Control: tags -1 moreinfo confirmed On 2025-07-08 14:43:54 -0700, Chris Lamb wrote: > Package: release.debian.org > User: [email protected] > Usertags: unblock > > Dear Release Team, > > Please consider pre-approval for redis 5:8.0.2-2
Please go ahead and remove the moreinfo tag once the package is available in unstable. Cheers > > redis (5:8.0.2-2) unstable; urgency=high > > * CVE-2025-32023: An authenticated user may have used a specially-crafted > string to trigger a stack/heap out-of-bounds write during hyperloglog > operations, potentially leading to remote code execution. Installations > that used Redis' ACL system to restrict hyperloglog "HLL" commands are > unaffected by this issue. (Closes: #1108975) > * CVE-2025-48367: An unauthenticated connection could have caused > repeated IP > protocol errors, leading to client starvation and ultimately become a > Denial of Service (DoS) attack. (Closes: #1108981) > > redis (5:8.0.2-1) unstable; urgency=medium > > * New upstream security release: > > - CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof > caused by the use of memcpy with strlen(filepath) when copying a > user-supplied file path into a fixed-size stack buffer. This allowed an > attacker to overflow the stack and potentially achieve arbitrary code > execution. (Closes: #1106822) > > * Update debian/watch to consider 8.x versions again after the recent > licensing change. > > -- Chris Lamb <[email protected]> Fri, 30 May 2025 12:05:58 -0700 > > > The full debdiff is attached. > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` [email protected] / chris-lamb.co.uk > `- > > -- Sebastian Ramacher
