From 6.2.6 release notes: """ Security Fixes: * (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis. [reported by Aviv Yahav]. * (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. [reported by Aviv Yahav]. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb357ae44b7e9fbff0d9d9df54370c6796d706cb commit bb357ae44b7e9fbff0d9d9df54370c6796d706cb Author: Sam James <sam@gentoo.org> AuthorDate: 2022-04-28 02:17:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-28 02:17:59 +0000 dev-db/redis: drop 5.0.14, 6.0.16 Bug: https://bugs.gentoo.org/841404 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 - dev-db/redis/files/redis-3.2.3-config.patch | 40 ----- dev-db/redis/files/redis-5.0-sharedlua.patch | 60 -------- dev-db/redis/files/redis-5.0.8-ppc-atomic.patch | 19 --- dev-db/redis/files/redis-6.0.12-sharedlua.patch | 60 -------- dev-db/redis/redis-5.0.14.ebuild | 164 -------------------- dev-db/redis/redis-6.0.16.ebuild | 189 ------------------------ 7 files changed, 534 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8db611a4cadc177118641ff3146f1ea46f12808 commit e8db611a4cadc177118641ff3146f1ea46f12808 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-04-28 02:14:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-28 02:17:58 +0000 dev-db/redis: add 6.2.7 Bug: https://bugs.gentoo.org/841404 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-6.2.7.ebuild | 190 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+)
sorry, 6.2.7 release notes.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=850894a9e88d1b711cfd3036878848f5e59690b5 commit 850894a9e88d1b711cfd3036878848f5e59690b5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-04-28 02:37:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-04-28 02:37:30 +0000 Revert "dev-db/redis: drop 5.0.14, 6.0.16" This reverts commit bb357ae44b7e9fbff0d9d9df54370c6796d706cb. dev-ruby/redis still needs 5* Bug: https://bugs.gentoo.org/841404 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 2 + dev-db/redis/files/redis-3.2.3-config.patch | 40 +++++ dev-db/redis/files/redis-5.0-sharedlua.patch | 60 ++++++++ dev-db/redis/files/redis-5.0.8-ppc-atomic.patch | 19 +++ dev-db/redis/files/redis-6.0.12-sharedlua.patch | 60 ++++++++ dev-db/redis/redis-5.0.14.ebuild | 164 ++++++++++++++++++++ dev-db/redis/redis-6.0.16.ebuild | 189 ++++++++++++++++++++++++ 7 files changed, 534 insertions(+)
