CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,042 Commits 63 Branches 0 Tags 91 MiB
BitBake 71.9%
C++ 6.9%
Shell 6.5%
C 3.2%
Roff 2.3%
Other 9%
6be10fe608
Go to file
Armin Kuster 6be10fe608 redis: update to 5.0.14 
Bug fix only updates. see: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

Including these cves:

5.0.14
Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
overflow [reported by Meir Shpilraien].

5.0.11
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.

5.0.10
This release fixes a potential heap overflow when using a heap allocator other
than jemalloc or glibc's malloc. See:
https://github.com/redis/redis/pull/7963

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-10-29 07:34:58 -07:00
contrib tesseract: upgrade to 3.04 2016-10-21 18:20:43 +02:00
meta-filesystems fuse: Whitelisted CVE-2019-14860 2021-05-14 10:03:51 -07:00
meta-gnome sysprof: Enable sysprofd/libsysprof only when polkit in DISTRO_FEATURES 2021-07-12 06:49:51 -07:00
meta-initramfs ubi-utils-klibc: Remove trailing slash from S 2020-11-09 18:56:22 -08:00
meta-multimedia bigbuckbunny-1080p: fix sample video URL 2021-08-14 13:45:08 -07:00
meta-networking tcpdump: Update CVE-2020-8037 tag 2021-10-01 14:49:10 -07:00
meta-oe redis: update to 5.0.14 2021-10-29 07:34:58 -07:00
meta-perl libnet-dns-perl: upgrade 1.23 -> 1.24 2020-06-12 09:32:24 -07:00
meta-python python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oe 2021-07-25 13:36:16 -07:00
meta-webserver Apache: Several CVE fixes 2021-10-28 21:13:40 -07:00
meta-xfce thunar: upgrade 1.8.14 -> 1.8.15 2020-05-28 21:50:13 -07:00
.gitignore .gitignore: add *.pyc and *.pyo 2019-06-15 16:45:33 -07:00
COPYING.MIT add README and license for this layer 2011-02-13 16:47:32 +01:00
README README: updated Maintainers list for Dunfell 2020-05-05 16:47:34 -07:00

README 

Collection of layers for the OE-core universe

dunfell maintainer: Armin Kuster  <akuster808@gmail.com>

This repository is a collection of layers to suppliment OE-Core
with additional packages, Each layer have designated maintainer
Please see the respective READMEs in the layer subdirectories