[Buildroot] [PATCH v2 1/1] package/redis: security bump to v6.0.12
Peter Korsgaard
peter at korsgaard.com
Sat Mar 13 16:07:53 UTC 2021
>>>>> "Titouan" == Titouan Christophe <titouanchristophe at gmail.com> writes:
> From the release notes:
> (https://github.com/redis/redis/blob/6.0.12/00-RELEASENOTES)
> ================================================================================
> Redis 6.0.11 Released Mon Feb 22 16:13:23 IST 2021
> ================================================================================
> Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), LOW
> otherwise.
> Integer overflow on 32-bit systems (CVE-2021-21309):
> Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
> input size. By default, it is 512MB which is a safe value for all platforms.
> If the limit is significantly increased, receiving a large request from a client
> may trigger several integer overflow scenarios, which would result with buffer
> overflow and heap corruption.
> ================================================================================
> Redis 6.0.12 Released Mon Mar 1 17:29:52 IST 2021
> ================================================================================
> Upgrade urgency: LOW, fixes a compilation issue.
> Bug fixes:
> * Fix compilation error on non-glibc systems if jemalloc is not used (#8533)
> Signed-off-by: Titouan Christophe <titouanchristophe at gmail.com>
> ---
> Changes v1->v2:
> * Version bump within the 6.0 series (6.0.11 and 6.0.12) instead of 6.2.0
> * Remove patch that has been applied in 6.0.12
Committed to 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list