CVSROOT: /cvs Module name: ports Changes by: d...@cvs.openbsd.org 2022/04/27 21:02:36
Modified files: databases/redis: Makefile distinfo databases/redis/patches: patch-redis_conf patch-src_Makefile patch-src_server_h Log message: Update to redis-6.2.7 This fixes: (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis. (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. ok tb