Bug 31744 - redis new security issue CVE-2023-28425
Summary: redis new security issue CVE-2023-28425
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Stig-Ørjan Smelror
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 31174
  Show dependency treegraph
 
Reported: 2023-03-30 23:39 CEST by David Walser
Modified: 2023-04-18 14:10 CEST (History)
1 user (show)

See Also:
Source RPM: redis-7.0.9-1.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 7.0.10

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-30 23:39:11 CEST 
Fedora has issued an advisory today (March 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGV3AVVAMM7ENIS7QNWG647OGZJTTLH4/

The issue is fixed upstream in 7.0.10.

Mageia 8 is also affected.
David Walser 2023-03-30 23:39:23 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 7.0.10

David Walser 2023-03-30 23:40:05 CEST

Blocks: (none) => 31174

Comment 1 David Walser 2023-03-30 23:47:11 CEST 
Better advisory with a bug reference:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NHVEKC7NCSUU27GETRCRR5KKB5RUFFUT/

Upstream advisory:
https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c

Mageia 8 is not affected.

Whiteboard: MGA8TOO => (none)

Comment 2 Stig-Ørjan Smelror 2023-03-31 07:50:12 CEST 
------------------------------------------------------------------------
r1950378 | kekepower | 2023-03-26 09:40:45 +0200 (Sun, 26 Mar 2023) | 3 lines

- Update to 7.0.10
  o Fixes CVE-2023-28425



And asked sys-adm to move from updates_testing to release on the same day.

CC: (none) => smelror
Assignee: bugsquad => smelror

Comment 3 David Walser 2023-03-31 14:24:56 CEST 
Thanks.  In the future, if you are aware of a security issue before me, please file a bug.
Comment 4 Stig-Ørjan Smelror 2023-03-31 14:39:55 CEST 
(In reply to David Walser from comment #3)
> Thanks.  In the future, if you are aware of a security issue before me,
> please file a bug.

Even if it only applies to Cauldron?
Thought it was mostly for released version(s).
Comment 5 David Walser 2023-03-31 14:41:45 CEST 
Yes, because at least then we have that fact documented (and it will save me time).
Comment 6 Stig-Ørjan Smelror 2023-03-31 14:51:48 CEST 
Okay. Will do :-)
Comment 7 Stig-Ørjan Smelror 2023-04-18 14:10:42 CEST 
Closing as fixed.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.