Parcourir la source

package/redis: security bump to v6.2.7

From the release notes:
(https://github.com/redis/redis/blob/6.2.7/00-RELEASENOTES)

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
  can cause NULL pointer dereference which will result with a crash of the
  redis-server process. This issue affects all versions of Redis.
  [reported by Aviv Yahav].
* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
  environment, an attacker with access to Redis can inject Lua code that will
  execute with the (potentially higher) privileges of another Redis user.
  [reported by Aviv Yahav].

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Titouan Christophe il y a 3 ans
Parent
commit
60ff1d619d
2 fichiers modifiés avec 2 ajouts et 2 suppressions
  1. 1 1
      package/redis/redis.hash
  2. 1 1
      package/redis/redis.mk

+ 1 - 1
package/redis/redis.hash

@@ -1,5 +1,5 @@
 # From https://github.com/redis/redis-hashes/blob/master/README
-sha256  5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab  redis-6.2.6.tar.gz
+sha256  b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319  redis-6.2.7.tar.gz
 
 # Locally calculated
 sha256  97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828  COPYING

+ 1 - 1
package/redis/redis.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-REDIS_VERSION = 6.2.6
+REDIS_VERSION = 6.2.7
 REDIS_SITE = http://download.redis.io/releases
 REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
 REDIS_LICENSE_FILES = COPYING