CVSROOT: /cvs Module name: ports Changes by: t...@cvs.openbsd.org 2022/04/27 23:04:50
Modified files: databases/redis: Tag: OPENBSD_7_1 Makefile distinfo databases/redis/patches: Tag: OPENBSD_7_1 patch-redis_conf patch-src_Makefile patch-src_server_h Log message: MFC: Update to redis-6.2.7 This fixes: (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. This issue affects all versions of Redis. (CVE-2022-24735) By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user.