Source: redis Version: 5:7.0.8-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for redis. CVE-2023-25155[0]: | Redis is an in-memory database that persists on disk. Authenticated | users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and | `HRANDFIELD` commands can trigger an integer overflow, resulting in a | runtime assertion and termination of the Redis server process. This | problem affects all Redis versions. Patches were released in Redis | version(s) 6.0.18, 6.2.11 and 7.0.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25155 https://www.cve.org/CVERecord?id=CVE-2023-25155 [1] https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 [2] https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
