[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted redis 5:7.0.15-1~deb12u5 (source amd64 all) into proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Jul 2025 13:01:37 -0700
Source: redis
Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym
Built-For-Profiles: nocheck
Architecture: source amd64 all
Version: 5:7.0.15-1~deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 redis      - Persistent key-value database with network interface (metapackage
 redis-sentinel - Persistent key-value database with network interface (monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 1106822 1108975 1108981
Changes:
 redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high
 .
   * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
     caused by the use of memcpy with strlen(filepath) when copying a
     user-supplied file path into a fixed-size stack buffer. This allowed an
     attacker to overflow the stack and potentially achieve arbitrary code
     execution. (Closes: #1106822)
   * CVE-2025-32023: An authenticated user may have used a specially-crafted
     string to trigger a stack/heap out-of-bounds write during hyperloglog
     operations, potentially leading to remote code execution. Installations
     that used Redis' ACL system to restrict hyperloglog "HLL" commands are
     unaffected by this issue. (Closes: #1108975)
   * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
     protocol errors, leading to client starvation and ultimately become a
     Denial of Service (DoS) attack. (Closes: #1108981)
Checksums-Sha1:
 18a4842a7e7edcb2cce74bfdc44339b9599fd01f 2305 redis_7.0.15-1~deb12u5.dsc
 acb9e167a849f2e52c11c119b3f6d075a155a8db 35752 redis_7.0.15-1~deb12u5.debian.tar.xz
 47746ad01601dd8792d776b2f1cee0e48c8cfb3f 34244 redis-sentinel_7.0.15-1~deb12u5_amd64.deb
 f927d303f747c43a64d99c78b629e2967135d42c 73036 redis-server_7.0.15-1~deb12u5_amd64.deb
 734a4248e4bd09ccb1e876831488ca42e723c39c 2781548 redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb
 58110254c908802e75aa3c5c2110e1dd10b2dc04 990064 redis-tools_7.0.15-1~deb12u5_amd64.deb
 32bfb234b609f856eb8b93752a86c79ce066861d 25188 redis_7.0.15-1~deb12u5_all.deb
 d1d314a4c5f5e2b951868e67f66f6139ad30f93b 8054 redis_7.0.15-1~deb12u5_amd64.buildinfo
Checksums-Sha256:
 3757314faf89ff571d4a4231fd37980e1eaec31077aa2ecf8d7edcefd3b7d65d 2305 redis_7.0.15-1~deb12u5.dsc
 e1702e67e26fe8635031e0bb1f4c70715ef977f305bedc49cc8638fae4605871 35752 redis_7.0.15-1~deb12u5.debian.tar.xz
 9112e1810c451d9723b6c797f702e526984ad40b14c2d5475dfb96c941c04697 34244 redis-sentinel_7.0.15-1~deb12u5_amd64.deb
 6e97c13c2af60a74e0e8bd636c04a6bc20645e2712b40ff9bf147fc43732b1e3 73036 redis-server_7.0.15-1~deb12u5_amd64.deb
 10b41e16f485d28b00f81f06302d1756329d18aa0a2a2e74f5a3ab8c5f3d8b95 2781548 redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb
 64999150bd1227846578f80af90a4a900eab024fb004162dd120b7b70fc5a893 990064 redis-tools_7.0.15-1~deb12u5_amd64.deb
 ad610f5b96e4f96dd1808b130bd30c102c2f134e5a45f5759f543e15f2ee3d5f 25188 redis_7.0.15-1~deb12u5_all.deb
 9a4144e1da161678c66382f52799533807f75b96023a1774f4f77050c1472356 8054 redis_7.0.15-1~deb12u5_amd64.buildinfo
Files:
 30ee6f3fbd0ff5f7b44985fd7cbe59fd 2305 database optional redis_7.0.15-1~deb12u5.dsc
 c864385b8633652a2c3b8df6594db0a7 35752 database optional redis_7.0.15-1~deb12u5.debian.tar.xz
 189f7807dec379075ef1c8b89099c8ef 34244 database optional redis-sentinel_7.0.15-1~deb12u5_amd64.deb
 e478c38b1eb489df52f6c1385476a285 73036 database optional redis-server_7.0.15-1~deb12u5_amd64.deb
 6c8b52b219e7174b1e5c02f0191e174b 2781548 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb
 1936a64d0a30b8dd45708d3ee38ea9c3 990064 database optional redis-tools_7.0.15-1~deb12u5_amd64.deb
 1189a4b72239d7457477053ee649aee2 25188 database optional redis_7.0.15-1~deb12u5_all.deb
 2b1158a73915a7ff0cad39448d26ad92 8054 database optional redis_7.0.15-1~deb12u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmiH5uAACgkQHpU+J9Qx
Hljwdg//dPLtuOpLyK9C/fxAwUIOqQrPfplxUPyPTCEgDtxpoqJgY5wttaiIM+ye
k0m7HZA95QZjLNLCYYQDNuFTsOgCUiJTWo5YipHs/HpApuv9VohZ/eBcVrrpZ9Dq
qfQNdjZhJ5Od9ifA6ZS6UQT8XiARN5GvYl5H0tW2UndkhTqwOaR4IgEoxbmSeaw9
wUqBDqqk1kd7VCT83f8KcsIsSzvDjuJrirpNaB+HY211450IgKXLDCB34AeXH+6Q
LJfQj0lTwNo09NzHNgqVTpU+644N2IfVpjMhPEoLXqshFhHkpDyjqe86WuRXlpIr
nFZ0M502uhdCwhyk2RI+jwQojeudyeaV6D0eUQwWpsM9cOjOFYbCNjAUWiYs9mc+
FMA3N9bYwbL09FUfAkKxQeFnftrb/aaJOwD5dCFoD4mfI4As5Jij5Eh4cJkakZFi
Q/UiFVT0EOh0618pohD3cnrbEFhbX/qZOk+OrvEBxiOF8IazFKEr1wl/Y8UkqErQ
LCzsAO0TqWJEPNeaaoi7yH34JOhN8vTPGCa0bJE71UObBxcuUTVNPZQ/Ihz9RO6Q
gBgSEvpBxC+VyVnmDQ60kZ+79i1GytYu0jOmkqb+EoPMVuSihmfKGq5d/mcPn5Fv
DXIAfzslpfGAI0D4Hj2ZvafJXmaYNIhyWsIy72GlZHwrFhJDZNA=
=bTh8
-----END PGP SIGNATURE-----

Attachment: pgp2rxgh7ykfh.pgp
Description: PGP signature

Reply to: