FTR, I got OOPS-19e1f6d2b782c10bafdc13447cecb2bd, so I "re-released"
both Oracular and Noble since it didn't tell me which the OOPS was for.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2097546
Title
This bug was fixed in the package valkey - 7.2.8+dfsg1-0ubuntu0.24.10.1
---
valkey (7.2.8+dfsg1-0ubuntu0.24.10.1) oracular; urgency=medium
* New upstream version 7.2.8 (LP: #2097546)
- Security fixes:
+ CVE-2024-46981: Lua script commands may lead to remote code
ex
This bug was fixed in the package valkey - 7.2.8+dfsg1-0ubuntu0.24.04.1
---
valkey (7.2.8+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 7.2.8 (LP: #2097546)
- Security fixes:
+ CVE-2024-46981: Lua script commands may lead to remote code
execu
Builds and autopkgtests finally finished and succeeded, all look good.
Also verified installations with
$ lxc launch ubuntu-daily:oracular test-oracular -c security.nesting=true
$ lxc exec test-oracular bash
$ apt update
$ apt upgrade
$ cat
FTR:
$ sru-review --no-browser --no-diff -s oracular valkey
Accept the package into -proposed? [yN] y
Accepted
Success: task
https://bugs.launchpad.net/ubuntu/oracular/+source/valkey/+bug/2097546
in bug 2097546
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/lazr/restfu
Thanks for reviewing this Robie!
Yeah plucky is good to go, marked fix-released :)
For the security pocket the security team is planning on a no-change
rebuild once this is released to updates. I just have to ping them once
that happens
** Changed in: valkey (Ubuntu)
Status: In Progress =
I assume that this should be Fix Released for the development release -
the issues being fixed by this update are already fixed in your recent
merge for Plucky?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Considering the requirements at
https://documentation.ubuntu.com/sru/en/latest/reference/requirements/#new-
upstream-microreleases, looks like upstream CI is running against the
PRs referenced, you've spoken to upstream test coverage, the tests are
running during the package build, and dep8 coverag
** Description changed:
[Impact]
Various bugs exist in the current Ubuntu version of Valkey in Noble and
Oracular, including 2 CVEs. They are
(CVE-2024-46981) Lua script commands may lead to remote code execution.
(CVE-2024-51741) Denial-of-service due to malformed ACL selectors.
** Merge proposal linked:
https://code.launchpad.net/~lvoytek/ubuntu/+source/valkey/+git/valkey/+merge/481101
** Merge proposal linked:
https://code.launchpad.net/~lvoytek/ubuntu/+source/valkey/+git/valkey/+merge/481102
--
You received this bug notification because you are a member of Ub
** Also affects: valkey (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: valkey (Ubuntu Oracular)
Importance: Undecided
Status: New
** Changed in: valkey (Ubuntu Noble)
Status: New => In Progress
** Changed in: valkey (Ubuntu Oracular)
Status: N
11 matches
Mail list logo
