This bug was fixed in the package valkey - 7.2.8+dfsg1-0ubuntu0.24.04.1 --------------- valkey (7.2.8+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 7.2.8 (LP: #2097546) - Security fixes: + CVE-2024-46981: Lua script commands may lead to remote code execution. + CVE-2024-51741: Denial-of-service due to malformed ACL selectors. - Bug fixes: + Fix extra memory use when storing strings in inline protocol. + Fix error message when FUNCTION KILL is used on a script. + Fix last accessed time update using TOUCH with CLIENT NO-TOUCH option. -- Lena Voytek <lena.voy...@canonical.com> Thu, 06 Feb 2025 08:58:24 -0500 ** Changed in: valkey (Ubuntu Noble) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46981 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-51741 ** Changed in: valkey (Ubuntu Oracular) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097546 Title: Update Valkey to 7.2.8 in noble and oracular To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2097546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs