Source: valkey
Version: 8.1.1+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for valkey.

CVE-2025-27151[0]:
| Redis is an open source, in-memory database that persists on disk.
| In versions starting from 7.0.0 to before 8.0.2, a stack-based
| buffer overflow exists in redis-check-aof due to the use of memcpy
| with strlen(filepath) when copying a user-supplied file path into a
| fixed-size stack buffer. This allows an attacker to overflow the
| stack and potentially achieve code execution. This issue has been
| patched in version 8.0.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-27151
https://www.cve.org/CVERecord?id=CVE-2025-27151
[1] https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
[2] https://github.com/valkey-io/valkey/commit/73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Control: tags 1106824 + patch
Control: tags 1106824 + pending


Dear maintainer,

I've prepared an NMU for valkey (versioned as 8.1.1+dfsg1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should cancel it.

There is a MR prepared as well on the packaging repo as per https://salsa.debian.org/debian/valkey/-/merge_requests/8

Regards,
Salvatore

diffstat for valkey-8.1.1+dfsg1 valkey-8.1.1+dfsg1

changelog | 8 ++
patches/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch | 39 ++++++++++
patches/series | 1
3 files changed, 48 insertions(+)

diff -Nru valkey-8.1.1+dfsg1/debian/changelog valkey-8.1.1+dfsg1/debian/changelog
--- valkey-8.1.1+dfsg1/debian/changelog 2025-04-28 20:49:27.000000000 +0200
+++ valkey-8.1.1+dfsg1/debian/changelog 2025-06-09 10:47:39.000000000 +0200
@@ -1,3 +1,11 @@
+valkey (8.1.1+dfsg1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Check length of AOF file name in valkey-check-aof (CVE-2025-27151)
+ (Closes: #1106824)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 09 Jun 2025 10:47:39 +0200 +
valkey (8.1.1+dfsg1-1) unstable; urgency=medium

* New upstream release.
diff -Nru valkey-8.1.1+dfsg1/debian/patches/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch valkey-8.1.1+dfsg1/debian/patches/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch
--- valkey-8.1.1+dfsg1/debian/patches/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch 1970-01-01 01:00:00.000000000 +0100
+++ valkey-8.1.1+dfsg1/debian/patches/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch 2025-06-09 10:47:39.000000000 +0200
@@ -0,0 +1,39 @@
+From: Madelyn Olson <madelyn

Processing control commands:

tags 1106824 + patch

Bug #1106824 [src:valkey] valkey: CVE-2025-27151
Added tag(s) patch.

tags 1106824 + pending

Bug #1106824 [src:valkey] valkey: CVE-2025-27151
Added tag(s) pending.

--
1106824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106824
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Mon, 09 Jun 2025 12:49:07 +0000
with message-id <E1uObw3-009syp-3w@fasolo.debian.org>
and subject line Bug#1106824: fixed in valkey 8.1.1+dfsg1-1.1
has caused the Debian Bug report #1106824,
regarding valkey: CVE-2025-27151
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1106824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106824
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 30 May 2025 05:15:39 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
(2024-03-25) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-9.5 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
KHOP_HELO_FCRDNS,MD5_SHA1_SUM,PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,
SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 61; spammy,
0. spammytokens: hammytokens:0.000-+--H*F:U*carnil,
0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan,
0.000-+--H*M:reportbug
Return-path: <carnil@debian.org>
Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:46986 helo=eldamar.lan)
by buxtehude.debian.org with esmtp (Exim 4.96)
(envelope-

Hi Lucas,

On Mon, Jun 09, 2025 at 08:42:57AM -0300, Lucas Kanashiro wrote:

On Mon, 2025-06-09 at 11:04 +0200, Salvatore Bonaccorso wrote:

I've prepared an NMU for valkey (versioned as 8.1.1+dfsg1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should cancel it.

There is a MR prepared as well on the packaging repo as per https://salsa.debian.org/debian/valkey/-/merge_requests/8

Thanks for preparing this update Salvatore. I already merged the above
and we can move on with the NMU.

Thank you so much! I have rescheduled it now as well to get it earlier
into unstable and for trixie.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)