Your message dated Tue, 08 Mar 2022 11:25:02 +0000 with message-id <e1nrxxe-0000iv...@fasolo.debian.org> and subject line Bug#1005787: fixed in redis 5:7.0~rc2-2 has caused the Debian Bug report #1005787, regarding redis: CVE-2022-0543 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1005787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 5:5.0.14-1+deb10u1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, A vulnerability was published for redis as CVE-2022-0543[0]. This is the placeholder Debian bug which will be renamed and fleshed out later with more details once it has become unembargoed. [0] https://security-tracker.debian.org/tracker/CVE-2022-0543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:7.0~rc2-2 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1005...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 08 Mar 2022 11:05:56 +0000 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.0~rc2-2 Distribution: experimental Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1005787 Changes: redis (5:7.0~rc2-2) experimental; urgency=high . * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability. . This vulnerability existed because the Lua library in Debian is provided as a dynamic library. A "package" variable was automatically populated that in turn permitted access to arbitrary Lua functionality. As this extended to, for example, the "execute" function from the "os" module, an attacker with the ability to execute arbitrary Lua code could potentially execute arbitrary shell commands. . Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and reporting this issue. (Closes: #1005787) Checksums-Sha1: b6202bc4dd0d0e013d03df5f45041eb6757f76dc 2280 redis_7.0~rc2-2.dsc 3623f6961585e64fa853be59e4be444061a820cd 27976 redis_7.0~rc2-2.debian.tar.xz 2bfc35e8efbc451b2c868277606f3482f12d9df4 7427 redis_7.0~rc2-2_amd64.buildinfo Checksums-Sha256: 78fece1044f5afe956b784bf8d69c20f2fb6ee960fa707261a696c9187521000 2280 redis_7.0~rc2-2.dsc e83bc7294a67918d7eef5f71e7e7b8107109687a1398956e39a6546b6d645400 27976 redis_7.0~rc2-2.debian.tar.xz ecb739e8bafaf12fcad1bbe17b39567ea26042f0fd182478a22fa7f1f6cb8e64 7427 redis_7.0~rc2-2_amd64.buildinfo Files: 5a2035a16671cf19409df270c571c565 2280 database optional redis_7.0~rc2-2.dsc 77cb8ead85d7cfc95ca04cb516eef011 27976 database optional redis_7.0~rc2-2.debian.tar.xz 5ba5623bb3355997d4747cd099c55d51 7427 database optional redis_7.0~rc2-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInORkACgkQHpU+J9Qx Hlj8gg//XVUyRIqKUQCtQV1hdPslFaVNb8wTpIiuuc2wQav4IPcGWdg1iALk/C98 ivkUAvSFLSXx87cRL4m73h3pKJ/OtserPp/a1EadxJQXXi0K3lE7G+rav9Gj99CF i++ThpU2/y+aAn3UOV8m0jaUGJj+OLkK9iIRLeBGXMAFI1mdoBptvLGezBdECKvF Og8LZeiXmU4f1V+6eEljyRFltfnYMdOgxWf8UGt+vTLnnSH/e+S6Pa0YH0UMQgXy uDwRs6j2Ta9CK/H+1VS7jwSI94Gy+lhtZn8EcOLEBDxQ535uy5zNmVPvXOdPE6dH GiwBfcNHXSxrWR2sHP+IsEuNWoDUxKqNXpGmGB9VrTrWgeffj200x2ccZEP6JqDk 8E/X3tPY4xsGQo7Z5umvO492vJLLA2ubWtBTI4KLRnxowzKVJF6N624gCEqVePSw j19QkrhXiZTDyBabldr2th36NzrbYrsS//uZY1khJPBB/j9lRTRmtAkY+0a282ge ZmZEyAaWs/XhDTckHHtdxdXUEU74LHl+X14asAvVJ6Kx/aP0WprJoi0ZMXdzdb+Q +ruEuoWYvvuZ4aeCQcThvICdxmZBNEL239XZLM6nJQz3aOZlZ6z89igLyYL3RxGu rte4x01G3TGKmFeztSSOj9wD6CGlJD/+U/UywoSVZULYkrJvRuo= =2MY8 -----END PGP SIGNATURE-----
--- End Message ---
