-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Jul 2025 13:01:37 -0700
Source: redis
Binary: redis-sentinel redis-server redis-tools redis-tools-dbgsym
Architecture: arm64
Version: 5:7.0.15-1~deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 redis-sentinel - Persistent key-value database with network interface (monitoring)
 redis-server - Persistent key-value database with network interface
 redis-tools - Persistent key-value database with network interface (client)
Closes: 1106822 1108975 1108981
Changes:
 redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high
 .
   * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof
     caused by the use of memcpy with strlen(filepath) when copying a
     user-supplied file path into a fixed-size stack buffer. This allowed an
     attacker to overflow the stack and potentially achieve arbitrary code
     execution. (Closes: #1106822)
   * CVE-2025-32023: An authenticated user may have used a specially-crafted
     string to trigger a stack/heap out-of-bounds write during hyperloglog
     operations, potentially leading to remote code execution. Installations
     that used Redis' ACL system to restrict hyperloglog "HLL" commands are
     unaffected by this issue. (Closes: #1108975)
   * CVE-2025-48367: An unauthenticated connection could have caused repeated IP
     protocol errors, leading to client starvation and ultimately become a
     Denial of Service (DoS) attack. (Closes: #1108981)
Checksums-Sha1:
 19e943d8d86d2c5074d8295ff3dac389ef49cada 34252 redis-sentinel_7.0.15-1~deb12u5_arm64.deb
 2cfa2a3049edc0ee4515700c4008d52d5ad87c90 73048 redis-server_7.0.15-1~deb12u5_arm64.deb
 c690a78192ef1c5ec94019215de13c217db4d1ea 2750908 redis-tools-dbgsym_7.0.15-1~deb12u5_arm64.deb
 5b36671dc43bc5faeece0069d7196efd335af357 897744 redis-tools_7.0.15-1~deb12u5_arm64.deb
 dda5ed43d7b714c79af603aa122e53535a95aebe 7739 redis_7.0.15-1~deb12u5_arm64-buildd.buildinfo
Checksums-Sha256:
 6b1833c492082bbbfbd072bf0de9b1fdfae0b2b64adf3baf3d5a04954492e5a0 34252 redis-sentinel_7.0.15-1~deb12u5_arm64.deb
 663481158f124064117a5a5ea10899f68c3ff5b30ae1692652dd3a8bbbbac2c3 73048 redis-server_7.0.15-1~deb12u5_arm64.deb
 bd0a4681e87bd2b5d2832cf2205acae7d32f0e16319df881a9fccb13e1b68c86 2750908 redis-tools-dbgsym_7.0.15-1~deb12u5_arm64.deb
 1a779e1fd112c6bb9ee5d55c3ed0b117c3c039acccc3a751ffc73bcdd2517fcd 897744 redis-tools_7.0.15-1~deb12u5_arm64.deb
 83a63ab3b2bdb376bc546d44adf30ff37be8098fc64c64034b4cfabe3cd4d2f2 7739 redis_7.0.15-1~deb12u5_arm64-buildd.buildinfo
Files:
 9bd7f850682006b3eb91646d930992ca 34252 database optional redis-sentinel_7.0.15-1~deb12u5_arm64.deb
 67bb00cde32b14ccf4e971cd7c39019a 73048 database optional redis-server_7.0.15-1~deb12u5_arm64.deb
 b86ef81693b04250190aac10bfd5ce50 2750908 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_arm64.deb
 cbd08f08eac09c83efd435da4824607d 897744 database optional redis-tools_7.0.15-1~deb12u5_arm64.deb
 7c9a64bf09fca014b146dcbae49c771c 7739 database optional redis_7.0.15-1~deb12u5_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmiH/NMACgkQS/ZIXkV8
oLA3DA//dBs1nwkcp3Bm1EnrFpvakuGH+P2Qgfs6hmkfz4L3UJRysM7gpV/mlQwe
X28DFVcvJLjuT3x++FGV2aLhXHOFoFP74f70Gu6sOstcENFkH7nhlPWmXAEXfwE/
PZMkCO5mP340JDQR53kpYMwzkYuJAgv44aCxftcDijX+l0TQbj/A/OhlyagbiJPW
u5mfPz4BPpi7vz0F2NsjT9QEijdsUJDNlYIu8nN2DKxYDY5nM45YDa1LH9mmnXBi
7V8bDTEQFj9wTl9khra8/k1g0TRratfI5VPRp2WFDrArMFBBCQmEtFR8+sa+XLS5
3exkFxVYJlBODaPRktnzrNhRBOVhCrPgq1buG3lQgmlsBaJ5Vz4Sl+MOimfRFQXK
XcxTltHaCQXR8GvhKyd1f/V3xoLQwrNCVzSpCGSsfO3VMwEzqHpjI/sp3lrJoejL
Yxfcb1QA3dkJpJ/KaL3JOHePCvnuQDYrOwlW3YxhoDZ7RA/oL4NdJOXH8wGe9tGQ
U/4TGYlyHKN1u09SDSmVj09zslepE0o7XUEg6VSBHtZOcuoBTarYLf0MJLzcVwwj
FUgfS0DM1AMBkiZap3FCRYNqdlTNsU72VaS/MKRNtcATr10D2/bIlJ2/32MZIMdb
y7I0gkJGIRW2XDfpGZdPuNxNu3WzeLJ8393Q880LYkC0RKpd/9A=
=To//
-----END PGP SIGNATURE-----