Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b08b8e8 by Chris Lamb at 2026-06-09T14:18:16-07:00
Triage CVE-2026-23479 in redis for bullseye LTS.

- - - - -
bf5f9bcd by Chris Lamb at 2026-06-09T14:18:17-07:00
Triage CVE-2026-23631 in redis for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25887,6 +25887,7 @@ CVE-2026-25243 (Redis is an in-memory data structure 
store. In versions of redis
 CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of 
redis-s ...)
        [experimental] - redis 5:8.6.3-1
        - redis <unfixed>
+       [bullseye] - redis <ignored> (Invasive to backport entire timedOut 
mechanism etc.)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826
        NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23631-dark-replica
        NOTE: Fixed by: 
https://github.com/redis/redis/commit/0cca172a174642bdae03b871615227896274d9bb 
(8.6.3)
@@ -25894,6 +25895,7 @@ CVE-2026-23631 (Redis is an in-memory data structure 
store. In all versions of r
 CVE-2026-23479 (Redis is an in-memory data structure store. In redis-server 
from 7.2.0 ...)
        [experimental] - redis 5:8.6.3-1
        - redis <unfixed>
+       [bullseye] - redis <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3
        NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive
        NOTE: Fixed by: 
https://github.com/redis/redis/commit/c14e9925e571c3c8ecbeb8632fe834faa32175ea 
(8.6.3)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to