[ubuntu/plucky-proposed] valkey 8.0.6+dfsg1-0ubuntu0.1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Wed Oct 22 18:20:46 UTC 2025 

valkey (8.0.6+dfsg1-0ubuntu0.1) plucky; urgency=medium

  * New upstream version 8.0.6 (LP: #2127122)
    - Security fixes:
      + CVE-2025-49844: Lua script may lead to remote code execution.
      + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
      + CVE-2025-46818: Lua script can be executed in context of another user.
      + CVE-2025-46819: LUA out-of-bound read.
      + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
      + CVE-2025-27151: Check length of AOF file name in valkey-check-aof and
        reject paths longer than PATH_MAX.
    - Bug fixes:
      + Fix accounting for dual channel RDB bytes in replication stats.
      + Fix dual rdb channel connection conn error log.
      + Only mark the client reprocessing flag when unblocked on keys.
      + Fix memory corruption in sharded pubsub unsubscribe.
      + Free module context even if there was no content written in auxsave2.
      + Do not unpause paused clients with client unblock.
      + Fix Detect SSL_new() returning NULL in outgoing connections.
      + Correctly cast the extension lengths.
      + Fix replica can't finish failover when config epoch is outdated.
      + Fix cluster wrong myself port after updating port/tls-port.
      + Ensure empty error tables in scripts don't crash Valkey.
      + Fix client tracking memory overhead calculation.
      + Converge shard-id persisted in nodes.conf to primary's shard id.
      + Fix pre-size hashtables per slot when reading RDB files.
    - Updates:
      + Trigger the election as soon as possible when doing a forced manual
        failover.
      + Make manual failover reset the on-going election to promote failover.
      + Fix logs when failover auth denied due to slot epoch.
    - Features:
      + Add a filter option to drop all cluster packets.

Date: Sat, 11 Oct 2025 23:25:21 -0400
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/valkey/8.0.6+dfsg1-0ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Sat, 11 Oct 2025 23:25:21 -0400
Source: valkey
Built-For-Profiles: noudeb
Architecture: source
Version: 8.0.6+dfsg1-0ubuntu0.1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2127122
Changes:
 valkey (8.0.6+dfsg1-0ubuntu0.1) plucky; urgency=medium
 .
   * New upstream version 8.0.6 (LP: #2127122)
     - Security fixes:
       + CVE-2025-49844: Lua script may lead to remote code execution.
       + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
       + CVE-2025-46818: Lua script can be executed in context of another user.
       + CVE-2025-46819: LUA out-of-bound read.
       + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
       + CVE-2025-27151: Check length of AOF file name in valkey-check-aof and
         reject paths longer than PATH_MAX.
     - Bug fixes:
       + Fix accounting for dual channel RDB bytes in replication stats.
       + Fix dual rdb channel connection conn error log.
       + Only mark the client reprocessing flag when unblocked on keys.
       + Fix memory corruption in sharded pubsub unsubscribe.
       + Free module context even if there was no content written in auxsave2.
       + Do not unpause paused clients with client unblock.
       + Fix Detect SSL_new() returning NULL in outgoing connections.
       + Correctly cast the extension lengths.
       + Fix replica can't finish failover when config epoch is outdated.
       + Fix cluster wrong myself port after updating port/tls-port.
       + Ensure empty error tables in scripts don't crash Valkey.
       + Fix client tracking memory overhead calculation.
       + Converge shard-id persisted in nodes.conf to primary's shard id.
       + Fix pre-size hashtables per slot when reading RDB files.
     - Updates:
       + Trigger the election as soon as possible when doing a forced manual
         failover.
       + Make manual failover reset the on-going election to promote failover.
       + Fix logs when failover auth denied due to slot epoch.
     - Features:
       + Add a filter option to drop all cluster packets.
Checksums-Sha1:
 deef2502d9d0f281364d70ea51416f9138f0831f 2492 valkey_8.0.6+dfsg1-0ubuntu0.1.dsc
 b6bbb38d977b544f221b926499063d5bff8b6371 2609056 valkey_8.0.6+dfsg1.orig.tar.xz
 c578213e489759a54bd8f4966b0a6587741abed0 19424 valkey_8.0.6+dfsg1-0ubuntu0.1.debian.tar.xz
 73d7651835a3d5b0b60daa634ed037b5f2364ced 8075 valkey_8.0.6+dfsg1-0ubuntu0.1_source.buildinfo
Checksums-Sha256:
 8fe980fe2cc8637dcabfcc21b231d2ec9d4cbb5e2abc3fb7dc6cc0ea8506d23a 2492 valkey_8.0.6+dfsg1-0ubuntu0.1.dsc
 bfd8a11678676efc8e36bebfebbaeb02af35b81e7279f507dc967fe763cf2128 2609056 valkey_8.0.6+dfsg1.orig.tar.xz
 dbf6152f5cfd1f9b5914efc5f6736dd7c19715e293b5eaddc8a9c01b2ab4ddc3 19424 valkey_8.0.6+dfsg1-0ubuntu0.1.debian.tar.xz
 d1b90e8b74cf1f6ed9d0df35fc3f96eaf7145c56fede2b8291ec8f298e13589c 8075 valkey_8.0.6+dfsg1-0ubuntu0.1_source.buildinfo
Files:
 1df176c6c54ff51719442f5c5c7701ee 2492 database optional valkey_8.0.6+dfsg1-0ubuntu0.1.dsc
 3db6ced5b2dab8889009f5a32ee81aaf 2609056 database optional valkey_8.0.6+dfsg1.orig.tar.xz
 cdbb967b22cb748e2468668a6970c39c 19424 database optional valkey_8.0.6+dfsg1-0ubuntu0.1.debian.tar.xz
 4662165a7ee20f2281d5d59c2139442b 8075 database optional valkey_8.0.6+dfsg1-0ubuntu0.1_source.buildinfo
Original-Maintainer: Lucas Kanashiro <kanashiro at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/valkey
Vcs-Git-Commit: 3de67f4f9df8423cb9c15cecf63a0c0b26ed345a
Vcs-Git-Ref: refs/heads/backport-lp2127122-plucky

More information about the plucky-changes mailing list