Bug#1108985: unblock/preapproval: redis/5:8.0.2-2
Control: tags -1 moreinfo confirmed
On 2025-07-08 14:43:54 -0700, Chris Lamb wrote:
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Dear Release Team,
>
> Please consider pre-approval for redis 5:8.0.2-2
Please go ahead and remove the moreinfo tag once the package is
available in unstable.
Cheers
>
> redis (5:8.0.2-2) unstable; urgency=high
>
> * CVE-2025-32023: An authenticated user may have used a specially-crafted
> string to trigger a stack/heap out-of-bounds write during hyperloglog
> operations, potentially leading to remote code execution. Installations
> that used Redis' ACL system to restrict hyperloglog "HLL" commands are
> unaffected by this issue. (Closes: #1108975)
> * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
> protocol errors, leading to client starvation and ultimately become a
> Denial of Service (DoS) attack. (Closes: #1108981)
>
> redis (5:8.0.2-1) unstable; urgency=medium
>
> * New upstream security release:
>
> - CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
> caused by the use of memcpy with strlen(filepath) when copying a
> user-supplied file path into a fixed-size stack buffer. This allowed an
> attacker to overflow the stack and potentially achieve arbitrary code
> execution. (Closes: #1106822)
>
> * Update debian/watch to consider 8.x versions again after the recent
> licensing change.
>
> -- Chris Lamb <lamby@debian.org> Fri, 30 May 2025 12:05:58 -0700
>
>
> The full debdiff is attached.
>
>
> Regards,
>
> --
> ,''`.
> : :' : Chris Lamb
> `. `'` lamby@debian.org / chris-lamb.co.uk
> `-
>
>
--
Sebastian Ramacher
Reply to: