Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 947749 (CVE-2024-46981, CVE-2024-51741) - <dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabilities
Summary: <dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabil...
Status: UNCONFIRMED
Alias: CVE-2024-46981, CVE-2024-51741
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://redict.io/posts/2025-01-08-re...
Whiteboard: B1 [stable]
Keywords: PullRequest
Depends on: 948175 948173 948174
Blocks:
  Show dependency tree
 
Reported: 2025-01-09 02:52 UTC by Anna
Modified: 2025-01-16 07:49 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anna 2025-01-09 02:52:30 UTC
Redict 7.3.2 includes fixes for the following security vulnerabilities:

    CVE-2024-46981
    CVE-2024-51741

Reproducible: Always
Comment 1 Petr Vaněk gentoo-dev 2025-01-09 09:21:34 UTC
Slightly more info from redis releases:

CVE-2024-46981 - Lua script commands may lead to remote code execution
CVE-2024-51741 - Denial-of-service due to malformed ACL selectors
Comment 2 Larry the Git Cow gentoo-dev 2025-01-09 10:49:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20150c774f2c5420ad6a3540e7571d448a0c1d3a

commit 20150c774f2c5420ad6a3540e7571d448a0c1d3a
Author:     Haelwenn (lanodan) Monnier <contact@hacktivis.me>
AuthorDate: 2025-01-09 00:13:28 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2025-01-09 10:48:08 +0000

    dev-db/redict: drop 7.3.1
    
    Bug: https://bugs.gentoo.org/947749
    Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
    Closes: https://github.com/gentoo/gentoo/pull/40061
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redict/Manifest            |   1 -
 dev-db/redict/redict-7.3.1.ebuild | 160 --------------------------------------
 2 files changed, 161 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c768c330a369a2c1892610f2c59bbb627804fb65

commit c768c330a369a2c1892610f2c59bbb627804fb65
Author:     Haelwenn (lanodan) Monnier <contact@hacktivis.me>
AuthorDate: 2025-01-08 23:58:27 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2025-01-09 10:48:07 +0000

    dev-db/redict: add 7.3.2
    
    Fixes CVE-2024-51741 and CVE-2024-46981
    
    Bug: https://bugs.gentoo.org/947749
    Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redict/Manifest            |   1 +
 dev-db/redict/redict-7.3.2.ebuild | 160 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 161 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=567aaffa097e3481cd2ee95494b6da247403c8f3

commit 567aaffa097e3481cd2ee95494b6da247403c8f3
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2025-01-09 10:31:02 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2025-01-09 10:48:06 +0000

    dev-db/redis: add 7.4.2
    
    Bug: https://bugs.gentoo.org/947749
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest           |   1 +
 dev-db/redis/redis-7.4.2.ebuild | 193 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d991ab1d9ff56d523af8c2b74d7d5590aa12f39

commit 5d991ab1d9ff56d523af8c2b74d7d5590aa12f39
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2025-01-09 10:01:05 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2025-01-09 10:48:05 +0000

    dev-db/redis: add 7.2.7
    
    Bug: https://bugs.gentoo.org/947749
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest           |   1 +
 dev-db/redis/redis-7.2.7.ebuild | 197 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 198 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2ebe0dad50ab86c2459425dc2888a69da5e6c54

commit b2ebe0dad50ab86c2459425dc2888a69da5e6c54
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2025-01-09 09:49:16 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2025-01-09 10:48:00 +0000

    dev-db/redis: add 6.2.17
    
    Bug: https://bugs.gentoo.org/947749
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-6.2.17.ebuild | 192 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+)