CVE-2022-3647: A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. Patch at URL.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85442e23f002bbdbfe137a7fc15314eb6b048982 commit 85442e23f002bbdbfe137a7fc15314eb6b048982 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-10-22 09:52:31 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-11 15:10:06 +0000 dev-db/redis: backport recommended patch for CVE-2022-3647 to 6.2.7 The original patch does not apply cleanly, it was necessary to backport it. Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/27893 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ++++++++++++++++++ dev-db/redis/redis-6.2.7-r2.ebuild | 198 +++++++++++++++++++++ 2 files changed, 371 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=355ad01f1b82d113b950ea3e483a7c2bc54bed6d commit 355ad01f1b82d113b950ea3e483a7c2bc54bed6d Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-10-22 09:43:38 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-11 15:10:06 +0000 dev-db/redis: apply recommended patch for CVE-2022-3647 to 7.0.5 The patch is taken from upstream as is. Upstream-commit: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 +++++++++++++++++++ dev-db/redis/redis-7.0.5-r1.ebuild | 191 +++++++++++++++++++++ 2 files changed, 364 insertions(+)
Thanks! Please stabilize when ready.
I think GLSA is not necessary in this case.
Great, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bef961bfd119bf2f945108589261844d69260d80 commit bef961bfd119bf2f945108589261844d69260d80 Author: Petr Vaněk <arkamar@atlas.cz> AuthorDate: 2022-11-22 18:57:12 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-23 00:23:44 +0000 dev-db/redis: drop 6.2.7-r1, 7.0.5 Bug: https://bugs.gentoo.org/877863 Signed-off-by: Petr Vaněk <arkamar@atlas.cz> Closes: https://github.com/gentoo/gentoo/pull/28388 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-db/redis/redis-6.2.7-r1.ebuild | 195 ------------------------------------- dev-db/redis/redis-7.0.5.ebuild | 188 ----------------------------------- 2 files changed, 383 deletions(-)
All done, thanks!
