summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python-django.inc
diff options
context:
space:
mode:
authorTony Tascioglu <tony.tascioglu@windriver.com>2021-07-16 11:47:33 -0700
committerArmin Kuster <akuster808@gmail.com>2021-07-17 16:14:06 -0700
commitffb3fbb6fec1ba31192b1b54a25fbf75e904f6b4 (patch)
tree3a2c98613216056c46e045dbefaea9c724303eab /meta-python/recipes-devtools/python/python-django.inc
parent5865a7684755011d45c4f51d4227851c641d9eea (diff)
downloadmeta-openembedded-ffb3fbb6fec1ba31192b1b54a25fbf75e904f6b4.tar.gz
redis: fix CVE-2021-29478
This patch backports the fix for CVE-2021-29478 CVE: CVE-2021-29478 Upstream-Status: Backport [https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592] An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python-django.inc')
0 files changed, 0 insertions, 0 deletions