[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1108985: unblock/preapproval: redis/5:8.0.2-2



Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

Please consider pre-approval for redis 5:8.0.2-2:

  redis (5:8.0.2-2) unstable; urgency=high

    * CVE-2025-32023: An authenticated user may have used a specially-crafted
      string to trigger a stack/heap out-of-bounds write during hyperloglog
      operations, potentially leading to remote code execution. Installations
      that used Redis' ACL system to restrict hyperloglog "HLL" commands are
      unaffected by this issue. (Closes: #1108975)
    * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
      protocol errors, leading to client starvation and ultimately become a
      Denial of Service (DoS) attack. (Closes: #1108981)

redis (5:8.0.2-1) unstable; urgency=medium

  * New upstream security release:

    - CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
      caused by the use of memcpy with strlen(filepath) when copying a
      user-supplied file path into a fixed-size stack buffer. This allowed an
      attacker to overflow the stack and potentially achieve arbitrary code
      execution. (Closes: #1106822)

  * Update debian/watch to consider 8.x versions again after the recent
    licensing change.

 -- Chris Lamb <lamby@debian.org>  Fri, 30 May 2025 12:05:58 -0700


The full debdiff is attached.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-


Attachment: debdiff
Description: Binary data


Reply to: