Your message dated Tue, 09 Jan 2024 15:06:18 +0000 with message-id <e1rndgi-007tl7...@fasolo.debian.org> and subject line Bug#1060316: fixed in redis 5:7.2.4-1 has caused the Debian Bug report #1060316, regarding redis: CVE-2023-41056 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1060316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060316 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: redis Version: 5:6.0.16-1+deb11u2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for redis. CVE-2023-41056[0]: Buffer overflow in certain payloads may lead to remote code execution Info just unembargoed, so links may time some time to update. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41056 https://www.cve.org/CVERecord?id=CVE-2023-41056 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: redis Source-Version: 5:7.2.4-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of redis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1060...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated redis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 09 Jan 2024 14:29:59 +0000 Source: redis Built-For-Profiles: nocheck Architecture: source Version: 5:7.2.4-1 Distribution: experimental Urgency: medium Maintainer: Chris Lamb <la...@debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1060316 Changes: redis (5:7.2.4-1) experimental; urgency=medium . * New upstream security release: . - CVE-2023-41056: In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. (Closes: #1060316) . - For more information, please see: <https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES> . * Refresh patches. Checksums-Sha1: 0605f2f0e2265cdf050cba239b0e6ff8d1306a82 2231 redis_7.2.4-1.dsc b7f1c8355841887063b54d132e74a03d011b1f6f 3424072 redis_7.2.4.orig.tar.gz c35a094c0c4d24e9131b01eb0595c2585248e454 29048 redis_7.2.4-1.debian.tar.xz 40566da9c048e43b93d17216d45744537de033e5 7634 redis_7.2.4-1_amd64.buildinfo Checksums-Sha256: 060c197244c0a85abc1329e8fdf34c685c3297778a9159e8fcdad4c86bd35d3c 2231 redis_7.2.4-1.dsc 0a62b9ae89b4be4e8d40c0035c83a72cb6776f4b62fe53553981a57f0f4ff73d 3424072 redis_7.2.4.orig.tar.gz 7e9bb66e77c3c6316d6fdfe9a8b56c0b7eb6e0bfb75a64679910c67a6b3dc5b8 29048 redis_7.2.4-1.debian.tar.xz df399116e693510ca48566753e3fb1dc2507b272e00000943ae5d66c8efa0186 7634 redis_7.2.4-1_amd64.buildinfo Files: 22264f587411cbac2fe0965b81014882 2231 database optional redis_7.2.4-1.dsc ee630d0e8b2a9092bd5c88af85630836 3424072 database optional redis_7.2.4.orig.tar.gz 77b3666aed677670ae33cdc0426230e0 29048 database optional redis_7.2.4-1.debian.tar.xz 2c9a71fea85d942ea2eb38a4bb692876 7634 database optional redis_7.2.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmWdWXsACgkQHpU+J9Qx Hljj5Q/8CUqCHJ4+4FYjEtvF8syqNO4DzdD+jpuTuKX1Zhkn8St5WewOGXLPgwZS LkcUjLNRHDQz3lY3J+L1cTiapyNEKM2rLGApTRNWFiBSU6cRla4MoUX4g7jYkGoh ohkogFZBlRIC9Kx3sJITojcBZznLK113EUx4OCJ+YsR0PPyMbm6mg7/AbMQLvMnZ 0fJhfHOEpL3ruUKyx89chF6ml7YBV9KfZOltyQRVq7qRs+lmmsZoecs8VZFdj6Zi v8+2VWI9g0iU0F9cUC6ivrs+aJL6Drw28mqYnTtkSGqOc9JjMg4qDiesJQPKuOHC P9+bM88WBJJit+TNPkIAL+GQTYUxwqxIR1Y6aEeiXX7g/pKHf/ePztjbVzdbZNYW PvAWWQuQBwIGfoHZtIVr2vXc77b0pFv0Dsr3vj1/O6hLX5UZiy6UvWbZ15LGW0+Y a7x7ezp9a93NoMu+VYmNDDtcmNb0xTea1g9c8D9EfGgcEPocMLdA7Y4p713jidA7 pm7NYljXS+0ZiVdtBPnNceh4wBxiVU8GSgFprXIj9k2Q+5BEDVQWVarLaBRuVMIz E18sFvhsuheTvIIyO2c4LckSnRP1OKTVbayQh1/MixmWoGjWZszvUkKsBj6DCH6a HFjU/OdT+QR2o4bDekmh5bUKprQO67Mr9E0KTfOTXfhuk4T9W2c= =ZX5s -----END PGP SIGNATURE-----
--- End Message ---
