Bug#1108985: marked as done (unblock/preapproval: redis/5:8.0.2-2)

To: Paul Gevers <elbrus@debian.org>
Subject: Bug#1108985: marked as done (unblock/preapproval: redis/5:8.0.2-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 18 Jul 2025 15:45:04 +0000
Message-id: <[🔎] handler.1108985.D1108985.17528534413806565.ackdone@bugs.debian.org>
Reply-to: 1108985@bugs.debian.org
References: <E1ucnFf-006SDs-0y@respighi.debian.org> <[🔎] 175201086435.29960.15162740343345621902@copycat>

Your message dated Fri, 18 Jul 2025 15:43:59 +0000
with message-id <E1ucnFf-006SDs-0y@respighi.debian.org>
and subject line unblock redis
has caused the Debian Bug report #1108985,
regarding unblock/preapproval: redis/5:8.0.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1108985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108985
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: unblock/preapproval: redis/5:8.0.2-2
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 08 Jul 2025 14:43:54 -0700
Message-id: <[🔎] 175201086435.29960.15162740343345621902@copycat>

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

Please consider pre-approval for redis 5:8.0.2-2:

  redis (5:8.0.2-2) unstable; urgency=high

    * CVE-2025-32023: An authenticated user may have used a specially-crafted
      string to trigger a stack/heap out-of-bounds write during hyperloglog
      operations, potentially leading to remote code execution. Installations
      that used Redis' ACL system to restrict hyperloglog "HLL" commands are
      unaffected by this issue. (Closes: #1108975)
    * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
      protocol errors, leading to client starvation and ultimately become a
      Denial of Service (DoS) attack. (Closes: #1108981)

redis (5:8.0.2-1) unstable; urgency=medium

  * New upstream security release:

    - CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
      caused by the use of memcpy with strlen(filepath) when copying a
      user-supplied file path into a fixed-size stack buffer. This allowed an
      attacker to overflow the stack and potentially achieve arbitrary code
      execution. (Closes: #1106822)

  * Update debian/watch to consider 8.x versions again after the recent
    licensing change.

 -- Chris Lamb <lamby@debian.org>  Fri, 30 May 2025 12:05:58 -0700


The full debdiff is attached.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Attachment: debdiff
Description: Binary data

--- End Message ---

--- Begin Message ---

To: 1108985-done@bugs.debian.org

Subject: unblock redis

From: Paul Gevers <elbrus@debian.org>

Date: Fri, 18 Jul 2025 15:43:59 +0000

Message-id: <E1ucnFf-006SDs-0y@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#1108985: unblock/preapproval: redis/5:8.0.2-2
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Bug#1108167: unblock: xfce-polkit/0.3+v20220621-1
Next by Date: Processed: unblock: hunspell-ar/3.5.2014-11-08-5
Previous by thread: Processed: Re: Bug#1108985: unblock/preapproval: redis/5:8.0.2-2
Next by thread: Bug#1108491: unblock: borgbackup/1.4.1-4
Index(es):
- Date
- Thread