Backporting CVE-2021-32675 to Redis 4?
16 views
Skip to first unread message
markus-z
Oct 22, 2021, 7:24:03 AM10/22/21
to Redis DB
I'm trying to backport the Redis 5 fix for CVE-2021-32675 for Redis 4 for myself
and I'm unclear if I'm doing the right thing and would appreciate advice.
I cherry-picked https://github.com/redis/redis/commit/71be97294 and it applied
cleanly, but the build fails because the third argument for `setProtocolError` is not
set, so I used `pos` for it, which satisfies the build.
My open questions are:
1) Is `pos` the correct value for the 3 argument or should it be `0` or something else
2) Is that enough to patch CVE-2021-32675 for Redis 4?
Thanks in advance,
Markus
Reply all
Reply to author
Forward
0 new messages