CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2022/04/27 23:04:50
Modified files:
databases/redis: Tag: OPENBSD_7_1 Makefile distinfo
databases/redis/patches: Tag: OPENBSD_7_1 patch-redis_conf
patch-src_Makefile patch-src_server_h
Log message:
MFC: Update to redis-6.2.7
This fixes:
(CVE-2022-24736) An attacker attempting to load a specially crafted
Lua script can cause NULL pointer dereference which will result with
a crash of the redis-server process. This issue affects all versions
of Redis.
(CVE-2022-24735) By exploiting weaknesses in the Lua script
execution environment, an attacker with access to Redis can inject
Lua code that will execute with the (potentially higher) privileges
of another Redis user.
