From nobody Wed Mar 1 01:59:22 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PRHV24Qryz3vDTf; Wed, 1 Mar 2023 01:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PRHV23HKwz3Dlm; Wed, 1 Mar 2023 01:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677635962; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZVRNK83tVdKANoMNzcINDxLJ2puOU8o26Nmus/mYE9g=; b=Kyjjh5eGKLrDsKx7lisPLCxWsG60SuNxSarrX4LjPCntfVMh0828smgsYlsh6VWpoExF/T ApFU7F33N+a75X91+046IQci2JWmJNEwxECZD35jThekM9+FIMFdypOZHx0zfukj0jtcEF DDB2InlZVi/8jppMTjUXPi65UToSlnFcHo6HAbQAG4M6APXazGjqAgSc5rQsLmV2ekCvCN qob1m3xSrw4fHbOPxiRLyjcruMU5aMziSp75EFocdPMnek+iBXVZ9cx+OyS0uSIoecpYI5 JcXHZB5vuhGstdlTQUsNbVJn8DRCj2kVLUWVzwUdJTn9YC6GVD81Fm3xOjTDLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677635962; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZVRNK83tVdKANoMNzcINDxLJ2puOU8o26Nmus/mYE9g=; b=XuwTaED4y4WhiTrn3gZOV/55aMObMSExz3JgE+HPiJAwpEj6oCFy7dSJWzcXfaIF/b2w5l 8p/aT4JUqkOygQvzras5iEdnU6dpz8NsJBe9fhoyYGOye4iVh26jMwGeNxZ+YebNhhE4aS 6gHBjhQh+PBUaBsahph52hsS/ftinsw/twp2YAystxOYbyoXYGYhSxGaRXqN0nwrzbE8nE 3OR1ovg5wvrPTSoA2snORKH7O/4hR62zAAy1bmMl1z0vhZYaUtLvJqMOTfsyNvv9ecYeLc 0li66zAv1bb7H2qZXtOoMmvry2A4Ne5fZDbz0R4dGsnYTlkqwpYGV8/1IraTMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677635962; a=rsa-sha256; cv=none; b=deQqX49hv7KdlA8JoKgx8RRdIN7W1NpvLvByMRmcxqwv6UN1zmyuZv2dr0/hAbttWqcDAo p2OUPhDtqX6GUSj2KXFjKQ1zb2ItANr1HfSF+EBJ64Zi4pbwOp7pdP4+pO9S+pXi6xDyKG /7bhI6tNohbYT97v88oXE40uhkUlkYOhTHu2TsbpRzROaYgqbpuRP1FJ20z/jyXKgJT2nQ lwWcCCQ867GM6yl4kRLsbmFFKeSYYJoxhb0F+8o4RoQL10AFCg9HecmTWzOogrnL8vjkCP MkEmtshOGKbpOiCuLp1Ox3guS161oSPHJkP96mn1F+Y5X5RPBWPEGy85V5XqLQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PRHV22HpDzGl1; Wed, 1 Mar 2023 01:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3211xMBg054866; Wed, 1 Mar 2023 01:59:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3211xMmF054865; Wed, 1 Mar 2023 01:59:22 GMT (envelope-from git) Date: Wed, 1 Mar 2023 01:59:22 GMT Message-Id: <202303010159.3211xMmF054865@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yasuhiro Kimura Subject: git: 3a891df6413d - main - security/vuxml: Document multiple vulnerabilities in redis List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: yasu X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3a891df6413d56f9af330a132abe2634076f8072 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=3a891df6413d56f9af330a132abe2634076f8072 commit 3a891df6413d56f9af330a132abe2634076f8072 Author: Yasuhiro Kimura AuthorDate: 2023-03-01 00:33:04 +0000 Commit: Yasuhiro Kimura CommitDate: 2023-03-01 01:54:52 +0000 security/vuxml: Document multiple vulnerabilities in redis --- security/vuxml/vuln/2023.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 7f6d1d935ff3..422c0246eb6e 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,57 @@ + + redis -- multiple vulnerabilities + + + redis + 7.0.9 + + + redis-devel + 7.0.9.20230228 + + + redis62 + 6.2.11 + + + redis6 + 6.0.18 + + + + +

The Redis core team reports:

+
+
+
CVE-2023-25155
+
+ Specially crafted SRANDMEMBER, ZRANDMEMBER, and + HRANDFIELD commands can trigger an integer overflow, + resulting in a runtime assertion and termination of the + Redis server process. +
+
CVE-2022-36021
+
+ String matching commands (like SCAN or KEYS) with a + specially crafted pattern to trigger a denial-of-service + attack on Redis, causing it to hang and consume 100% CPU + time. +
+
+
+ +
+ + CVE-2023-25155 + CVE-2022-36021 + https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI + + + 2023-02-28 + 2023-03-01 + +
+ emacs -- multiple vulnerabilities