CVE-2023-28425 - Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19681fd5fa178dc41d2f61225a0958ea3b538224 commit 19681fd5fa178dc41d2f61225a0958ea3b538224 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-03-21 08:07:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:17:37 +0000 dev-db/redis: drop 6.2.10, 7.0.8 Bug: https://bugs.gentoo.org/891169 Bug: https://bugs.gentoo.org/898464 Bug: https://bugs.gentoo.org/902501 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/30278 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 - dev-db/redis/redis-6.2.10.ebuild | 195 --------------------------------------- dev-db/redis/redis-7.0.8.ebuild | 187 ------------------------------------- 3 files changed, 384 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=971d538d97b1448ba5fb980919393b1eeb9c8f44 commit 971d538d97b1448ba5fb980919393b1eeb9c8f44 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2023-03-21 07:51:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:17:37 +0000 dev-db/redis: add 7.0.10 Bug: https://bugs.gentoo.org/902501 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-7.0.10.ebuild | 187 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+)
The summary has to have the first fixed versions in tree which makes it hard to express quick regressions like this.
("[stable]" itself indicates stablereq is in progress)