Back to redis PTS page

Accepted redis 5:7.0~rc2-2 (source) into experimental

To: debian-experimental-changes@lists.debian.org, debian-devel-changes@lists.debian.org
Subject: Accepted redis 5:7.0~rc2-2 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 08 Mar 2022 11:25:02 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nRXxe-0000Ip-27@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Mar 2022 11:05:56 +0000
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:7.0~rc2-2
Distribution: experimental
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1005787
Changes:
 redis (5:7.0~rc2-2) experimental; urgency=high
 .
   * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability.
 .
     This vulnerability existed because the Lua library in Debian is provided as
     a dynamic library. A "package" variable was automatically populated that
     in turn permitted access to arbitrary Lua functionality. As this extended
     to, for example, the "execute" function from the "os" module, an attacker
     with the ability to execute arbitrary Lua code could potentially execute
     arbitrary shell commands.
 .
     Thanks to Reginaldo Silva <https://www.ubercomp.com> for discovering and
     reporting this issue. (Closes: #1005787)
Checksums-Sha1:
 b6202bc4dd0d0e013d03df5f45041eb6757f76dc 2280 redis_7.0~rc2-2.dsc
 3623f6961585e64fa853be59e4be444061a820cd 27976 redis_7.0~rc2-2.debian.tar.xz
 2bfc35e8efbc451b2c868277606f3482f12d9df4 7427 redis_7.0~rc2-2_amd64.buildinfo
Checksums-Sha256:
 78fece1044f5afe956b784bf8d69c20f2fb6ee960fa707261a696c9187521000 2280 redis_7.0~rc2-2.dsc
 e83bc7294a67918d7eef5f71e7e7b8107109687a1398956e39a6546b6d645400 27976 redis_7.0~rc2-2.debian.tar.xz
 ecb739e8bafaf12fcad1bbe17b39567ea26042f0fd182478a22fa7f1f6cb8e64 7427 redis_7.0~rc2-2_amd64.buildinfo
Files:
 5a2035a16671cf19409df270c571c565 2280 database optional redis_7.0~rc2-2.dsc
 77cb8ead85d7cfc95ca04cb516eef011 27976 database optional redis_7.0~rc2-2.debian.tar.xz
 5ba5623bb3355997d4747cd099c55d51 7427 database optional redis_7.0~rc2-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInORkACgkQHpU+J9Qx
Hlj8gg//XVUyRIqKUQCtQV1hdPslFaVNb8wTpIiuuc2wQav4IPcGWdg1iALk/C98
ivkUAvSFLSXx87cRL4m73h3pKJ/OtserPp/a1EadxJQXXi0K3lE7G+rav9Gj99CF
i++ThpU2/y+aAn3UOV8m0jaUGJj+OLkK9iIRLeBGXMAFI1mdoBptvLGezBdECKvF
Og8LZeiXmU4f1V+6eEljyRFltfnYMdOgxWf8UGt+vTLnnSH/e+S6Pa0YH0UMQgXy
uDwRs6j2Ta9CK/H+1VS7jwSI94Gy+lhtZn8EcOLEBDxQ535uy5zNmVPvXOdPE6dH
GiwBfcNHXSxrWR2sHP+IsEuNWoDUxKqNXpGmGB9VrTrWgeffj200x2ccZEP6JqDk
8E/X3tPY4xsGQo7Z5umvO492vJLLA2ubWtBTI4KLRnxowzKVJF6N624gCEqVePSw
j19QkrhXiZTDyBabldr2th36NzrbYrsS//uZY1khJPBB/j9lRTRmtAkY+0a282ge
ZmZEyAaWs/XhDTckHHtdxdXUEU74LHl+X14asAvVJ6Kx/aP0WprJoi0ZMXdzdb+Q
+ruEuoWYvvuZ4aeCQcThvICdxmZBNEL239XZLM6nJQz3aOZlZ6z89igLyYL3RxGu
rte4x01G3TGKmFeztSSOj9wD6CGlJD/+U/UywoSVZULYkrJvRuo=
=2MY8
-----END PGP SIGNATURE-----