Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b08b8e8 by Chris Lamb at 2026-06-09T14:18:16-07:00
Triage CVE-2026-23479 in redis for bullseye LTS.
- - - - -
bf5f9bcd by Chris Lamb at 2026-06-09T14:18:17-07:00
Triage CVE-2026-23631 in redis for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25887,6 +25887,7 @@ CVE-2026-25243 (Redis is an in-memory data structure
store. In versions of redis
CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of
redis-s ...)
[experimental] - redis 5:8.6.3-1
- redis <unfixed>
+ [bullseye] - redis <ignored> (Invasive to backport entire timedOut
mechanism etc.)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826
NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23631-dark-replica
NOTE: Fixed by:
https://github.com/redis/redis/commit/0cca172a174642bdae03b871615227896274d9bb
(8.6.3)
@@ -25894,6 +25895,7 @@ CVE-2026-23631 (Redis is an in-memory data structure
store. In all versions of r
CVE-2026-23479 (Redis is an in-memory data structure store. In redis-server
from 7.2.0 ...)
[experimental] - redis 5:8.6.3-1
- redis <unfixed>
+ [bullseye] - redis <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3
NOTE: https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive
NOTE: Fixed by:
https://github.com/redis/redis/commit/c14e9925e571c3c8ecbeb8632fe834faa32175ea
(8.6.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f5fcdc41c75cecb4457dbb3b27bda879baf575d6...bf5f9bcdfef9ae79278571fc2e8ad108c980c24c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits