---
- branch: MAIN
  date: Tue Jan 17 11:05:57 UTC 2023
  files:
  - new: '1.77'
    old: '1.76'
    path: pkgsrc/databases/redis/Makefile
    pathrev: pkgsrc/databases/redis/Makefile@1.77
    type: modified
  - new: '1.70'
    old: '1.69'
    path: pkgsrc/databases/redis/distinfo
    pathrev: pkgsrc/databases/redis/distinfo@1.70
    type: modified
  id: 20230117T110557Z.6ed54f2775337290934849ac2ce0f37222dec342
  log: |
    redis: updated to 7.0.8

    Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023

    Upgrade urgency: SECURITY, contains fixes to security issues.

    Security Fixes:
    * (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
      commands can drive Redis to OOM panic
    * (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
      commands can lead to denial-of-service

    Bug Fixes
    * Avoid possible hang when client issues long KEYS, SRANDMEMBER, HRANDFIELD,
      and ZRANDMEMBER commands and gets disconnected by client output buffer limit
    * Make sure that fork child doesn't do incremental rehashing
    * Fix a bug where blocking commands with a sub-second timeout would block forever
    * Fix sentinel issue if replica changes IP
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/databases/redis'
  unixtime: '1673953557'
  user: adam