Your message dated Mon, 09 Jun 2025 12:49:07 +0000
with message-id <[email protected]>
and subject line Bug#1106824: fixed in valkey 8.1.1+dfsg1-1.1
has caused the Debian Bug report #1106824,
regarding valkey: CVE-2025-27151
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1106824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: valkey
Version: 8.1.1+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for valkey.
CVE-2025-27151[0]:
| Redis is an open source, in-memory database that persists on disk.
| In versions starting from 7.0.0 to before 8.0.2, a stack-based
| buffer overflow exists in redis-check-aof due to the use of memcpy
| with strlen(filepath) when copying a user-supplied file path into a
| fixed-size stack buffer. This allows an attacker to overflow the
| stack and potentially achieve code execution. This issue has been
| patched in version 8.0.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-27151
https://www.cve.org/CVERecord?id=CVE-2025-27151
[1] https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
[2]
https://github.com/valkey-io/valkey/commit/73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: valkey
Source-Version: 8.1.1+dfsg1-1.1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
valkey, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated valkey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 09 Jun 2025 10:47:39 +0200
Source: valkey
Architecture: source
Version: 8.1.1+dfsg1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Lucas Kanashiro <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1106824
Changes:
valkey (8.1.1+dfsg1-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Check length of AOF file name in valkey-check-aof (CVE-2025-27151)
(Closes: #1106824)
Checksums-Sha1:
1b270db11d8930d51866cb34d04331e8e43517aa 2377 valkey_8.1.1+dfsg1-1.1.dsc
f63e23c9ca6a6ae6fff741bb51e44feaf55d0e41 17096
valkey_8.1.1+dfsg1-1.1.debian.tar.xz
Checksums-Sha256:
a3816b9362f7cd4fcd2ddd8b39dcb831e2314994e398a1e6831e22f3c51c3b15 2377
valkey_8.1.1+dfsg1-1.1.dsc
afa50c9ccba1891237ea3f2c5bcba79027d6a565d6024480156b32c8a1361bec 17096
valkey_8.1.1+dfsg1-1.1.debian.tar.xz
Files:
cc62af5c46aeb6b429c1e7b98e217d04 2377 database optional
valkey_8.1.1+dfsg1-1.1.dsc
89f1240c715da9997a77ff139476c0e3 17096 database optional
valkey_8.1.1+dfsg1-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhGotlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcVkP/jxWnXDqciGQU3UOhRsHRkMcIVxQit8s
RO/2Jp9mjOP9VktkPQ2AIoLkktX3JL12UQVYwe7+iVcjnqLP8XR1VLcslA3K8i1g
Elw0qNmT4BUqBWLZO7OVoQmZyLRLCMg/cZtXQbERxqUrv5xB0pLusLXLSZk8qweU
/G+OdBenDH5kZ6meqBRYWs4Qszimqy1/uPgUARF71DnNL6e+9RdaPIsKZ9KYqqzp
y3iV0ToYhs8AurJ6CSqAZnvwwqyt+WyV0t078AgPF2qeeqtw5H5fZsaSmKE37Mty
At1O5Jx4O3Wic+6gzLn0/lbLQyQuWtJ8vyEvj/39Z7u4HkHoRls9AXba9qM2N/SZ
3i+h+c28Mnsu1sERCGaDPYdiIy6AlFCEZcFWN9O2j9sJDownsw6sbmNxTymQYqlx
Cmb+J0/ONkQ3GlS8eTN2lo94wlLRprhxL38T1VA4tlDdutNwRDcge2hKPiQO+op0
PHA82/wgHjq3g+x4afoH+VnEVzfTARGNKdVBnJwB5+CCA5r+6ab6usvEAV/iM632
O7wb5ZLhEol0N8aDK++1Ob6hOULnjzwVzUsuNVRAslH1quNgmT4yjA4RQd/oHdyU
ujfcxNnewEJ1ngxA8isFS4/98Iff/0T0Al+kgMRBqFAPhfK4yWOUUf0O0IR837t7
q7hPlha1dVdz
=C9y4
-----END PGP SIGNATURE-----
pgpeK9eC4KRf_.pgp
Description: PGP signature
--- End Message ---
