redis: Refine CVE-2022-0543 status description - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Deepak Rathore <deeratho@cisco.com>	2025-12-18 16:56:19 +0530
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-22 07:49:04 +0530
commit	e76bf51a92b41d4cb185fc164ae43a863910ccd1 (patch)
tree	4baef811de9be35e99463a75f70b01de8078f2d9 /meta-python/recipes-devtools/python/python3-tomli-w
parent	9a4ed6f20f5959a1019f76d43989d1959261f520 (diff)
download	meta-openembedded-e76bf51a92b41d4cb185fc164ae43a863910ccd1.tar.gz

redis: Refine CVE-2022-0543 status description

Refine the CVE_STATUS description for CVE-2022-0543 to provide a more precise explanation of this Debian-specific vulnerability. The vulnerability originates from Debian's packaging methodology, which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack), enabling Lua sandbox escape. Upstream Redis builds, including those built by Yocto/OpenEmbedded, utilize embedded Lua from the deps/ directory and are therefore not affected by this issue. It is also fixed in Debian with this commit: https://salsa.debian.org/lamby/pkg-redis/-/commit/c7fd665150dc4769402cae97d1152b3c6e4366f0 References: - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce - https://nvd.nist.gov/vuln/detail/CVE-2022-0543 Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7675392aa7c1bf27b8993d08936bc4bc84d1508d) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-tomli-w')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: