Your message dated Tue, 09 Jan 2024 15:06:18 +0000
with message-id <e1rndgi-007tl7...@fasolo.debian.org>
and subject line Bug#1060316: fixed in redis 5:7.2.4-1
has caused the Debian Bug report #1060316,
regarding redis: CVE-2023-41056
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1060316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: redis
Version: 5:6.0.16-1+deb11u2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for redis.

CVE-2023-41056[0]:
Buffer overflow in certain payloads may lead to remote code execution

Info just unembargoed, so links may time some time to update.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-41056
    https://www.cve.org/CVERecord?id=CVE-2023-41056


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- End Message ---
--- Begin Message ---
Source: redis
Source-Version: 5:7.2.4-1
Done: Chris Lamb <la...@debian.org>

We believe that the bug you reported is fixed in the latest version of
redis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1060...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated redis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jan 2024 14:29:59 +0000
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:7.2.4-1
Distribution: experimental
Urgency: medium
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Closes: 1060316
Changes:
 redis (5:7.2.4-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of
       memory buffers which can result in incorrect accounting of buffer sizes
       and lead to heap overflow and potential remote code execution.  (Closes:
       #1060316)
 .
     - For more information, please see:
       <https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES>
 .
   * Refresh patches.
Checksums-Sha1:
 0605f2f0e2265cdf050cba239b0e6ff8d1306a82 2231 redis_7.2.4-1.dsc
 b7f1c8355841887063b54d132e74a03d011b1f6f 3424072 redis_7.2.4.orig.tar.gz
 c35a094c0c4d24e9131b01eb0595c2585248e454 29048 redis_7.2.4-1.debian.tar.xz
 40566da9c048e43b93d17216d45744537de033e5 7634 redis_7.2.4-1_amd64.buildinfo
Checksums-Sha256:
 060c197244c0a85abc1329e8fdf34c685c3297778a9159e8fcdad4c86bd35d3c 2231 
redis_7.2.4-1.dsc
 0a62b9ae89b4be4e8d40c0035c83a72cb6776f4b62fe53553981a57f0f4ff73d 3424072 
redis_7.2.4.orig.tar.gz
 7e9bb66e77c3c6316d6fdfe9a8b56c0b7eb6e0bfb75a64679910c67a6b3dc5b8 29048 
redis_7.2.4-1.debian.tar.xz
 df399116e693510ca48566753e3fb1dc2507b272e00000943ae5d66c8efa0186 7634 
redis_7.2.4-1_amd64.buildinfo
Files:
 22264f587411cbac2fe0965b81014882 2231 database optional redis_7.2.4-1.dsc
 ee630d0e8b2a9092bd5c88af85630836 3424072 database optional 
redis_7.2.4.orig.tar.gz
 77b3666aed677670ae33cdc0426230e0 29048 database optional 
redis_7.2.4-1.debian.tar.xz
 2c9a71fea85d942ea2eb38a4bb692876 7634 database optional 
redis_7.2.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmWdWXsACgkQHpU+J9Qx
Hljj5Q/8CUqCHJ4+4FYjEtvF8syqNO4DzdD+jpuTuKX1Zhkn8St5WewOGXLPgwZS
LkcUjLNRHDQz3lY3J+L1cTiapyNEKM2rLGApTRNWFiBSU6cRla4MoUX4g7jYkGoh
ohkogFZBlRIC9Kx3sJITojcBZznLK113EUx4OCJ+YsR0PPyMbm6mg7/AbMQLvMnZ
0fJhfHOEpL3ruUKyx89chF6ml7YBV9KfZOltyQRVq7qRs+lmmsZoecs8VZFdj6Zi
v8+2VWI9g0iU0F9cUC6ivrs+aJL6Drw28mqYnTtkSGqOc9JjMg4qDiesJQPKuOHC
P9+bM88WBJJit+TNPkIAL+GQTYUxwqxIR1Y6aEeiXX7g/pKHf/ePztjbVzdbZNYW
PvAWWQuQBwIGfoHZtIVr2vXc77b0pFv0Dsr3vj1/O6hLX5UZiy6UvWbZ15LGW0+Y
a7x7ezp9a93NoMu+VYmNDDtcmNb0xTea1g9c8D9EfGgcEPocMLdA7Y4p713jidA7
pm7NYljXS+0ZiVdtBPnNceh4wBxiVU8GSgFprXIj9k2Q+5BEDVQWVarLaBRuVMIz
E18sFvhsuheTvIIyO2c4LckSnRP1OKTVbayQh1/MixmWoGjWZszvUkKsBj6DCH6a
HFjU/OdT+QR2o4bDekmh5bUKprQO67Mr9E0KTfOTXfhuk4T9W2c=
=ZX5s
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to