Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted redis 5:8.0.2-3+deb13u2 (source) into stable-security
Date: Sun, 17 May 2026 09:32:47 +0000
Signed by: Aron Xu <aron@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2026 12:00:00 +0800
Source: redis
Architecture: source
Version: 5:8.0.2-3+deb13u2
Distribution: trixie-security
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 redis (5:8.0.2-3+deb13u2) trixie-security; urgency=high
 .
   * CVE-2025-67733: RESP protocol injection via Lua error_reply. A user
     could manipulate data read by a connection by injecting CR/LF
     sequences into a Redis error reply.
   * CVE-2026-21863: Remote DoS with malformed Cluster bus message. A peer
     could send a crafted PING/PONG/MEET packet whose gossip count or
     ping-extension header exceeds the received packet length, causing
     out-of-bounds reads and a server crash.
Checksums-Sha1:
 f8c722edfbccd96f7cc99b8b9eb8f8dad28a06a3 1915 redis_8.0.2-3+deb13u2.dsc
 3237f63978e2df95a119117df087e0d55a52ae02 44020 redis_8.0.2-3+deb13u2.debian.tar.xz
 c17479b85210eb1a1fdfa6f9f96cca67f3c088ee 6098 redis_8.0.2-3+deb13u2_source.buildinfo
Checksums-Sha256:
 10ace3c9e2aaae8f4920906c0869820cac71bc5d83984b4febe114cb52879101 1915 redis_8.0.2-3+deb13u2.dsc
 3384f3beb64638c62b48219c856a7a7424325a08800fd9ba070fb8bf205bfc09 44020 redis_8.0.2-3+deb13u2.debian.tar.xz
 6fbee48e263ca59926f7f31264e4a499467390d9ddf41583aaa648908e1ce1ca 6098 redis_8.0.2-3+deb13u2_source.buildinfo
Files:
 2a49bc3382a192f734a12165095980c0 1915 database optional redis_8.0.2-3+deb13u2.dsc
 6bce5fd239e1a1740cee92a97cad36c6 44020 database optional redis_8.0.2-3+deb13u2.debian.tar.xz
 caeb3299a3de1ee2e3661b353cc12991 6098 database optional redis_8.0.2-3+deb13u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEExq6D0hxncEPaPayX+GQ1dHE8m64FAmoEvHgACgkQ+GQ1dHE8
m64E9wf/agRetBj4Lzme0YF+4Hig3lFQMZpQnRF3zwVMH+fvxWUgm5M5GoZfVUF2
YegL4gurG6OlgFmdCB88Vc2HaC81rLaMFjyh2vpje+21A9eaFyWEr0g1OVglUeKw
NbBuSMkabxoR2Tl6WRazVkxe9eSb7aKG/XN7YZYWNrD0QdaAuAMYjunnJC0nxxbe
4g+dQ1gJkwpLUBk7YVu0n3RASliFphlSjEiBaDWvFj2hfU4wvFDcO7m6fZddV9g3
xoyfUrdzsS/NlOseVI8THnH6XeLBymc6YXBPDk5vnumjLTFe0qnqvRjz/c4uyuJU
ZMxocklpuO6eJmqLXCIBIhzclnotbg==
=XSAc
-----END PGP SIGNATURE-----

News for package redis