[ubuntu/questing-proposed] valkey 8.1.4+dfsg1-0ubuntu0.1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Wed Oct 22 18:20:45 UTC 2025 

valkey (8.1.4+dfsg1-0ubuntu0.1) questing; urgency=medium

  * New upstream version 8.1.4 (LP: #2127122)
    - Security fixes:
      + CVE-2025-49844: Lua script may lead to remote code execution.
      + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
      + CVE-2025-46818: Lua script can be executed in context of another user.
      + CVE-2025-46819: LUA out-of-bound read
      + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
    - Bug fixes:
      + Fix accounting for dual channel RDB bytes in replication stats.
      + Ensure empty error tables in scripts don't crash Valkey.
      + Fix use-after-free when active expiration triggers hashtable to shrink.
      + Fix memory usage to consider embedded keys.
      + Fix leak when shrinking a hashtable without entries.
      + Fix large allocations crashing Valkey during active defrag.
      + Prevent bad memory access when NOTOUCH client gets unblocked.
      + Converge shard-id persisted in nodes.conf to primary's shard id.
      + Fix client tracking memory overhead calculation.
      + Fix pre-size hashtables per slot when reading RDB files.
      + Don't use AVX2 instructions if the CPU don't support it.
      + Defrag if slab 1/8 full to fix defrag didn't stop issue.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-49112.patch
    - d/p/fix-8.1.x-multi-unit-test.patch

Date: Sat, 11 Oct 2025 22:37:19 -0400
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/valkey/8.1.4+dfsg1-0ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Sat, 11 Oct 2025 22:37:19 -0400
Source: valkey
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.4+dfsg1-0ubuntu0.1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2127122
Changes:
 valkey (8.1.4+dfsg1-0ubuntu0.1) questing; urgency=medium
 .
   * New upstream version 8.1.4 (LP: #2127122)
     - Security fixes:
       + CVE-2025-49844: Lua script may lead to remote code execution.
       + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
       + CVE-2025-46818: Lua script can be executed in context of another user.
       + CVE-2025-46819: LUA out-of-bound read
       + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
     - Bug fixes:
       + Fix accounting for dual channel RDB bytes in replication stats.
       + Ensure empty error tables in scripts don't crash Valkey.
       + Fix use-after-free when active expiration triggers hashtable to shrink.
       + Fix memory usage to consider embedded keys.
       + Fix leak when shrinking a hashtable without entries.
       + Fix large allocations crashing Valkey during active defrag.
       + Prevent bad memory access when NOTOUCH client gets unblocked.
       + Converge shard-id persisted in nodes.conf to primary's shard id.
       + Fix client tracking memory overhead calculation.
       + Fix pre-size hashtables per slot when reading RDB files.
       + Don't use AVX2 instructions if the CPU don't support it.
       + Defrag if slab 1/8 full to fix defrag didn't stop issue.
   * Remove patches fixed upstream:
     - d/p/CVE-2025-49112.patch
     - d/p/fix-8.1.x-multi-unit-test.patch
Checksums-Sha1:
 04ff639594a5bcd28287315de77123f68ae95565 2366 valkey_8.1.4+dfsg1-0ubuntu0.1.dsc
 140b9e971885fbd6334a6e7272b8d29491a398ff 2732800 valkey_8.1.4+dfsg1.orig.tar.xz
 d46b9e47834f4c6329a1e274e38c896b7baf2de7 18804 valkey_8.1.4+dfsg1-0ubuntu0.1.debian.tar.xz
 952f48656cca400052d1c4dda0b1902470d334d8 8075 valkey_8.1.4+dfsg1-0ubuntu0.1_source.buildinfo
Checksums-Sha256:
 25f298bb7b4025933bcc6677f925c058590ede5f9cf54b10129031fe68359290 2366 valkey_8.1.4+dfsg1-0ubuntu0.1.dsc
 736862093c5f21a1f75c22565ebe4fa8aeb1cc162221af5e2fe24b41409c3dec 2732800 valkey_8.1.4+dfsg1.orig.tar.xz
 a1e4e8700db43d5f3638831b8c61f913a9aabd8db9e90bfc4935d8ec35a690f9 18804 valkey_8.1.4+dfsg1-0ubuntu0.1.debian.tar.xz
 d9e84e2a6fad3840786a41da751e0b4d832c6cb3a1c6bcabedce0097d637e9ae 8075 valkey_8.1.4+dfsg1-0ubuntu0.1_source.buildinfo
Files:
 651ad28825cafddc1a2ec03130384568 2366 database optional valkey_8.1.4+dfsg1-0ubuntu0.1.dsc
 92063b48c4c079e01137024de6cdb700 2732800 database optional valkey_8.1.4+dfsg1.orig.tar.xz
 4f094b6d203d572551bf4d8d336989a4 18804 database optional valkey_8.1.4+dfsg1-0ubuntu0.1.debian.tar.xz
 29db4cbe11f0102392c3792d2442760c 8075 database optional valkey_8.1.4+dfsg1-0ubuntu0.1_source.buildinfo
Original-Maintainer: Lucas Kanashiro <kanashiro at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/valkey
Vcs-Git-Commit: bf3aae563d606e73d00ca9399044b8c50697db34
Vcs-Git-Ref: refs/heads/backport-lp2127122-questing

More information about the Questing-changes mailing list