redis (5:6.2.6-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/lamby/pkg-redis.git -b debian/experimental
-
- Branch: debian/experimental
- Path: debian/changelog
- Browser: https://salsa.debian.org/lamby/pkg-redis
- Last scan: 2021-12-03 06:13:17+00
- Next scan: 2021-12-11 06:32:00+00
- CI pipeline status: failed
- Debian changelog in Git:
redis (5:6.2.6-1) experimental; urgency=medium
* New upstream security release:
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less
common platforms.
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very
large value.
- CVE-2021-32675: Denial Of Service when processing RESP request payloads
with a large number of elements on many connections.
- CVE-2021-32672: Random heap reading issue with Lua Debugger.
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value,
zset-max-ziplist-entries or zset-max-ziplist-value.
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap
buffer overflow.
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually
configured to a non-default, very large value.
* Refresh patches.
* Bump Standards-Version to 4.6.0.
-- Chris Lamb <lamby@debian.org> Mon, 04 Oct 2021 14:33:02 +0100
- This branch is even with tag debian/5%6.2.6-1
