Your message dated Tue, 08 Mar 2022 11:24:55 +0000 with message-id <e1nrxxx-0000g7...@fasolo.debian.org> and subject line Bug#1005787: fixed in redis 5:6.0.16-2 has caused the Debian Bug report #1005787, regarding redis: CVE-2022-0543 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1005787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 5:5.0.14-1+deb10u1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, A vulnerability was published for redis as CVE-2022-0543[0]. This is the placeholder Debian bug which will be renamed and fleshed out later with more details once it has become unembargoed. [0] https://security-tracker.debian.org/tracker/CVE-2022-0543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:6.0.16-2 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1005...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 08 Mar 2022 11:08:46 +0000 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:6.0.16-2 Distribution: unstable Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1005787 Changes: redis (5:6.0.16-2) unstable; urgency=high . * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability. . This vulnerability existed because the Lua library in Debian is provided as a dynamic library. A "package" variable was automatically populated that in turn permitted access to arbitrary Lua functionality. As this extended to, for example, the "execute" function from the "os" module, an attacker with the ability to execute arbitrary Lua code could potentially execute arbitrary shell commands. . Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and reporting this issue. (Closes: #1005787) Checksums-Sha1: 48810dfaaee552b2a397a27ae832f607b3b70e3a 2264 redis_6.0.16-2.dsc a47df9adeaf3d1ff9b9df1b1fc8e8dbd191490e2 29756 redis_6.0.16-2.debian.tar.xz 27cc668080e3467e8d9065a5afa5ba6b3e9ac4cc 7408 redis_6.0.16-2_amd64.buildinfo Checksums-Sha256: 41cab0e400c1400067bd887d181c7975dd4e0cc5e7c626b0afc5d8c3cd23009b 2264 redis_6.0.16-2.dsc 64cb48251a82f003fc79c4277807ac8c867d61c169cb053682b6e0731e91b1af 29756 redis_6.0.16-2.debian.tar.xz 82cc08b3f4c573c0ca8d714933078df540e8025931a8afac77c8ef8b518d452e 7408 redis_6.0.16-2_amd64.buildinfo Files: 6315f9aab14ce34a8087524f9ae0c702 2264 database optional redis_6.0.16-2.dsc cf578dec93c53c6d7947dcff5dbc16f7 29756 database optional redis_6.0.16-2.debian.tar.xz 8c0cb37c41106f795f92ebe4e6bb5374 7408 database optional redis_6.0.16-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInOc8ACgkQHpU+J9Qx HlgQ+BAAl8AxvcmQTuMFyO+XMj4ig/Gvv9RB0qF3jhAWOG7NykTP3pdlEFxZwRGH VcOtPjVmIgcKGZDvJOftW5IwGaAWCqplOpm/vgHwjPHGLAkAARXWJnDQDxmJsMPZ UqwMhqqJH2XpbjDs1sH9FPUbHPNfXnbQpMyyFjpYPk6jt38moj6hN1laArDxvjt9 BQqCxT4X0ZctSiv/iakOUXz2bNWlu1ZqayWVQ/nfCdrViosegwEfpmmDwgOUS4YG SWzN8+dYgd55hC1J+M7WX8qtCmY+CZatfZWVpa5so1VfpfOCBSWQbuVN6gann66w f/GmTrzP7UHGGpUPJV3dCwc+YXIeosFCON3ilrHYXttxqAfSAeJCEu65amaaIX3W G506701U3hfIOGME1WgjiarKSMZF3+uhgTSwqjrosRJ7qUzQiL3jV1OFkgv9UjwT hxkqPDF2gjIb4LiYQnTjC/HSWl1xqg/BA3oaOPCbFy9UxQEPcNW98MM7JXDhAORT NWDA7TaL2Sd6isJuY/wchKUbMFUP/bN5TesZKfW5kTLHVNDkc/kd24UJYBxnirqV IyzHTcVjkPGFwPi3V5bBYUcEj9XwORC99spiTG7ndNOPT3WbqyRAmxC/hxNNufl6 npZIolO0++hWChi/uzkKtgKQu19F0R4Gzr8Nc+z0eQ64tgpkv+s= =v/95 -----END PGP SIGNATURE-----
--- End Message ---
