[Git][security-tracker-team/security-tracker][master] Add CVE-2022-33105/redis
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 23 06:41:42 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fa1cde4 by Salvatore Bonaccorso at 2022-06-23T07:40:17+02:00
Add CVE-2022-33105/redis
Keep a TODO as not yet verified it affects ever only the v7 releases for
redis. If so then no unstable version was affected because all previous
releases in v7 series were to experimental and as well already based on
the 7.0.1 version.
Needs a second pair of eyes to verify where the issue was introduced.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2891,7 +2891,11 @@ CVE-2022-33107
CVE-2022-33106
RESERVED
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
- TODO: check
+ - redis 5:7.0.1-4
+ NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1)
+ NOTE: https://github.com/redis/redis/pull/10753
+ NOTE: https://github.com/redis/redis/pull/10829
+ TODO: check, if it affects only the v7.0 series, if so there was never an affected version in Debian unstable
CVE-2022-33104
RESERVED
CVE-2022-33103
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa1cde4d87f6e4096cc207f16643849715a6a27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa1cde4d87f6e4096cc207f16643849715a6a27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220623/2e5de7a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list