Bug#988045: marked as done (redis: CVE-2021-29477 & CVE-2021-29478)

Debian Bug Tracking System Tue, 04 May 2021 03:21:13 -0700

Your message dated Tue, 04 May 2021 10:18:52 +0000
with message-id <[email protected]>
and subject line Bug#988045: fixed in redis 5:6.0.13-1
has caused the Debian Bug report #988045,
regarding redis: CVE-2021-29477 & CVE-2021-29478
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
988045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988045
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: redis
Version: 3:3.2.6-3+deb9u3
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for redis.

CVE-2021-29477[0]:
   Vulnerability in the STRALGO LCS command

CVE-2021-29478[1]:
   Vulnerability in the COPY command for large intsets

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-29477
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29477
[1] https://security-tracker.debian.org/tracker/CVE-2021-29478
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29478


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-

--- End Message ---

--- Begin Message ---

Source: redis
Source-Version: 5:6.0.13-1
Done: Chris Lamb <[email protected]>

We believe that the bug you reported is fixed in the latest version of
redis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated redis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 04 May 2021 11:06:14 +0100
Source: redis
Built-For-Profiles: nocheck
Architecture: source
Version: 5:6.0.13-1
Distribution: unstable
Urgency: medium
Maintainer: Chris Lamb <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 988045
Changes:
 redis (5:6.0.13-1) unstable; urgency=medium
 .
   * New upstream security release:
     - CVE-2021-29477: Vulnerability in the STRALGO LCS command.
     - CVE-2021-29478: Vulnerability in the COPY command for large intsets.
     (Closes: #988045)
   * Refresh patches.
Checksums-Sha1:
 b791442f9aaf91badf52b24916fea98130c4b3f5 2264 redis_6.0.13-1.dsc
 a2b136073badd407575ddd8e66b0622a0393b918 2297613 redis_6.0.13.orig.tar.gz
 27e8e64ebfb712ab81c7a5d5c83fd9f61ba16f8c 29072 redis_6.0.13-1.debian.tar.xz
 549c11b6d05bf00612bf24e1e2f4cc1149ddcf2a 7307 redis_6.0.13-1_amd64.buildinfo
Checksums-Sha256:
 5595b5d50be6ad7fa062591558a4eb16edb33a0075733e711998424a7adb15b8 2264 
redis_6.0.13-1.dsc
 e6b66c8bde338cda2080bee170ec277e863816b359145b916094a3f8c3fea232 2297613 
redis_6.0.13.orig.tar.gz
 d5e4578e7b08821c94c766b708955c22b32a7dbbf563cc2f443c88f00218522b 29072 
redis_6.0.13-1.debian.tar.xz
 45cd3d1b2ad904bbc5d4f2c66db95895f1484a9d649e80504a457efe221f42e1 7307 
redis_6.0.13-1_amd64.buildinfo
Files:
 5ef5dab20ce981d115f59df6ef11f671 2264 database optional redis_6.0.13-1.dsc
 e49209f00e11c48fb85fd4ddfa09b14c 2297613 database optional 
redis_6.0.13.orig.tar.gz
 37044855952643cd3eceda01bb481ef4 29072 database optional 
redis_6.0.13-1.debian.tar.xz
 0dd4c1abf8e728701e67e2d48af3d34e 7307 database optional 
redis_6.0.13-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmCRHPUACgkQHpU+J9Qx
HlgLiA//RIvwiwm2w/ueAnEAkZrgPtHh/thpWS2SYKaHDkRy92/j1dTcS8eJEVqF
uVYorRkGUr21+UEwLKYHYV5udxr+3ZXiP7iZFb2z7lNdRn17MkfJq9O5Kkq6C59l
UYHCt4cQsmlGcGQhWF/UxnlpIjroIL5Q1L/MlIgLbFa5QpSjJeDgwstoyo8Sdz7b
pOvnvVrzyUCpK8fiouaOG9QBaGxznJyoDWAPXAfvFqFpMLnobXt8O+EPH9RhLuql
brm+21peqA1mvQiPt9cijmCr8qlKT1UiBQVd3Fyl9qMIreWH6zZl0LvZVV/j28xx
O3dNHy1rDD/xkJTrDFZeg4Djz/0RbGqZBhBvtrnZEC1n6ba3BLBp07iu+HaCdeXB
xFzgYuljmFXw2z2R9LwZra8RqM89FH/zMbLMMXRyryzDJUC2LNY352rqHk1pyZhk
RDa8NLYRf5TJ9zNwbu/yfYXHXqay6UyJog11PgglaCyagcAWpm0L7kOZRoXDGaAZ
jCg3GLrsVkQYfS/YwAD9svhDVY7yh72uNzmiawJMg2zTG4STDCKHhxFbi6lgkYGr
z32omo39TmvuELDB54VmWGi3ZXm8DRR1HKnpeK/E5rluI5xGyG9DyWAhzQcOmJDM
oMO1yALyatWN+fm6PeXGvPhJRRxz35Sszj7DLyCFiWULpSR1jZg=
=fRMc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#988045: marked as done (redis: CVE-2021-29477 & CVE-2021-29478)

Reply via email to