Source: redis Version: 5:7.0.12-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for redis. CVE-2023-41053[0]: | Redis is an in-memory database that persists on disk. Redis does not | correctly identify keys accessed by `SORT_RO` and as a result may | grant users executing this command access to keys that are not | explicitly authorized by the ACL configuration. The problem exists | in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. | Users are advised to upgrade. There are no known workarounds for | this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41053 https://www.cve.org/CVERecord?id=CVE-2023-41053 [1] https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 [2] https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc Please adjust the affected versions in the BTS as needed. Regards, Salvatore
