[Git][security-tracker-team/security-tracker][master] Mark a series of redis CVEs as ignored for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Tue Sep 3 13:46:08 BST 2024
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
edce3027 by Chris Lamb at 2024-09-03T13:44:58+01:00
Mark a series of redis CVEs as ignored for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80877,7 +80877,7 @@ CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With i
CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
{DSA-5610-1 DLA-3627-1}
- redis 5:7.0.14-1 (bug #1054225)
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable)
NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14)
@@ -110584,7 +110584,7 @@ CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solutio
CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
{DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
NOTE: https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11)
NOTE: https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12)
@@ -122141,7 +122141,7 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impos
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
- redis 5:7.0.9-1 (bug #1032279)
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
[buster] - redis <postponed> (Minor issue, DoS)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9)
@@ -170106,7 +170106,7 @@ CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training de
CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...)
{DLA-3361-1}
- redis 5:7.0.9-1
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
NOTE: https://github.com/redis/redis/commit/0825552565e5fdab2e87950579c4f0bedded3e3c (7.0.9)
@@ -202463,7 +202463,7 @@ CVE-2022-24835
CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...)
{DSA-5610-1}
- redis 5:7.0.12-1
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
[buster] - redis <no-dsa> (Minor issue)
NOTE: https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
NOTE: https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 (7.2-rc3)
@@ -255805,7 +255805,7 @@ CVE-2021-31295
RESERVED
CVE-2021-31294 (Redis before 6cbea7d allows a replica to cause an assertion failure in ...)
- redis 5:7.0.1-4
- [bullseye] - redis <no-dsa> (Minor issue)
+ [bullseye] - redis <ignored> (Minor issue)
[buster] - redis <no-dsa> (Minor issue)
NOTE: Introduced with: https://github.com/redis/redis/pull/8170 (6.2-rc2, but feature partially backported to 6.0.y)
NOTE: Fixed by: https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f (6.2.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edce3027592c86f4a9bd5adc6888bfcad7318bd6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edce3027592c86f4a9bd5adc6888bfcad7318bd6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/7f5a3dfc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list