This bug was fixed in the package valkey - 7.2.12+dfsg1-0ubuntu0.1
---------------
valkey (7.2.12+dfsg1-0ubuntu0.1) noble; urgency=medium
* New upstream version 7.2.12 (LP: #2142590)
- Security fixes:
+ CVE-2025-67733: RESP Protocol Injection via Lua error_reply.
+ CVE-2026-21863: Remote DoS with malformed Valkey Cluster bus message.
- Bug fixes:
+ Fix ltrim should not call signalModifiedKey when no elements are
removed.
+ Fix potential infinite loop in clusterNodeGetMaster.
+ Avoids crash during MODULE UNLOAD when ACL rules reference a module
command and subcommand.
-- Lena Voytek <[email protected]> Tue, 24 Feb 2026 09:01:01
-0500
** Changed in: valkey (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142590
Title:
Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in
resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2142590/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
