Debian Patches
Status for redis/5:8.0.2-3+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| debian-packaging/0001-Set-Debian-configuration-defaults.patch | Set Debian configuration defaults | Chris Lamb <lamby@debian.org> | not-needed | 2017-10-10 | ||
| 0001-Fix-FTBFS-on-kFreeBSD.patch | Fix FTBFS on kFreeBSD | Chris Lamb <lamby@debian.org> | no | 2015-10-30 | ||
| 0002-Add-CPPFLAGS-to-upstream-makefiles.patch | Add CPPFLAGS and CXXFLAGS to upstream makefiles . |
Chris Lamb <lamby@debian.org> | no | 2015-10-30 | ||
| 0003-Use-get_current_dir_name-over-PATHMAX.patch | Use get_current_dir_name over PATHMAX, etc. | Chris Lamb <lamby@debian.org> | no | 2018-01-24 | ||
| 0004-Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch | Add support for USE_SYSTEM_JEMALLOC flag. | Chris Lamb <lamby@debian.org> | yes | 2025-05-09 | ||
| 0005-CVE-2025-32023.patch | Fix out of bounds write in hyperloglog commands (CVE-2025-32023) | "debing.sun" <debing.sun@redis.com> | no | 2025-05-07 | ||
| 0006-CVE-2025-48367.patch | Retry accept() even if accepted connection reports an error (CVE-2025-48367) In case of accept4() returns an error, we should check errno value and decide if we should retry accept4() without waiting next event loop iteration. |
Ozan Tezcan <ozantezcan@gmail.com> | no | 2025-05-14 | ||
| 0007-Add-Redis-ver.-REDIS_VERSION-to-LOLWUT-8-output-as-a.patch | Add "Redis ver. $REDIS_VERSION" to LOLWUT 8 output as a some testsuites were relying on it. eg. python-redis (https://github.com/redis/redis-py/blob/master/tests/test_commands.py#L1092) |
Chris Lamb <lamby@debian.org> | yes | 2025-07-14 | ||
| 0008-CVE-2025-49844.patch | Lua script may lead to remote code execution (CVE-2025-49844) | Mincho Paskalev <minchopaskal@gmail.com> | no | 2025-06-23 | ||
| 0009-CVE-2025-46819.patch | LUA out-of-bound read (CVE-2025-46819) | Ozan Tezcan <ozantezcan@gmail.com> | no | 2025-06-23 | ||
| 0010-CVE-2025-46818.patch | Lua script can be executed in the context of another user (CVE-2025-46818) | Ozan Tezcan <ozantezcan@gmail.com> | no | 2025-06-23 | ||
| 0011-CVE-2025-46817.patch | Lua script may lead to integer overflow and potential RCE (CVE-2025-46817) | Ozan Tezcan <ozantezcan@gmail.com> | no | 2025-06-23 | ||
| 0012-CVE-2025-67733.patch | Strip CRLF from error and simple string replies (#826) Because in some cases, the client put \r\n in the command parameters. When Redis returns these parameters to the client via an error reply, the presence of \r\n in the middle can cause the client to only parse the portion before the \r\n when handling the error reply. This disrupts the protocol parsing and ultimately causes the connection to become stuck. [Backport from https://github.com/redis/redis/commit/6910256443c74057e0d83e08c61ea0021774fa6f] [Adapted for redis-8.0.2: - `addReplyErrorSdsSafe` already exists in redis-8.0.2 src/networking.c and src/server.h, so the networking.c hunk only adds the new `addReplyErrorSdsExSafe` and `addReplyStatusSafe` helpers and the addReplyStatusFormat CRLF-stripping, and the server.h hunk only adds declarations for the two new helpers (the existing `addReplyErrorSdsSafe` declaration is left in place). - Hunk offsets/context in src/functions.c, src/script_lua.c, src/module.c, tests/modules/reply.c, tests/unit/functions.tcl, tests/unit/moduleapi/reply.tcl and tests/unit/scripting.tcl adjusted for redis-8.0.2 line numbering. Fix logic byte-identical to upstream.] |
"debing.sun" <debing.sun@redis.com> | no | 2025-12-28 | ||
| 0013-CVE-2026-21863.patch | Fix for [CVE-2026-21863] Remote DoS with malformed Valkey Cluster bus message [Backport from Valkey upstream commit https://github.com/valkey-io/valkey/commit/416939303d2550aefff73ac180f41b84c12ba6c0 (no Redis-upstream commit exists for this CVE; Valkey is a fork of Redis with closely shared cluster code).] [Adapted for redis-8.0.2: - The validation lives inline in clusterProcessPacket() rather than in a separate clusterIsValidPacket(); on a malformed packet redis-8.0.2 returns 1 (drop packet, keep the link) instead of 0. - The local `extlen` in this block is `uint16_t` in redis-8.0.2, not `uint32_t`; surrounding context lines were updated accordingly. - The serverLog() messages, the two new checks (gossip count and extension header bounds) and the new test file tests/unit/cluster/packet.tcl are byte-identical to upstream.] |
Roshan Khatri <rvkhatri@amazon.com> | no | 2026-02-23 |
All known versions for source package 'redis'
- 5:8.6.3-1 (experimental)
- 5:8.0.6-2 (sid)
- 5:8.0.6-1 (forky)
- 5:8.0.2-3+deb13u2 (trixie-security)
- 5:8.0.2-3+deb13u1 (trixie)
- 5:7.0.15-1~deb12u7 (bookworm-security)
- 5:7.0.15-1~deb12u6 (bookworm)