{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**Redis 6.0.13** Released Mon May 3 19:00:00 IST 2021\n\nUpgrade urgency: SECURITY, Contains fixes to security issues that affect\nauthenticated client connections. LOW otherwise.\n\nInteger overflow in STRALGO LCS command (**CVE-2021-29477**):\nAn integer overflow bug in Redis version 6.0 or newer could be exploited using\nthe STRALGO LCS command to corrupt the heap and potentially result in remote\ncode execution. The integer overflow bug exists in all versions of Redis\nstarting with 6.0.\n\nInteger overflow in COPY command for large intsets (**CVE-2021-29478**):\nAn integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and\npotentially result with remote code execution. The vulnerability involves\nchanging the default set-max-intset-entries configuration value, creating a\nlarge set key that consists of integer values and using the COPY command to\nduplicate it. The integer overflow bug exists in all versions of Redis starting\nwith 2.6, where it could result with a corrupted RDB or DUMP payload, but not\nexploited through COPY (which did not exist before 6.2).\n\nBug fixes:\n\n* Cluster: Skip unnecessary check which may prevent failure detection (#8585)\n* Fix not starting on alpine/libmusl without IPv6 (#8655)\n\nImprovements:\n\n* Fix performance regression in BRPOP on Redis 6.0 (#8689)\n\nModules:\n\n* Fix edge-case when a module client is unblocked (#8618)\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-05-04 06:12:46", "date_modified": "2021-05-06 05:46:03", "date_approved": null, "date_testing": "2021-05-05 01:27:50", "date_stable": "2021-05-12 16:12:14", "alias": "FEDORA-2021-8b19c99d6a", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2021-05-12 16:12:14", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2021-8b19c99d6a", "title": "redis-6.0.13-1.fc33", "version_hash": "cc758cadf2f7725cafafed5a1717988e450be4b6", "release": {"name": "F33", "long_name": "Fedora 33", "version": "33", "id_prefix": "FEDORA", "branch": "f33", "dist_tag": "f33", "stable_tag": "f33-updates", "testing_tag": "f33-updates-testing", "candidate_tag": "f33-updates-candidate", "pending_signing_tag": "f33-signing-pending", "pending_testing_tag": "f33-updates-testing-pending", "pending_stable_tag": "f33-updates-pending", "override_tag": "f33-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2021-05-04 06:12:46", "update_id": 303235, "user_id": 91, "id": 2013142, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-05-04 06:12:46", "update_id": 303235, "user_id": 91, "id": 2013143, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-05-04 06:12:46", "update_id": 303235, "user_id": 91, "id": 2013144, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-05-04 07:03:05", "update_id": 303235, "user_id": 91, "id": 2013192, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-05-05 01:28:32", "update_id": 303235, "user_id": 91, "id": 2015208, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2021-05-06 05:46:03", "update_id": 303235, "user_id": 91, "id": 2017232, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2021-05-12 01:28:41", "update_id": 303235, "user_id": 91, "id": 2024870, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-05-12 01:28:42", "update_id": 303235, "user_id": 91, "id": 2024871, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-05-12 16:13:16", "update_id": 303235, "user_id": 91, "id": 2026125, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "redis-6.0.13-1.fc33", "signed": true, "release_id": 40, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1957410, "title": "CVE-2021-29477 redis: Integer overflow via STRALGO LCS command", "security": true, "parent": true, "feedback": []}, {"bug_id": 1957411, "title": "CVE-2021-29477 redis: Integer overflow via STRALGO LCS command [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1957414, "title": "CVE-2021-29478 redis: Integer overflow via COPY command for large intsets", "security": true, "parent": true, "feedback": []}, {"bug_id": 1957415, "title": "CVE-2021-29478 redis: Integer overflow via COPY command for large intsets [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2021-8b19c99d6a", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}