[Buildroot] [PATCH 1/1] package/redis: security bump to v6.2.5
Peter Korsgaard
peter at korsgaard.com
Fri Jul 30 16:24:02 UTC 2021
>>>>> "Titouan" == Titouan Christophe <titouanchristophe at gmail.com> writes:
> From the release notes:
> ================================================================================
> Redis 6.2.5 Released Wed Jul 21 16:32:19 IDT 2021
> ================================================================================
> Upgrade urgency: SECURITY, contains fixes to security issues that affect
> authenticated client connections on 32-bit versions. MODERATE otherwise.
> Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761).
> An integer overflow bug in Redis version 2.2 or newer can be exploited using the
> BITFIELD command to corrupt the heap and potentially result with remote code
> execution.
> See https://github.com/redis/redis/blob/6.2.5/00-RELEASENOTES
> Signed-off-by: Titouan Christophe <titouanchristophe at gmail.com>
Committed to 2021.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list