Source: redis Version: 5:8.0.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for redis. CVE-2025-48367[0]: | Redis is an open source, in-memory database that persists on disk. | An unauthenticated connection can cause repeated IP protocol errors, | leading to client starvation and, ultimately, a denial of service. | This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-48367 https://www.cve.org/CVERecord?id=CVE-2025-48367 [1] https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq [2] https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
