[Bug 276255] databases/redis: update to 7.2.4 with fix CVE-2023-41056

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 11 Jan 2024 08:43:04 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276255

            Bug ID: 276255
           Summary: databases/redis: update to 7.2.4 with fix
                    CVE-2023-41056
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/redis/redis/releases/tag/7.2.4
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: yasu@freebsd.org
          Reporter: vvd@FreeBSD.org
             Flags: maintainer-feedback?(yasu@freebsd.org)
          Assignee: yasu@freebsd.org

Security fixes
 * (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of
memory
 * buffers which can result in incorrect accounting of buffer sizes and lead to
 * heap overflow and potential remote code execution.

Bug fixes
 * Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2
(#12805, #12832)
 * Fix slot ownership not being properly handled when deleting a slot from a
node (#12564)
 * Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)

If you want I can create patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.