Your message dated Thu, 12 Jun 2025 18:19:27 +0000
with message-id <[email protected]>
and subject line Bug#1107210: fixed in valkey 8.1.1+dfsg1-2
has caused the Debian Bug report #1107210,
regarding valkey: CVE-2025-49112
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107210: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107210
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: valkey
Version: 8.1.1+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2 -3
Control: reassign -2 src:redis 5:8.0.0-2
Control: retitle -2 redis: CVE-2025-49112
Control: reassign -3 src:redict 7.3.2+ds-1
Control: retitle -3 redict: CVE-2025-49112
Control: forwarded -1 https://github.com/valkey-io/valkey/pull/2101
Hi,
The following vulnerability was published for valkey (and same code in
redict, redis seems present, cloning the bug for further evaluation in
the respective sources).
CVE-2025-49112[0]:
| setDeferredReply in networking.c in Valkey through 8.1.1 has an
| integer underflow for prev->size - prev->used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-49112
https://www.cve.org/CVERecord?id=CVE-2025-49112
[1] https://github.com/valkey-io/valkey/pull/2101
[2]
https://github.com/valkey-io/valkey/commit/374718b2a365ca69f715d542709b7d71540b1387
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: valkey
Source-Version: 8.1.1+dfsg1-2
Done: Lucas Kanashiro <[email protected]>
We believe that the bug you reported is fixed in the latest version of
valkey, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lucas Kanashiro <[email protected]> (supplier of updated valkey package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 12 Jun 2025 14:42:42 -0300
Source: valkey
Architecture: source
Version: 8.1.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Lucas Kanashiro <[email protected]>
Changed-By: Lucas Kanashiro <[email protected]>
Closes: 1107210
Changes:
valkey (8.1.1+dfsg1-2) unstable; urgency=medium
.
* Fix CVE-2025-49112 (Closes: #1107210)
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer
underflow for prev->size - prev->used.
- d/p/CVE-2025-49112.patch
Checksums-Sha1:
17b581a5cefaa6cb6d91de7365bfb5561654a801 2243 valkey_8.1.1+dfsg1-2.dsc
40f52feab50d74dc579abf6702429bbd080dce39 2726128 valkey_8.1.1+dfsg1.orig.tar.xz
0768a006b271938a99a075f026e56a8bb5d74729 18028
valkey_8.1.1+dfsg1-2.debian.tar.xz
Checksums-Sha256:
2b20fcb6204e4401034efa8db5614687f3726c2f3dd0941acf437be4a40f6e90 2243
valkey_8.1.1+dfsg1-2.dsc
d9bbd82eecb82f359e649a0007ad3dc1b47cc15afa626348ca86b73c4ae2c7ee 2726128
valkey_8.1.1+dfsg1.orig.tar.xz
4119f4cc7c2f13c32c1528f712097d8b3cae987ee9afda2194b7a98f8b6df986 18028
valkey_8.1.1+dfsg1-2.debian.tar.xz
Files:
d6882829456bece7dd9dcc80bd220516 2243 database optional
valkey_8.1.1+dfsg1-2.dsc
3ec2c18e27d75a0736caa812c2718c41 2726128 database optional
valkey_8.1.1+dfsg1.orig.tar.xz
ab43ad0171a64b47f9d8d05c8fd1d452 18028 database optional
valkey_8.1.1+dfsg1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmhLFUkVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8OTAP/Ah0V5t3TxskrvcA5tKMagacsBtL
y3dvmrzrScYJBW3h7ovlVoq6FIDBaDZ9IMC5wxuqJy649UQ1P+DQdjXiRfgHujzg
dP2bxcoH3njF/o/ZnETygodpKNIBLaYXPrzgKRoB6pU1VEv/kcpnMbv/wZ4s2le5
303RDJtkPo05hju95LFkKt52tXVLIwWTg1SlOacZ+KwUCZ8yrI/78vMds0K21hyN
MI4Fr2f+Jteg/70ohRSOf5SnND4eDjhRE3bnuHAraE0yV/z7skQYFKOdeSTKF1Dd
05lvP+RpZwtYmzXk8OMm7WEudFvJm6ZVNBtLDMHU2vvXBH7EvLg4ecgiamAqvwCz
2fAJITu5jS7kM6DJmNUFpCMz6UuubHK83ZAfoc/KwWwurz+4wJvPXyP84OZ91CxI
xy8zEke8IZroQqPNR8HSmh8Ba3g27VUDc1x8NS1obo/eYviLGOeJzPfw1cqW+4Eq
BgXHbgZr86U+VP+NOc21iFNNzUGNSiKpZPW+MjXpbrKbKg7Tet2oSjKo55rBxZFp
ef5zy3YXGA1sepsKgh4kt+N6IEwTS5pteQlseNFUSs4QtpJgI1LhBrQoagqSVBBB
bQW7lHLdsosngcbJAlgTpqCbZHdOwYxY+D4rW/kMVuh2F3DjPxG6ZFFpDpHyrkRP
0YCQ0Q84JFXr8zr7
=go8N
-----END PGP SIGNATURE-----
pgpnWcefYBKBI.pgp
Description: PGP signature
--- End Message ---
