1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1107211: Bug#1106822: redis: CVE-2025-27151

    From Salvatore Bonaccorso@21:1/5 to Chris Lamb on Wed Jul 23 22:40:01 2025
    Hi,

    On Wed, Jul 23, 2025 at 12:49:16PM -0700, Chris Lamb wrote:
    [adding #1107211 to CC]

    Paul Gevers wrote:

    With this version, isn't CVE-2025-49112 also fixed?

    No, not yet. Or, rather: I'm still either awaiting an upstream "fix"
    and/or waiting for upstream to determine whether it truly is a
    vulnerability at all:

    https://github.com/redis/redis/issues/14199#issuecomment-3076467634

    It is correct that redis upstream vs valkey does classify the issue differently. I think it's perfectly fine to leave this for redis
    unpatched until upstream either say they won't fix it at all or apply
    the hardening.

    valkey has a CVE assigned, but it is defintively low severity.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)