Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Dear Release Team, Please consider pre-approval for redis 5:8.0.2-2: redis (5:8.0.2-2) unstable; urgency=high * CVE-2025-32023: An authenticated user may have used a specially-crafted string to trigger a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution. Installations that used Redis' ACL system to restrict hyperloglog "HLL" commands are unaffected by this issue. (Closes: #1108975) * CVE-2025-48367: An unauthenticated connection could have caused repeated IP protocol errors, leading to client starvation and ultimately become a Denial of Service (DoS) attack. (Closes: #1108981) redis (5:8.0.2-1) unstable; urgency=medium * New upstream security release: - CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof caused by the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allowed an attacker to overflow the stack and potentially achieve arbitrary code execution. (Closes: #1106822) * Update debian/watch to consider 8.x versions again after the recent licensing change. -- Chris Lamb <lamby@debian.org> Fri, 30 May 2025 12:05:58 -0700 The full debdiff is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `-
Attachment:
debdiff
Description: Binary data