[Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Jul 26 21:08:40 UTC 2021
On Mon, 26 Jul 2021 11:16:35 +0200
Titouan Christophe <titouanchristophe at gmail.com> wrote:
> From the release notes:
> ================================================================================
> Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
>
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
>
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
>
> See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
>
> Signed-off-by: Titouan Christophe <titouanchristophe at gmail.com>
> ---
> package/redis/redis.hash | 2 +-
> package/redis/redis.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list