Fedora has issued an advisory today (March 30): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGV3AVVAMM7ENIS7QNWG647OGZJTTLH4/ The issue is fixed upstream in 7.0.10. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 7.0.10
Blocks: (none) => 31174
Better advisory with a bug reference: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NHVEKC7NCSUU27GETRCRR5KKB5RUFFUT/ Upstream advisory: https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c Mageia 8 is not affected.
Whiteboard: MGA8TOO => (none)
------------------------------------------------------------------------ r1950378 | kekepower | 2023-03-26 09:40:45 +0200 (Sun, 26 Mar 2023) | 3 lines - Update to 7.0.10 o Fixes CVE-2023-28425 And asked sys-adm to move from updates_testing to release on the same day.
CC: (none) => smelrorAssignee: bugsquad => smelror
Thanks. In the future, if you are aware of a security issue before me, please file a bug.
(In reply to David Walser from comment #3) > Thanks. In the future, if you are aware of a security issue before me, > please file a bug. Even if it only applies to Cauldron? Thought it was mostly for released version(s).
Yes, because at least then we have that fact documented (and it will save me time).
Okay. Will do :-)
Closing as fixed.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED