[Buildroot] [PATCH for 2021.02.x 1/1] package/redis: security bump to v6.0.15
Peter Korsgaard
peter at korsgaard.com
Fri Jul 30 16:23:19 UTC 2021
>>>>> "Titouan" == Titouan Christophe <titouanchristophe at gmail.com> writes:
> From the release notes:
> ================================================================================
> Redis 6.0.15 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
> See https://github.com/redis/redis/blob/6.0.15/00-RELEASENOTES
> Signed-off-by: Titouan Christophe <titouanchristophe at gmail.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list