[Git][security-tracker-team/security-tracker][master] Reserve DLA-3885-1 for redis

Chris Lamb (@lamby) lamby at debian.org
Tue Sep 10 12:36:36 BST 2024 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc9bf968 by Chris Lamb at 2024-09-10T12:36:12+01:00
Reserve DLA-3885-1 for redis

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -82295,7 +82295,6 @@ CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With i
 CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
 	{DSA-5610-1 DLA-3627-1}
 	- redis 5:7.0.14-1 (bug #1054225)
-	[bullseye] - redis <ignored> (Minor issue)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
 	NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable)
 	NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14)
@@ -111996,7 +111995,6 @@ CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solutio
 CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
 	{DLA-3396-1}
 	- redis 5:7.0.11-1 (bug #1034613)
-	[bullseye] - redis <ignored> (Minor issue)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
 	NOTE: https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11)
 	NOTE: https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12)
@@ -123556,7 +123554,6 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impos
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
 	- redis 5:7.0.9-1 (bug #1032279)
-	[bullseye] - redis <ignored> (Minor issue)
 	[buster] - redis <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
 	NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9)
@@ -171517,7 +171514,6 @@ CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training de
 CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...)
 	{DLA-3361-1}
 	- redis 5:7.0.9-1
-	[bullseye] - redis <ignored> (Minor issue)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
 	NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
 	NOTE: https://github.com/redis/redis/commit/0825552565e5fdab2e87950579c4f0bedded3e3c (7.0.9)
@@ -203874,7 +203870,6 @@ CVE-2022-24835
 CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...)
 	{DSA-5610-1}
 	- redis 5:7.0.12-1
-	[bullseye] - redis <ignored> (Minor issue)
 	[buster] - redis <no-dsa> (Minor issue)
 	NOTE: https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
 	NOTE: https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 (7.2-rc3)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Sep 2024] DLA-3885-1 redis - security update
+	{CVE-2022-24834 CVE-2022-36021 CVE-2023-25155 CVE-2023-28856 CVE-2023-45145}
+	[bullseye] - redis 5:6.0.16-1+deb11u3
 [09 Sep 2024] DLA-3884-1 cacti - security update
 	{CVE-2022-41444 CVE-2024-25641 CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 CVE-2024-34340}
 	[bullseye] - cacti 1.2.16+ds1-2+deb11u4


=====================================
data/dla-needed.txt
=====================================
@@ -159,11 +159,6 @@ qemu
   NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
   NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
 --
-redis (Chris Lamb)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: Follow fixes from buster DLA-3361-1, DLA-3396-1 and bookworm DSA-5610-1 (3 CVEs) (Beuc/front-desk)
-  NOTE: 20240909: To backport: CVE-2023-45145, CVE-2023-28856, CVE-2023-25155 (only SRANDMEMBER in t_set.c), CVE-2022-36021, CVE-2022-24834 . (lamby)
---
 ring (roberto)
   NOTE: 20230301: Added by oldstable Security Team (jmm)
   NOTE: 20230301: might make sense to rebase to current version (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9bf968303acc33bc8ec55e6ddecec1c5037f1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9bf968303acc33bc8ec55e6ddecec1c5037f1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240910/96629d30/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list