Your message dated Fri, 23 Sep 2022 11:59:51 +0000 with message-id <e1obhlt-00hcyf...@fasolo.debian.org> and subject line Bug#1020512: fixed in redis 5:7.0.5-1 has caused the Debian Bug report #1020512, regarding redis: CVE-2022-35951 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1020512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: redis Version: 5:7.0.4-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for redis. CVE-2022-35951[0]: | Fix heap overflow vulnerability in XAUTOCLAIM If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-35951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35951 [1] https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:7.0.5-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1020...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 23 Sep 2022 11:12:24 +0100 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.0.5-1 Distribution: unstable Urgency: medium Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1020512 Changes: redis (5:7.0.5-1) unstable; urgency=medium . * New upstream security release: - CVE-2022-35951: Fix a heap overflow vulnerability in XAUTOCLAIM. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may have caused an integer overflow, a subsequent heap overflow and potentially lead to remote code execution. (Closes: #1020512) * Refresh patches. * Update debian/watch. Checksums-Sha1: 28161784db06e0dc68217b1d6286e7c069f8e185 2266 redis_7.0.5-1.dsc 77a8ae9d1ff9a09a9a6243c246443c5841287d57 2998759 redis_7.0.5.orig.tar.gz bbbf1275ea6e73df3f1ea450401086e374fb820c 27668 redis_7.0.5-1.debian.tar.xz 2978e254c4e0cac850a91eec14f2ff15a5c91833 7492 redis_7.0.5-1_amd64.buildinfo Checksums-Sha256: 66ca9f2116d05a4df370428e4927f19ae5c0faf6e6bee8f71e9b053cc0384557 2266 redis_7.0.5-1.dsc 40827fcaf188456ad9b3be8e27a4f403c43672b6bb6201192dc15756af6f1eae 2998759 redis_7.0.5.orig.tar.gz bc2adb84f38df9b58e2bf8018edee25d0134d9008a4e06c7f2849d718d7e9e5e 27668 redis_7.0.5-1.debian.tar.xz e4d9a6aa6788c8c8c1e1e272adc5687064c294a69bf3efc45445236cb8cdc166 7492 redis_7.0.5-1_amd64.buildinfo Files: 3d58edad5cccd5e5a034687f950e4762 2266 database optional redis_7.0.5-1.dsc f9c190c3f94cd42e7a83c12e995c4e53 2998759 database optional redis_7.0.5.orig.tar.gz 4f13228c15749667ab4e08bebeaa8997 27668 database optional redis_7.0.5-1.debian.tar.xz 6e9983a61ea2ab77071e79425d7cf4f4 7492 database optional redis_7.0.5-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmMth8UACgkQHpU+J9Qx Hlgfww//SG/+XJ/ecm7Ih98bOqmG7koxKMqYByTfdQ9T4Pllhmku85vobMWy3Bjh QlYUj/DB8EcxhcCz6MIn21r9uerALMZiSRnLNlR2d2gJZivsQtiXbM84LwlBJv8i 4JP0pS+M96+vKeo7+lwcJsmBcLko61bRNVozbIJWPKfZV9bhLACuBQtfCDlLhVo6 sMq2k+aNIPhvhsuESy04CoTgL7mxFOXFGc/mKdBj3WWLNgWSLR+5P9XewoWIfyLn Q/AtgJy2AOX+rVkUJqHNZjBZ1jrLWIiLEeb0aUdGYXler027x7Colp6egXK5dvZ5 gTg77FBS/xmrzeBdd6hVld8OHyAajUYtgov9LJepRCD0XQQKImtgNynpMPK4VYiq 35RDjoGZVHfTFLc/7BQnAY9ijDNM0sYE957XtRBNywLVO++Ng57oBNMEObTVvGpv HL2DK8ik3njU/9fGRJrB/+dTUASIntadQBBZ/11DWiZ/GaMGNtpyodOCqLkmIWOO qK2VPrPS0CtSeRN6NM64SLuKO+gO4rsbj87t4BA1G8LV73iE70NiVf0mQATolYQb bIr1XgTI5YNqcZ8I1GY7aN5LqqUOw9MKJrwh4XEhY4qI2q7MCv77tRbMt/n2lSOA +VskxiVEu8mzUW6Nq2mDbgcIJIWHhD9nnTHBQ2SS4a01dZ6MnMQ= =mF2q -----END PGP SIGNATURE-----
--- End Message ---
