Your message dated Tue, 09 Jan 2024 14:55:20 +0000 with message-id <e1rndvg-007qyo...@fasolo.debian.org> and subject line Bug#1060316: fixed in redis 5:7.0.15-1 has caused the Debian Bug report #1060316, regarding redis: CVE-2023-41056 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1060316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 5:6.0.16-1+deb11u2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for redis. CVE-2023-41056[0]: Buffer overflow in certain payloads may lead to remote code execution Info just unembargoed, so links may time some time to update. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41056 https://www.cve.org/CVERecord?id=CVE-2023-41056 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:7.0.15-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1060...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 09 Jan 2024 13:42:30 +0000 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.0.15-1 Distribution: unstable Urgency: medium Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1060316 Changes: redis (5:7.0.15-1) unstable; urgency=medium . * New upstream security release: . - CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. (Closes: #1060316) . - For more information, please see: <https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES> . * Refresh patches. Checksums-Sha1: 9ca4996d9e131375c384e298303e7b02ad67b3b4 2273 redis_7.0.15-1.dsc b5d51660215a5402d146b8ec045ae712a14783de 3025940 redis_7.0.15.orig.tar.gz d8dda64d6bb28711e578691f61fecc8eacb81cd2 29128 redis_7.0.15-1.debian.tar.xz 1e9d428c9d811161fde2a5ef14c8cb31dcbbd44e 7650 redis_7.0.15-1_amd64.buildinfo Checksums-Sha256: ffe9a357ddcf417d8ba9e1aa9e7c91060bfd00dc59cce70e295c2015a153d721 2273 redis_7.0.15-1.dsc 4b1dc4ee6d622a09fff9c6777191209750fb5e5a725ef78ea012d6eef4c22982 3025940 redis_7.0.15.orig.tar.gz 591c1f43504b7d454b3eb935728f10c46b9439dcda1b22ea4338e147910a0ead 29128 redis_7.0.15-1.debian.tar.xz ee2272f209fb4b06225dfaa04b328492f567f8aa4f21bc8407d63f18eb819f0d 7650 redis_7.0.15-1_amd64.buildinfo Files: 2ca7b5366940e4bd269f48b1fe3fcb2d 2273 database optional redis_7.0.15-1.dsc d4572b9ddf01b3aeeb43859119ad62f9 3025940 database optional redis_7.0.15.orig.tar.gz 959b796926f5ba729ee634ccadbe8e7d 29128 database optional redis_7.0.15-1.debian.tar.xz 5b2dac83a1865854a77504fc407144de 7650 database optional redis_7.0.15-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmWdT8IACgkQHpU+J9Qx HliUAQ/+M4Bm7uMRHTE7eUCxBaRo1g0DuyFzBma8kuHepMGCZVW3AILH+uSXcplm ie0MBxXbPEOqtQtI55h93MeHnnev06iCfs85u1jD8Qokkk5fj90hxqSAPgBmQYzR cdQjOby+x+xrtED7xWBqpANbYwjdGk/npm6LG/Iwzgw5bEN++yoDiihGXjg72iDQ XAafojj7q/cmjKV5Kyv2swfWaNMeeYjMGEOdk1Rb07B3pFcwn2BmcwuHB9G/XkOq HEPBlTsOwlFdhh0WyIydwEHOzK2lHkPiEMfk9D2mO7+o37mGSxx9D5rRbuzoteHJ R5DH5NSyVtF/oPTmOsizo8I7+iot/dAPgCY37FJn0HYzqLcOccNLOtRISLWOh565 9ORiJg9j0Lcg/o9S0DzfMFGX7vVPW8Nx+fUQ7E6fF0qEm9apKp6+09NKZCTxTwYm NoLGSdua0+vmZsRHka8KuwVBQBTlv0zlgn+/rY51ri4SmB4XG/xRG9C0cAiGCF9K LQo56QTX7MqGujxeVZXTbc90ePd3FShV0wkJQnccGWXD+GPZRAdOlU9tKW9QNXEi tx2BGNLCSo9tvKhSTazNgoAKb7EttiOAeT4A1NEI3b0fItdR5mpNKY/TdCkG1iQ8 YE+/n+MdfVeK/RbCs3lB6Wq6HQVYH9xllGnGWtZ920D8xEO2zEw= =2SVX -----END PGP SIGNATURE-----
--- End Message ---
