This bug was fixed in the package valkey - 7.2.8+dfsg1-0ubuntu0.24.04.1
---------------
valkey (7.2.8+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 7.2.8 (LP: #2097546)
- Security fixes:
+ CVE-2024-46981: Lua script commands may lead to remote code
execution.
+ CVE-2024-51741: Denial-of-service due to malformed ACL
selectors.
- Bug fixes:
+ Fix extra memory use when storing strings in inline protocol.
+ Fix error message when FUNCTION KILL is used on a script.
+ Fix last accessed time update using TOUCH with CLIENT NO-TOUCH
option.
-- Lena Voytek <lena.voy...@canonical.com> Thu, 06 Feb 2025 08:58:24
-0500
** Changed in: valkey (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46981
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-51741
** Changed in: valkey (Ubuntu Oracular)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2097546
Title:
Update Valkey to 7.2.8 in noble and oracular
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2097546/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
