Mózes
Modified: 2021-01-14 01:44 UTC (History)
2 users (show)

See Also:
Package list:
dev-db/redis-6.0.9
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2020-11-09 12:46:11 UTC
Affected:
<5.0.10
<6.0.9

================================================================================
Redis 6.0.9     Released Mon Oct 26 10:37:47 IST 2020
================================================================================

Upgrade urgency: SECURITY if you use an affected platform (see below).
                 Otherwise the upgrade urgency is MODERATE.

This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963
Comment 1 Tomáš Mózes 2020-11-10 15:46:26 UTC
@Robbat2, please call stabilization.
Comment 2 Sam James archtester gentoo-dev Security 2020-11-11 04:29:22 UTC
*** Bug 738958 has been marked as a duplicate of this bug. ***
Comment 3 Sam James archtester gentoo-dev Security 2020-11-11 15:39:07 UTC
x86 done
Comment 4 Sam James archtester gentoo-dev Security 2020-11-11 18:50:44 UTC
amd64 done
Comment 5 Sam James archtester gentoo-dev Security 2020-11-11 22:11:41 UTC
arm done
Comment 6 Sam James archtester gentoo-dev Security 2020-11-12 15:34:51 UTC
arm64 done
Comment 7 Rolf Eike Beer 2020-11-23 16:24:40 UTC
will drop this to ~hppa
Comment 8 Sam James archtester gentoo-dev Security 2020-12-16 23:20:06 UTC
ppc done
Comment 9 Sam James archtester gentoo-dev Security 2021-01-13 19:33:21 UTC
ppc64 done

all arches done
Comment 10 Sam James archtester gentoo-dev Security 2021-01-14 01:44:53 UTC
Please cleanup.