{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**Redis 7.0.12** -   Released Mon July 10 12:00:00 IDT 2023\n\nUpgrade urgency SECURITY: See security fixes below.\n\nSecurity Fixes:\n\n*    (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger\n    a heap overflow in the cjson and cmsgpack libraries, and result in heap\n    corruption and potentially remote code execution. The problem exists in all\n    versions of Redis with Lua scripting support, starting from 2.6, and affects\n    only authenticated and authorized users.\n*    (**CVE-2023-36824**) Extracting key names from a command and a list of arguments\n    may, in some cases, trigger a heap overflow and result in reading random heap\n    memory, heap corruption and potentially remote code execution. Specifically:\n    using COMMAND GETKEYS* and validation of key names in ACL rules.\n\nBug Fixes\n\n* Re-enable downscale rehashing while there is a fork child (#12276)\n* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with `<count>` (#12276)\n* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction (#12276)\n* Fix WAIT to be effective after a blocked module command being unblocked (#12220)\n* Avoid unnecessary full sync after master restart in a rare case (#12088)\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": "", "close_bugs": true, "date_submitted": "2023-07-10 14:58:41", "date_modified": "2023-07-11 15:31:21", "date_approved": "2023-07-18 00:30:57", "date_testing": "2023-07-11 00:30:34", "date_stable": "2023-07-19 04:20:09", "alias": "FEDORA-2023-800612d23a", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2023-07-19 04:20:09", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2023-800612d23a", "title": "redis-7.0.12-1.fc37", "version_hash": "feb203e917160e6bdbd609b2dd36779e3028f647", "release": {"name": "F37", "long_name": "Fedora 37", "version": "37", "id_prefix": "FEDORA", "branch": "f37", "dist_tag": "f37", "stable_tag": "f37-updates", "testing_tag": "f37-updates-testing", "candidate_tag": "f37-updates-candidate", "pending_signing_tag": "f37-signing-pending", "pending_testing_tag": "f37-updates-testing-pending", "pending_stable_tag": "f37-updates-pending", "override_tag": "f37-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2023-12-05", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2023-07-10 14:58:41", "update_id": 526073, "user_id": 91, "id": 3097740, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2023-07-10 14:58:41", "update_id": 526073, "user_id": 91, "id": 3097741, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2023-07-11 00:30:53", "update_id": 526073, "user_id": 91, "id": 3098629, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2023-07-11 15:31:21", "update_id": 526073, "user_id": 91, "id": 3099285, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2023-07-18 00:30:58", "update_id": 526073, "user_id": 91, "id": 3108326, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2023-07-19 04:20:44", "update_id": 526073, "user_id": 91, "id": 3109970, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "redis-7.0.12-1.fc37", "signed": true, "release_id": 62, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2221662, "title": "CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries", "security": true, "parent": true, "feedback": []}, {"bug_id": 2221664, "title": "CVE-2023-36824 redis: heap overflow in COMMAND GETKEYS and ACL evaluation", "security": true, "parent": true, "feedback": []}, {"bug_id": 2222025, "title": "TRIAGE-CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 2222026, "title": "TRIAGE-CVE-2023-36824 redis: heap overflow in COMMAND GETKEYS and ACL evaluation [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2023-800612d23a", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}