Bug#1005787: marked as done (redis: CVE-2022-0543)

[Debian Bug Tracking System]

Your message dated Sat, 19 Feb 2022 17:02:39 +0000
with message-id <e1nlt83-000j1o...@fasolo.debian.org>
and subject line Bug#1005787: fixed in redis 5:5.0.14-1+deb10u2
has caused the Debian Bug report #1005787,
regarding redis: CVE-2022-0543
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1005787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: redis
Version: 5:5.0.14-1+deb10u1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

A vulnerability was published for redis as CVE-2022-0543[0]. This is
the placeholder Debian bug which will be renamed and fleshed out later
with more details once it has become unembargoed.

[0] https://security-tracker.debian.org/tracker/CVE-2022-0543
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- End Message ---

--- Begin Message ---

Source: redis
Source-Version: 5:5.0.14-1+deb10u2
Done: Chris Lamb <la...@debian.org>

We believe that the bug you reported is fixed in the latest version of
redis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1005...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated redis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 14 Feb 2022 14:40:49 -0800
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:5.0.14-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface 
(monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 1005787
Changes:
 redis (5:5.0.14-1+deb10u2) buster-security; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
Checksums-Sha1:
 c7323594890807164422503c38c4d687e9e8e14f 2190 redis_5.0.14-1+deb10u2.dsc
 d383cc7958c7ea89006509e4793c76eaa591cd20 2017965 redis_5.0.14.orig.tar.gz
 f0606f84773a5dd31b43348a4ccc5b3cebd3e1c8 27040 
redis_5.0.14-1+deb10u2.debian.tar.xz
 95bc17791025dba181ad800d6c60823fb4f8f94f 63564 
redis-sentinel_5.0.14-1+deb10u2_amd64.deb
 fdce48049810468f5b0ab7db3c59097f5381b12a 90812 
redis-server_5.0.14-1+deb10u2_amd64.deb
 d3b4e1d5e72406ef7cfb2b9f9f505ba552882cc3 1254712 
redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
 272d111201ab937b40db64a5c8970390370a3f2b 540648 
redis-tools_5.0.14-1+deb10u2_amd64.deb
 9800667dd5f599f3f6ceac4edac179d1dcde7283 56136 redis_5.0.14-1+deb10u2_all.deb
 ba87f9c796cd875424b3417f534a0532f1242636 7061 
redis_5.0.14-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 b4f65b96b89f980077d7e042477c97421133bf19b77ebbfb0560db83ac13d70c 2190 
redis_5.0.14-1+deb10u2.dsc
 6d8e87baeaae521a4ad2d9b5e2af78f582a4212a370c4a8e7e1c58dbbd9a0f19 2017965 
redis_5.0.14.orig.tar.gz
 cae16a8e87c1f45eaa14b62cd5a46cf753e4ac688322cf300e49e350aebf5994 27040 
redis_5.0.14-1+deb10u2.debian.tar.xz
 86946a3aa9cc0efc1400e2f767d13bb527b4991d9ad67d4ea46e2d2ed1f56412 63564 
redis-sentinel_5.0.14-1+deb10u2_amd64.deb
 f3ca8e21d179771309e04ba74bd4d7fe10006d48f0a381d41d0e961b7f7e5afc 90812 
redis-server_5.0.14-1+deb10u2_amd64.deb
 5d7214ccb0be09a5bf7204a1ef56fe1c84ed07b004ebf3649934f35e828e2767 1254712 
redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
 c3fcc65f76f397ee5f68a2e48ffbe7d6cfdb5e6d62d0e251c10ae2388a1ab2e4 540648 
redis-tools_5.0.14-1+deb10u2_amd64.deb
 716dad9d84674ba16da517d8e1f00ff5d63904671f4306ef5f47b19f42e8fc44 56136 
redis_5.0.14-1+deb10u2_all.deb
 bfdfa56d32bbfce8b92b83bcbe4f26f73d3dcf0e5705b25167bb8d9245fdccb4 7061 
redis_5.0.14-1+deb10u2_amd64.buildinfo
Files:
 e6c701025cb1bb2d983e6240b46a3075 2190 database optional 
redis_5.0.14-1+deb10u2.dsc
 1a06c1b414d9f895b32e6af714932175 2017965 database optional 
redis_5.0.14.orig.tar.gz
 70f6d2c86d96941343f1d360f547a782 27040 database optional 
redis_5.0.14-1+deb10u2.debian.tar.xz
 e64f92387fd903263197a1cbb1829a93 63564 database optional 
redis-sentinel_5.0.14-1+deb10u2_amd64.deb
 09c80f9ab624f519a3b85426e4103602 90812 database optional 
redis-server_5.0.14-1+deb10u2_amd64.deb
 aea040f10b8a4d2422bd6ffc31d2d548 1254712 debug optional 
redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
 267208455bcd8d8372602de5b5e84320 540648 database optional 
redis-tools_5.0.14-1+deb10u2_amd64.deb
 231d8446c16b71b0dd2b7b8510fbd197 56136 database optional 
redis_5.0.14-1+deb10u2_all.deb
 7d006a42b9b83669c94f2a55f8288fa3 7061 database optional 
redis_5.0.14-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmINcucACgkQHpU+J9Qx
Hlj5cA//Wm/4hMQTweY1HK5wBmSvJsFJ6uoO2iDqT6uD72+vcAgWmFpIY4Ms3YYD
BUZjZhmLdra8JetlfGpBagDVQaY91lKuUDLBi2ppf9+dzzIzYflaNzmpNQqm177T
uo6gGVqYZNCYp036WHtd9oBD99SH3R5T0QHFq/I7LmbWr8mtKooZ1ji7tXZa1nLU
R3hKKz3j4WUBGuyvGCM7xsqWBqYVh6vhz+e0/Zns+UVWyV2Xno/YMw03sh/u7Vt5
qU+FcE10u551YuFnWBlNwNdm+53Xj/EOBtpiRA5fnrcYcA34Pz7kEyV6VzTIF06Y
OESEcegCm1F/xkVJZfy8U2e181Y+BPDOIUTbsWi0NiakBfIJV1QSGL4fkyuntSqF
WCKe7ukB10oORjOIs848Bbnnf0kG0TTCCURbJUyrk4725dKkJrtpUOe9WJ9+dbS3
9ElUvZjBTSdtrjXtwKphrkTz6VMHAl2CNs9WpbfrmRro4FOz1XM1nZPRJEfe7R6t
VHHKQaRhs4eYQ2NNo0/ujwPjIITN2Y1xwJ5yXlutozKKSlLunEm6LfihOnaP3707
hdpetFrEjBGkIsP400AEGMWK4dzTBAUAB1spcWDzMJlmBph44ojAo9gNsmKGveuY
Mn/0PL7oBoBSyWvsMDepTUq0QJdAdCpE1wOqZK0DI1A0YsIzh1k=
=mfZn
-----END PGP SIGNATURE-----

--- End Message ---