This bug was fixed in the package valkey - 7.2.11+dfsg1-0ubuntu0.1
---------------
valkey (7.2.11+dfsg1-0ubuntu0.1) noble; urgency=medium
* New upstream version 7.2.11 (LP: #2127122)
- Security fixes:
+ CVE-2025-49844: Lua script may lead to remote code execution.
+ CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
+ CVE-2025-46818: Lua script can be executed in context of another user.
+ CVE-2025-46819: LUA out-of-bound read.
+ CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
- Bug fixes:
+ Ensure empty error tables in scripts don't crash Valkey.
+ Fix client tracking memory overhead calculation.
+ Fix assumptions that pthread functions set errno.
* d/rules: Increase test timeout during build.
-- Lena Voytek <[email protected]> Sat, 11 Oct 2025 23:49:31
-0400
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127122
Title:
Update Valkey to 7.2.11 in noble, 8.0.6 in plucky, and 8.1.4 in
questing + resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2127122/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
