Accepted redis 5:5.0.14-1+deb10u2 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 14 Feb 2022 14:40:49 -0800
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:5.0.14-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
redis - Persistent key-value database with network interface (metapackage
redis-sentinel - Persistent key-value database with network interface (monitoring)
redis-server - Persistent key-value database with network interface
redis-tools - Persistent key-value database with network interface (client)
Closes: 1005787
Changes:
redis (5:5.0.14-1+deb10u2) buster-security; urgency=high
.
* CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
.
This vulnerability existed because the Lua library in Debian is provided as
a dynamic library. A "package" variable was automatically populated that
in turn permitted access to arbitrary Lua functionality. As this extended
to, for example, the "execute" function from the "os" module, an attacker
with the ability to execute arbitrary Lua code could potentially execute
arbitrary shell commands.
.
Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
reporting this issue. (Closes: #1005787)
Checksums-Sha1:
c7323594890807164422503c38c4d687e9e8e14f 2190 redis_5.0.14-1+deb10u2.dsc
d383cc7958c7ea89006509e4793c76eaa591cd20 2017965 redis_5.0.14.orig.tar.gz
f0606f84773a5dd31b43348a4ccc5b3cebd3e1c8 27040 redis_5.0.14-1+deb10u2.debian.tar.xz
95bc17791025dba181ad800d6c60823fb4f8f94f 63564 redis-sentinel_5.0.14-1+deb10u2_amd64.deb
fdce48049810468f5b0ab7db3c59097f5381b12a 90812 redis-server_5.0.14-1+deb10u2_amd64.deb
d3b4e1d5e72406ef7cfb2b9f9f505ba552882cc3 1254712 redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
272d111201ab937b40db64a5c8970390370a3f2b 540648 redis-tools_5.0.14-1+deb10u2_amd64.deb
9800667dd5f599f3f6ceac4edac179d1dcde7283 56136 redis_5.0.14-1+deb10u2_all.deb
ba87f9c796cd875424b3417f534a0532f1242636 7061 redis_5.0.14-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
b4f65b96b89f980077d7e042477c97421133bf19b77ebbfb0560db83ac13d70c 2190 redis_5.0.14-1+deb10u2.dsc
6d8e87baeaae521a4ad2d9b5e2af78f582a4212a370c4a8e7e1c58dbbd9a0f19 2017965 redis_5.0.14.orig.tar.gz
cae16a8e87c1f45eaa14b62cd5a46cf753e4ac688322cf300e49e350aebf5994 27040 redis_5.0.14-1+deb10u2.debian.tar.xz
86946a3aa9cc0efc1400e2f767d13bb527b4991d9ad67d4ea46e2d2ed1f56412 63564 redis-sentinel_5.0.14-1+deb10u2_amd64.deb
f3ca8e21d179771309e04ba74bd4d7fe10006d48f0a381d41d0e961b7f7e5afc 90812 redis-server_5.0.14-1+deb10u2_amd64.deb
5d7214ccb0be09a5bf7204a1ef56fe1c84ed07b004ebf3649934f35e828e2767 1254712 redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
c3fcc65f76f397ee5f68a2e48ffbe7d6cfdb5e6d62d0e251c10ae2388a1ab2e4 540648 redis-tools_5.0.14-1+deb10u2_amd64.deb
716dad9d84674ba16da517d8e1f00ff5d63904671f4306ef5f47b19f42e8fc44 56136 redis_5.0.14-1+deb10u2_all.deb
bfdfa56d32bbfce8b92b83bcbe4f26f73d3dcf0e5705b25167bb8d9245fdccb4 7061 redis_5.0.14-1+deb10u2_amd64.buildinfo
Files:
e6c701025cb1bb2d983e6240b46a3075 2190 database optional redis_5.0.14-1+deb10u2.dsc
1a06c1b414d9f895b32e6af714932175 2017965 database optional redis_5.0.14.orig.tar.gz
70f6d2c86d96941343f1d360f547a782 27040 database optional redis_5.0.14-1+deb10u2.debian.tar.xz
e64f92387fd903263197a1cbb1829a93 63564 database optional redis-sentinel_5.0.14-1+deb10u2_amd64.deb
09c80f9ab624f519a3b85426e4103602 90812 database optional redis-server_5.0.14-1+deb10u2_amd64.deb
aea040f10b8a4d2422bd6ffc31d2d548 1254712 debug optional redis-tools-dbgsym_5.0.14-1+deb10u2_amd64.deb
267208455bcd8d8372602de5b5e84320 540648 database optional redis-tools_5.0.14-1+deb10u2_amd64.deb
231d8446c16b71b0dd2b7b8510fbd197 56136 database optional redis_5.0.14-1+deb10u2_all.deb
7d006a42b9b83669c94f2a55f8288fa3 7061 database optional redis_5.0.14-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmINcucACgkQHpU+J9Qx
Hlj5cA//Wm/4hMQTweY1HK5wBmSvJsFJ6uoO2iDqT6uD72+vcAgWmFpIY4Ms3YYD
BUZjZhmLdra8JetlfGpBagDVQaY91lKuUDLBi2ppf9+dzzIzYflaNzmpNQqm177T
uo6gGVqYZNCYp036WHtd9oBD99SH3R5T0QHFq/I7LmbWr8mtKooZ1ji7tXZa1nLU
R3hKKz3j4WUBGuyvGCM7xsqWBqYVh6vhz+e0/Zns+UVWyV2Xno/YMw03sh/u7Vt5
qU+FcE10u551YuFnWBlNwNdm+53Xj/EOBtpiRA5fnrcYcA34Pz7kEyV6VzTIF06Y
OESEcegCm1F/xkVJZfy8U2e181Y+BPDOIUTbsWi0NiakBfIJV1QSGL4fkyuntSqF
WCKe7ukB10oORjOIs848Bbnnf0kG0TTCCURbJUyrk4725dKkJrtpUOe9WJ9+dbS3
9ElUvZjBTSdtrjXtwKphrkTz6VMHAl2CNs9WpbfrmRro4FOz1XM1nZPRJEfe7R6t
VHHKQaRhs4eYQ2NNo0/ujwPjIITN2Y1xwJ5yXlutozKKSlLunEm6LfihOnaP3707
hdpetFrEjBGkIsP400AEGMWK4dzTBAUAB1spcWDzMJlmBph44ojAo9gNsmKGveuY
Mn/0PL7oBoBSyWvsMDepTUq0QJdAdCpE1wOqZK0DI1A0YsIzh1k=
=mfZn
-----END PGP SIGNATURE-----