redis: Refine CVE-2022-0543 status description - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Deepak Rathore <deeratho@cisco.com>	2025-12-04 09:25:10 -0800
committer	Khem Raj <raj.khem@gmail.com>	2025-12-05 10:13:23 -0800
commit	7675392aa7c1bf27b8993d08936bc4bc84d1508d (patch)
tree	02620f6250d6b15d4a7bdb25acc4331ac41e64d9 /meta-python/recipes-devtools/python/python3-kivy/0001-Remove-old-Python-2-long-from-Cython-files-fixes-bui.patch
parent	331126a6d0a48ebcf12069df554b3abacaeb512a (diff)
download	meta-openembedded-7675392aa7c1bf27b8993d08936bc4bc84d1508d.tar.gz

redis: Refine CVE-2022-0543 status description

Refine the CVE_STATUS description for CVE-2022-0543 to provide a more precise explanation of this Debian-specific vulnerability. The vulnerability originates from Debian's packaging methodology, which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack), enabling Lua sandbox escape. Upstream Redis builds, including those built by Yocto/OpenEmbedded, utilize embedded Lua from the deps/ directory and are therefore not affected by this issue. It is also fixed in Debian with this commit: https://salsa.debian.org/lamby/pkg-redis/-/commit/c7fd665150dc4769402cae97d1152b3c6e4366f0 References: - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce - https://nvd.nist.gov/vuln/detail/CVE-2022-0543 Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-kivy/0001-Remove-old-Python-2-long-from-Cython-files-fixes-bui.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: