Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted redis 5:7.0.15-1~deb12u7 (source) into oldstable-security
Date: Sun, 17 May 2026 09:32:38 +0000
Signed by: Aron Xu <aron@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2026 12:00:00 +0800
Source: redis
Architecture: source
Version: 5:7.0.15-1~deb12u7
Distribution: bookworm-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 redis (5:7.0.15-1~deb12u7) bookworm-security; urgency=high
 .
   * CVE-2025-67733: RESP protocol injection via Lua error_reply. A user
     could manipulate data read by a connection by injecting CR/LF
     sequences into a Redis error reply.
     6910256443c7 ("Strip CRLF from error and simple string replies").
   * CVE-2026-21863: Remote DoS with malformed Cluster bus message. A peer
     could send a crafted PING/PONG/MEET packet whose gossip count or
     ping-extension header exceeds the received packet length, causing
     out-of-bounds reads and a server crash.
Checksums-Sha1:
 8c5fbe91f7cb1e981267ea0c083d4fefa8293384 1960 redis_7.0.15-1~deb12u7.dsc
 1fec4ec138faebe239bb066d1ca4b76adcc2313c 45456 redis_7.0.15-1~deb12u7.debian.tar.xz
 5748793f8c933868e17ff255d2eb11b40fd11c5a 6102 redis_7.0.15-1~deb12u7_source.buildinfo
Checksums-Sha256:
 700c69619407c47eb51f015752bd3214256932f5e04a7f064a1fdef24c011319 1960 redis_7.0.15-1~deb12u7.dsc
 1414177085364a374a89de565845dbb9798ef46c8a91a2726e4485a376b6b9ec 45456 redis_7.0.15-1~deb12u7.debian.tar.xz
 cc1675181845fac105c50969c3cee79fca72ae3ea0e477e357e9f500f27e89a9 6102 redis_7.0.15-1~deb12u7_source.buildinfo
Files:
 49087e4431138b82c37e1976d9e72420 1960 database optional redis_7.0.15-1~deb12u7.dsc
 b0451044c441f174a9d969f62c668666 45456 database optional redis_7.0.15-1~deb12u7.debian.tar.xz
 447a38050423e1fe2460df8e1f0bd11d 6102 database optional redis_7.0.15-1~deb12u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEExq6D0hxncEPaPayX+GQ1dHE8m64FAmoEvGMACgkQ+GQ1dHE8
m66CvAf/eDJktQj3b0xtSt8wFK29Bfw9oMUZ7u0IJsDAZ8Y6PduBf+g4UA8pdh6O
dcBVy7DTzg03Cj23oaI08ZryLJlYKc2ASXlhWmq36j7C/nAgaFJEld5smidQZKHm
qShpRHba4Hmg7CSZtAukNQHI7triy9gNNIdEtg1AGUvjamG7JAomFa4POwFXoObP
Sphoo5QTsf7WvkEyb5TXvCwDHYAAhNzyFyu55IYSE6xqqOQ6iyxtOQ7Bz+WY7bui
yCQgm8vgT0TytwLosY89+77bVx1u5cjCg1mrQQS+OzP4+DRpjv7nXtutNKKr042i
OI+fexuQiLBUhxjqArV/iPekGMNh3A==
=t41v
-----END PGP SIGNATURE-----

News for package redis