{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**Redis 6.2.7** -  Released Wed Apr 27 12:00:00 IDT 2022\n\nUpgrade urgency: **SECURITY**, contains fixes to security issues.\n\nSecurity Fixes:\n\n* (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script\n  can cause NULL pointer dereference which will result with a crash of the\n  redis-server process. This issue affects all versions of Redis.\n  [reported by Aviv Yahav].\n* (CVE-2022-24735) By exploiting weaknesses in the Lua script execution\n  environment, an attacker with access to Redis can inject Lua code that will\n  execute with the (potentially higher) privileges of another Redis user.\n  [reported by Aviv Yahav].\n\n\nPotentially Breaking Fixes\n\n* LPOP/RPOP with count against non-existing list return null array (#10095)\n* LPOP/RPOP used to produce wrong replies when count is 0 (#9692)\n\n\nPerformance and resource utilization improvements\n\n* Speed optimization in command execution pipeline (#10502)\n* Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis 6.2 (#10337)\n\n\nPlatform / toolchain support related improvements\n\n* Fix RSS metrics on NetBSD and OpenBSD (#10116, #10149)\n* Fix OpenSSL 3.0.x related issues (#10291)\n\n\nBug Fixes\n\n* Lua: Add checks for min-slave-* configs when evaluating Lua scripts (#10160)\n* Lua: fix crash on a script call with many arguments, a regression in v6.2.6 (#9809)\n* Tracking: Make invalidation messages always after command's reply (#9422)\n* Fix excessive stream trimming due to an overflow (#10068)\n* Add missed error counting for INFO errorstats (#9646)\n* Fix geo search bounding box check causing missing results (#10018)\n* Improve EXPIRE TTL overflow detection (#9839)\n* Modules: Fix thread safety violation when a module thread adds an error reply, broken in 6.2 (#10278)\n* Modules: Fix missing and duplicate error stats (#10278)\n* Module APIs: release clients blocked on module commands in cluster resharding\n  and down state (#9483)\n* Sentinel: Fix memory leak with TLS (#9753)\n* Sentinel: Fix issues with hostname support (#10146)\n* Sentinel: Fix election failures on certain container environments (#10197)\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-04-28 06:34:11", "date_modified": "2022-05-02 06:56:10", "date_approved": null, "date_testing": "2022-04-28 14:17:07", "date_stable": "2022-05-08 01:45:04", "alias": "FEDORA-2022-44373f6778", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2022-05-08 01:45:04", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2022-44373f6778", "title": "redis-6.2.7-1.fc35", "version_hash": "0e78c8a2865b77f43118e09d481a02442fb39e34", "release": {"name": "F35", "long_name": "Fedora 35", "version": "35", "id_prefix": "FEDORA", "branch": "f35", "dist_tag": "f35", "stable_tag": "f35-updates", "testing_tag": "f35-updates-testing", "candidate_tag": "f35-updates-candidate", "pending_signing_tag": "f35-signing-pending", "pending_testing_tag": "f35-updates-testing-pending", "pending_stable_tag": "f35-updates-pending", "override_tag": "f35-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2022-04-28 06:34:11", "update_id": 401221, "user_id": 91, "id": 2507821, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2022-04-28 06:34:11", "update_id": 401221, "user_id": 91, "id": 2507822, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2022-04-28 14:17:22", "update_id": 401221, "user_id": 91, "id": 2508284, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2022-05-02 06:56:10", "update_id": 401221, "user_id": 91, "id": 2512769, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2022-05-05 14:19:39", "update_id": 401221, "user_id": 91, "id": 2517134, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2022-05-08 01:48:24", "update_id": 401221, "user_id": 91, "id": 2520234, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "redis-6.2.7-1.fc35", "signed": true, "release_id": 51, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2080286, "title": "CVE-2022-24735 redis: Code injection via Lua script execution environment", "security": true, "parent": true, "feedback": []}, {"bug_id": 2080287, "title": "CVE-2022-24735 redis: Code injection via Lua script execution environment [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 2080289, "title": "CVE-2022-24736 redis: Malformed Lua script can crash Redis", "security": true, "parent": true, "feedback": []}, {"bug_id": 2080290, "title": "CVE-2022-24736 redis: Malformed Lua script can crash Redis [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2022-44373f6778", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}