redis (5:7.2.5-2)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/lamby/pkg-redis.git -b debian/experimental
-
- Branch: debian/experimental
- Path: debian/changelog
- Repo size: 14819328
- Browser: https://salsa.debian.org/lamby/pkg-redis
- Last scan: 2024-12-04 20:48:04+00
- Next scan: 2024-12-11 11:12:00+00
- Merge requests: 3
- CI pipeline status: failed
- Debian changelog in Git:
redis (5:7.2.5-2) experimental; urgency=high
* Fix three new security vulnerabilities:
- CVE-2024-31227: An authenticated with sufficient privileges could have
created a malformed ACL selector which, when accessed, triggered a server
panic and subsequent denial of service.
- CVE-2024-31228: Authenticated users could have triggered a
denial-of-service by using specially crafted, long string match patterns
on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION
LIST`, `COMMAND | LIST` and ACL definitions. Matching of extremely long
patterns may have resulted in unbounded recursion, leading to stack overflow
and process crash.
- CVE-2024-31449: An authenticated user may have used a specially crafted
Lua script to trigger a stack buffer overflow in the bit library, which
may have potentially led to remote code execution.
(Closes: #1084805)
-- Chris Lamb <lamby@debian.org> Wed, 09 Oct 2024 13:51:24 -0700
- This branch is even with tag debian/5%7.2.5-2