[Git][security-tracker-team/security-tracker][master] Add two new valkey issues (and mirror to redis and redict)

Tue, 24 Feb 2026 12:02:50 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
af50b0ef by Salvatore Bonaccorso at 2026-02-24T21:01:15+01:00
Add two new valkey issues (and mirror to redis and redict)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -503,7 +503,11 @@ CVE-2026-23521 (Versions of the Traccar open-source GPS 
tracking system up to an
 CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a 
Bloom Filter ...)
        NOT-FOR-US: Valkey-Bloom
 CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions 
9.0.2, 8 ...)
-       TODO: check
+       - redis <unfixed>
+       - redict <unfixed>
+       - valkey <unfixed>
+       NOTE: 
https://github.com/valkey-io/valkey/security/advisories/GHSA-c677-q3wr-gggq
+       NOTE: Fixed by: 
https://github.com/valkey-io/valkey/commit/416939303d2550aefff73ac180f41b84c12ba6c0
 (8.1.6)
 CVE-2026-21665 (The Print Service component of Fiserv Originate Loans 
Peripherals (for ...)
        NOT-FOR-US: Fiserv Originate Loans Peripherals
 CVE-2026-1459 (A post-authentication command injection vulnerability in the 
TR-369 ce ...)
@@ -537,7 +541,11 @@ CVE-2025-69208 (free5GC UDR is the user data repository 
(UDR) for free5GC, an an
 CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to 
and incl ...)
        NOT-FOR-US: Traccar
 CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 
9.0.2, 8 ...)
-       TODO: check
+       - redis <unfixed>
+       - redict <unfixed>
+       - valkey <unfixed>
+       NOTE: 
https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m
+       NOTE: Fixed by: 
https://github.com/valkey-io/valkey/commit/3d7598e8c7db4857a0e76582861dec14b555c343
 (8.1.6)
 CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability 
exists in Ser ...)
        NOT-FOR-US: SolarWinds
 CVE-2025-40540 (A type confusion vulnerability exists in Serv-U which when 
exploited,  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af50b0ef1018b8ae0a6132b408075245cfe2cb0a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af50b0ef1018b8ae0a6132b408075245cfe2cb0a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to